~ Rapport de ZHPDiag v2014.11.22.166 - Nicolas Coolman  (22/11/2014)
~ Lancé par canto.85 (23/11/2014 10:12:40)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17420
MFIE: Mozilla Firefox 33.1.1 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : HKCFH
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.0.3.1025
McAfee Security Scan Plus v3.0.318.3
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v4.19

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 15 Plugin
Adobe Reader XI

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3327.6 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 15 GB (13%) free of 111 GB

---\\ Mode de connexion au système
~ Computer Name: CANTO85-PC
~ User Name: canto.85
~ All Users Names: lfgqfgephx, HomeGroupUser$, canto.85, Administrateur, 
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\canto.85\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\canto.85\AppData\Roaming\
~ %Desktop% : C:\Users\canto.85\Desktop\
~ %Favorites% : C:\Users\canto.85\Favorites\
~ %LocalAppData% : C:\Users\canto.85\AppData\Local\
~ %StartMenu% : C:\Users\canto.85\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 15 Go of 111 Go)
D: Hard drive, Flash drive, Thumb drive (Free 91 Go of 117 Go)
E: Hard drive, Flash drive, Thumb drive (Free 116 Go of 228 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Not Inserted)
L: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.6DD7D61A8EF3DFEC4FAEFEB395E77424] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/11/2014 - 02:52:35.) -- C:\Windows\System32\wininet.dll [1892864]
[MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 02:39:27.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/13
~ Mes musiques (My Musics) : 1/119
~ Mes Favoris (My Favorites) : 0/63
~ Mes Documents (My Documents) : 0/2410
~ Mon Bureau (My Desktop) : 0/236
~ Menu demarrer (Programs) : 0/114
~ Hidden Files:  Scanned in 00mn 03s



---\\ Processus lancés
[MD5.F89773DFA9B8C95A3AC2AF1E7D99E483] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe   [7229752] [PID.4280]
[MD5.9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F] - (.Google - Google Desktop.) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe   [30192] [PID.1960]
[MD5.A2418D3C557C0A0C634DA713A8AC3789] - (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe   [205336] [PID.4852]
[MD5.28CE08B7BFED7586163957C6D942012A] - (.Pas de propriétaire - Printer Device Monitor.) -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe   [676520] [PID.5568]
[MD5.20ABFA7F188092C92573DAC2E6C7C6B7] - (.Lexmark International Inc. - Lexmark Fast Pics Application.) -- C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe   [131752] [PID.4428]
[MD5.1E85A77A3AA930C0681939A354D7EAA0] - (.Lexmark International, Inc. - Lexmark 1200 Series Button Manager.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe   [74408] [PID.5636]
[MD5.42E4E281D9646F15E5C4D0CFD61CE684] - (.Wondershare - Wondershare Studio.) -- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe   [2020192] [PID.3544]
[MD5.0F01BAC5042F046553D2EC0EE5E52B81] - (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe   [5075104] [PID.820]
[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [248552] [PID.5540]
[MD5.8ADDE007EC6220C41C7B10DB15A10BC8] - (.Lexmark International, Inc. - Lexmark 1200 Series Button Monitor.) -- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe   [58024] [PID.4668]
[MD5.BB6D3748D86BC02D55ADD8ADC1D07633] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files\BlueStacks\HD-Agent.exe   [835288] [PID.4696]
[MD5.4B9949208944C50B1A16FD1F05ED0A04] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe   [299008] [PID.5744]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\canto.85\AppData\Local\Facebook\Update\FacebookUpdate.exe   [138096] [PID.1284]
[MD5.12220BA871C6D7BAE08FFDD137BAB697] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Users\Public\temp\TeamViewer\Version9\TeamViewer.exe   [13559056] [PID.5344]
[MD5.1A42F95615006278BC60D88118A1B696] - (.FireStarter - PrtScr.) -- E:\Program Files\PrtScr\PrtScr.exe   [1700864] [PID.1292]
[MD5.DFB13D3470844B6770FFB87DFC9FD340] - (.Orange - MailNotifier.) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe   [884744] [PID.4200]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe   [7168] [PID.4996]
[MD5.550B8CB98A8FA1D7A1A7371055A38DDA] - (...) -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe   [265240] [PID.5428]
[MD5.7B1D16E62307390371535CB2F2329001] - (.Orange - Assistance Livebox.) -- C:\Program Files\Orange\Assistance Livebox\AssistanceLivebox.exe   [149824] [PID.5928]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe   [228552] [PID.4572]
[MD5.CB60C7455AC362CAA58458A613908B7F] - (...) -- C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe   [476056] [PID.4384]
[MD5.484B7846C119008DE39350B6952AF55D] - (.Orange - Executable Orange Inside.) -- C:\Users\canto.85\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe   [1554072] [PID.5460]
[MD5.D87E0BF2E8BB7E5C49E79F32F8FEAFC4] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe   [4826904] [PID.1164]
[MD5.A9950F1C63BA70151803C6F24CEE23F3] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe   [299008] [PID.7248]
[MD5.902054D6B4292329F9594FFF24EE02DB] - (...) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe   [680984] [PID.5880]
[MD5.EC60E6667477E8D816C47F5605799B20] - (.American Power Conversion Corporation - PowerChute System Tray Power Icon.) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe   [656640] [PID.8148]
[MD5.72EC207C0B943180A368DB4B16D92793] - (.Orange - Assistance Livebox.) -- C:\Program Files\Orange\Assistance Livebox\dist\ST2.exe   [13494592] [PID.6364]
[MD5.1F6EFF2536C8F773AEB53309FE52F5B8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [8130560] [PID.7016]
[MD5.072678E0D68E9C3A7960328671134C7B] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe   [54240] [PID.7316]
~ Processes Running:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\canto.85\AppData\Roaming\Mozilla\Firefox\Profiles\ecpio4ij.default\prefs.js (.not file.)
C:\Users\canto.85\AppData\Roaming\Mozilla\Firefox\Profiles\jif98jma.default-1415917771004\prefs.js
C:\Users\canto.85\AppData\Roaming\Mozilla\Firefox\Profiles\jif98jma.default-1415917771004\user.js
M2 - MFEP: Extension [canto.85 - ecpio4ij.default] {676ff95e-2211-4858-bcb9-811bda93b355}
M2 - MFEP: Extension [canto.85 - jif98jma.default-1415917771004] {676ff95e-2211-4858-bcb9-811bda93b355}
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.7] - (...) -- C:\Program Files\VideoLAN\VLC\npvlc.dll (.not file.)
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\canto.85\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll  =>.Facebook
~ Firefox Browser: 56 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://google.com
~ IE Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (114)
~ Hosts File:  Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: IE AdBlock - [HKLM]{BE1B1F92-AC2E-4AFB-BC9D-07FE272C1373} . (...) -- C:\Program Files\IE AdBlock\IE AdBlock.dll
O3 - Toolbar: Copernic Agent - [HKLM]{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} . (.Copernic Technologies Inc. - Copernic Agent Extensions.) -- C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [Google Desktop Search] . (.Google - Google Desktop.) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 
O4 - HKLM\..\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe   =>.Logitech Inc
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] . (.Logitech, Inc. - Logitech KHAL Main Process.) -- C:\Windows\KHALMNPR.exe 
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe   =>.Microsoft Corporation
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll 
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe 
O4 - HKLM\..\Run: [lxdumon.exe] . (.Pas de propriétaire - Printer Device Monitor.) -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe 
O4 - HKLM\..\Run: [EzPrint] . (.Lexmark International Inc. - Lexmark Fast Pics Application.) -- C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe 
O4 - HKLM\..\Run: [lxczbmgr.exe] . (.Lexmark International, Inc. - Lexmark 1200 Series Button Manager.) -- C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe 
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (.not file.) 
O4 - HKLM\..\Run: [WSHelperSetup.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe 
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe 
O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files\BlueStacks\HD-Agent.exe 
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [BroadCam] C:\Program Files\NCH Software\BroadCam\broadcam.exe (.not file.) 
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe   =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [AMD AVT] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\Cmd.exe   =>.Microsoft Corporation
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\canto.85\AppData\Local\Facebook\Update\FacebookUpdate.exe 
O4 - HKCU\..\Run: [Orange Installer] . (...) -- C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe 
O4 - HKCU\..\Run: [PrtScr by FireStarter] . (.FireStarter - PrtScr.) -- E:\Program Files\PrtScr\PrtScr.exe 
O4 - HKCU\..\Run: [MailNotifier] . (.Orange - MailNotifier.) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe 
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\canto.85\AppData\Local\Google\Update\GoogleUpdate.exe   =>.Google Inc
O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\canto.85\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe 
O4 - HKCU\..\Run: [Google+ Auto Backup] . (.Google Inc. - AutoBackup.) -- C:\Users\canto.85\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe 
O4 - HKCU\..\Run: [WSHelperSetup.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe 
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe   =>.Piriform Ltd
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-428732596-2343530912-3720614104-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\canto.85\AppData\Local\Facebook\Update\FacebookUpdate.exe 
O4 - HKUS\S-1-5-21-428732596-2343530912-3720614104-1001\..\Run: [Orange Installer] . (...) -- C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe 
O4 - HKUS\S-1-5-21-428732596-2343530912-3720614104-1001\..\Run: [PrtScr by FireStarter] . (.FireStarter - PrtScr.) -- E:\Program Files\PrtScr\PrtScr.exe 
O4 - HKUS\S-1-5-21-428732596-2343530912-3720614104-1001\..\Run: [MailNotifier] . (.Orange - MailNotifier.) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe 
O4 - HKUS\S-1-5-21-428732596-2343530912-3720614104-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\canto.85\AppData\Local\Google\Update\GoogleUpdate.exe   =>.Google Inc
O4 - HKUS\S-1-5-21-428732596-2343530912-3720614104-1001\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\canto.85\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe 
O4 - HKUS\S-1-5-21-428732596-2343530912-3720614104-1001\..\Run: [Google+ Auto Backup] . (.Google Inc. - AutoBackup.) -- C:\Users\canto.85\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe 
O4 - HKUS\S-1-5-21-428732596-2343530912-3720614104-1001\..\Run: [WSHelperSetup.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe 
O4 - HKUS\S-1-5-21-428732596-2343530912-3720614104-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe   =>.Piriform Ltd
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} -- C:\Program Files\Windows Live\Companion\companionres.dll (.not file.)
O9 - Extra button: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} -- Clé orpheline
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (.not file.)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBttnIE.dll  =>.Microsoft Corporation
O9 - Extra button: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} -- Clé orpheline
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} . (...) -- C:\Program Files\Copernic Agent\Web\IEToolbarHotIcon.ico
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBTTN~1.dll  =>.Microsoft Corporation
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} ((no name)) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} ((no name)) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100819150432
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} ((no name)) - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_2_1_0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} ((no name)) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{10FAF190-AF69-4998-8AF0-A40ED567A655}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{413E72C8-170B-4655-B776-C5311DE37F78}: DhcpNameServer = 62.201.142.102
O17 - HKLM\System\CCS\Services\Tcpip\..\{6210A022-1338-45A4-AA53-F131870B6F62}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD829269-F2E8-490E-81FF-3D4E9FAC71FF}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{10FAF190-AF69-4998-8AF0-A40ED567A655}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{413E72C8-170B-4655-B776-C5311DE37F78}: DhcpNameServer = 62.201.142.102
O17 - HKLM\System\CS1\Services\Tcpip\..\{6210A022-1338-45A4-AA53-F131870B6F62}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CD829269-F2E8-490E-81FF-3D4E9FAC71FF}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{10FAF190-AF69-4998-8AF0-A40ED567A655}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{413E72C8-170B-4655-B776-C5311DE37F78}: DhcpNameServer = 62.201.142.102
O17 - HKLM\System\CS2\Services\Tcpip\..\{6210A022-1338-45A4-AA53-F131870B6F62}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CD829269-F2E8-490E-81FF-3D4E9FAC71FF}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Google - Google Desktop.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
~ AppInit DLL:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: BroadCam Video Streaming Server (BroadCamService) . (...) - C:\Program Files\NCH Software\BroadCam\broadcam.exe (.not file.)
O23 - Service: CDMA Device Service (CDMA Device Service) . (.Pas de propriétaire - VIA Telecom Service.) - C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
O23 - Service: Dedicarz Service (Dedicarz Service) . (.Pas de propriétaire - DedicarzService.) - C:\Program Files\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
O23 - Service: Kinoni Service (KinoniSvc) . (...) - E:\EpocCam_and_Barcode_drivers\KinoniSvc.exe
O23 - Service: MySQL (MySQL) . (...) - D:\FILMS\wawamania films\SecureWAMP\mysql\bin\mysqld.exe
O23 - Service:  (Update service) . (.Company - Updater.) - C:\Program Files\Popcorn Time\Updater.exe
~ Services: 31 Legitimates Filtered in 00mn 10s



---\\ Tâches planifiées en automatique (O39)
[MD5.F16BE44F26B12CD8F47C4058BC8EE53C] [APT] [{618A2053-A4DF-4E91-87F2-DCBD6F41C1D4}] (...) -- E:\lexmark\drivers\1200\install\x86\Setup.exe   [303784]
[MD5.00000000000000000000000000000000] [APT] [{D6C8A8E8-F876-4091-9F74-22F545334D79}] (...) -- C:\Program Files\Opera\opera.exe (.not file.)   [0]
[MD5.235C127898A9AA40B74043E4C72DCA96] [APT] [{E45D03AE-668D-42CB-A8B2-03FCC9552325}] (...) -- E:\lexmark\drivers\1200\Setup.exe   [303784]
[MD5.00000000000000000000000000000000] [APT] [{EA267141-D22D-4412-89F4-9CDD8DC498C3}] (...) -- C:\Program Files\Teamspeak2_RC2\unins000.exe (.not file.)   [0]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [1002]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Google Software Updater   [1002]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf2976e2dbc513   [1054]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf8c4188e9925a   [1058]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-428732596-2343530912-3720614104-1001Core   [1038]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-428732596-2343530912-3720614104-1001UA   [1090]
~ Scheduled Task: 38 Legitimates Filtered in 00mn 10s



---\\ Logiciels installés (O42)
O42 - Logiciel: Apago PDF Enhancer 3.2 - (.Apago, Inc..) [HKLM] -- Apago PDF Enhancer
O42 - Logiciel: HipHop 0.4.6 - (.HipHop Team.) [HKCU] -- {F4B2C5C1-F084-4858-B9C3-E641F5C12BBC}_is1
O42 - Logiciel: MonFax version 1.1 - (.BJTPartners.) [HKLM] -- {990E3C48-747A-4B67-B0F6-48C2C7E38C90}_is1
O42 - Logiciel: Popcorn Time - (.Popcorn Time.) [HKLM] -- Popcorn Time_is1
O42 - Logiciel: ShareXmod 7.1.0.250 - (.ShareX Developers.) [HKLM] -- 82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1
O42 - Logiciel: V2014.5.2 - (.Didier Schmitt.) [HKLM] -- V2014.5.2
O42 - Logiciel: WIDGET PMU 1.1 - (.PMU.) [HKLM] -- WIDGET PMU
O42 - Logiciel: easyHDR PRO 2 - (...) [HKLM] -- easyHDR_PRO_2
~ Logic: 33 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\easyHDR_PRO_2]
[HKCU\Software\erxplorer]
[HKLM\Software\PronoSoft]
[HKLM\Software\erxplorer]
~ Key Software: 580 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/07/2012 - 20:52:08 - [] ----D C:\Program Files\MonFax
O43 - CFD: 04/01/2011 - 22:39:46 - [] ----D C:\Program Files\PDF Enhancer
O43 - CFD: 31/08/2014 - 09:31:09 - [] ----D C:\Program Files\Popcorn Time
O43 - CFD: 04/01/2011 - 22:40:37 - [] ----D C:\ProgramData\5600-6600 Series
O43 - CFD: 04/01/2011 - 22:40:41 - [] ----D C:\ProgramData\Apago
O43 - CFD: 11/04/2012 - 19:03:19 - [] ----D C:\ProgramData\IM
O43 - CFD: 03/05/2014 - 13:00:14 - [] ----D C:\ProgramData\SUPPORTDIR
O43 - CFD: 06/12/2012 - 20:01:34 - [] ----D C:\ProgramData\TonkyPonky
O43 - CFD: 21/10/2014 - 22:06:17 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gestion_Concours
O43 - CFD: 16/12/2013 - 20:25:33 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
O43 - CFD: 04/07/2012 - 20:52:08 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MonFax
O43 - CFD: 11/09/2011 - 10:50:29 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outil de mise à jour Google
O43 - CFD: 04/01/2011 - 22:41:14 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Enhancer
O43 - CFD: 14/05/2014 - 20:58:44 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Montage 2013
O43 - CFD: 18/06/2014 - 19:45:39 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
O43 - CFD: 25/10/2014 - 15:30:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de graphisme
O43 - CFD: 25/10/2014 - 15:29:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de vidéo
O43 - CFD: 03/11/2014 - 14:21:18 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureWAMP
O43 - CFD: 14/07/2009 - 10:00:22 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 25/10/2014 - 15:30:12 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
O43 - CFD: 21/10/2014 - 22:06:20 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIDGET PMU
O43 - CFD: 08/06/2014 - 09:24:52 - [] ----D C:\Users\canto.85\AppData\Roaming\HipHop
O43 - CFD: 20/12/2010 - 22:28:57 - [0] ----D C:\Users\canto.85\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 16/12/2013 - 20:28:09 - [] ----D C:\Users\canto.85\AppData\Local\013C5595-B6E6-49AB-AA6B-532511A89CA8.aplzod
O43 - CFD: 13/11/2014 - 22:44:07 - [] -SH-D C:\Users\canto.85\AppData\Local\EmieBrowserModeList
O43 - CFD: 08/06/2014 - 09:30:02 - [] ----D C:\Users\canto.85\AppData\Local\HipHop
O43 - CFD: 11/04/2012 - 20:47:16 - [] ----D C:\Users\canto.85\AppData\Local\IM
O43 - CFD: 19/04/2014 - 09:27:47 - [] ----D C:\Users\canto.85\AppData\Local\QupZilla
O43 - CFD: 21/10/2014 - 22:06:17 - [0] ----D C:\Users\canto.85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\easyHDR PRO 2
O43 - CFD: 17/06/2014 - 22:17:06 - [] ----D C:\Users\canto.85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
O43 - CFD: 08/06/2014 - 09:24:53 - [] ----D C:\Users\canto.85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HipHop
O43 - CFD: 08/11/2014 - 19:55:54 - [] ----D C:\Users\canto.85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes de graphisme
O43 - CFD: 25/10/2014 - 15:29:48 - [] ----D C:\Users\canto.85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes de vidéo
O43 - CFD: 01/08/2011 - 11:03:50 - [0] ----D C:\Users\canto.85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WIDGET PMU
~ 3 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 477 Legitimates Filtered in 00mn 05s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.A1965DFC0CD91E7CFC42925F8F597274] - 22/11/2014 - 23:29:44 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys   [34808]
O44 - LFC:[MD5.15FE29F7569060CE20EF0D60AA7D494A] - 23/11/2014 - 10:08:17 ---A- . (...) -- C:\Windows\System32\TempWmicBatchFile.bat   [29]
~ Files: 71 Legitimates Filtered in 00mn 23s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\AllShareAgent  [Key] . (...) -- C:\Program Files\Samsung\AllShare\AllShareAgent.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\DF Manager  [Key] . (...) -- D:\LOGICIELS\DF Manager\dfmanager.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Philips Device Listener  [Key] . (...) -- C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
O53 - SMSR:HKLM\...\startupreg\SuperCopier2.exe  [Key] . (...) -- C:\Program Files\SuperCopier2\SuperCopier2.exe (.not file.)
~ SMSR Keys: 35 Legitimates Filtered in 00mn 01s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=0
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:12/10/2006 - 10:33:58 ---A- . (...) -- C:\Windows\System32\Drivers\ASUSHWIO.SYS   [10288]
O58 - SDL:07/08/2009 - 07:42:36 ---A- . (...) -- C:\Windows\System32\Drivers\CAMTHWDM.sys   [1053056]
O58 - SDL:11/05/2010 - 11:00:34 ---A- . (.Windows (R) Win 7 DDK provider - CPUID Driver.) -- C:\Windows\System32\Drivers\cpuz133_x32.sys   [20072]
O58 - SDL:14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]
O58 - SDL:12/09/2012 - 09:33:46 ---A- . (.Windows (R) Win 7 DDK provider - Kinoni Virtual Audio Device.) -- C:\Windows\System32\Drivers\kinonivad.sys   [18432]
O58 - SDL:12/09/2012 - 09:33:52 ---A- . (.Windows (R) Win 7 DDK provider - AVStream Simulated Hardware Sample.) -- C:\Windows\System32\Drivers\kinonivd.sys   [2782080]
O58 - SDL:07/05/2010 - 18:43:30 ---A- . (...) -- C:\Windows\System32\Drivers\LVPr2Mon.sys   [25824]
O58 - SDL:20/07/2012 - 11:12:36 ---A- . (.ManyCam LLC - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv.sys   [25088]
O58 - SDL:20/07/2012 - 11:11:58 ---A- . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Windows\System32\Drivers\mcvidrv.sys   [34432]
O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys   [691696]
O58 - SDL:04/04/2010 - 13:01:51 ---A- . (...) -- C:\Windows\System32\Drivers\StarOpen.sys   [5632]
O58 - SDL:14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]
O58 - SDL:22/11/2014 - 23:29:44 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys   [34808]
O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys   [45056]
O58 - SDL:28/09/2009 - 09:22:00 ---A- . (...) -- C:\Windows\System32\Drivers\yk62x86.sys   [315392]
O58 - SDL:13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:07/04/2009 - 08:39:44 ---A- . (...) -- C:\Windows\System32\FsUsbExDisk.Sys   [36608]
O58 - SDL:13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
O58 - SDL:18/01/2012 - 14:55:56 ----- . (...) -- C:\Windows\System32\pwdrvio.sys   [16472]
O58 - SDL:18/01/2012 - 14:55:54 ----- . (...) -- C:\Windows\System32\pwdspio.sys   [11104]
~ Drivers: 113 Legitimates Filtered in 00mn 11s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Chromium> <Chromium>[HKLM\..\Shell\open\Command] (.SRWare - SRWare Iron.) -- C:\Program Files\SRWare Iron\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [canto.85 - jif98jma.default-1415917771004] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.18075B2C9F0F300BEE209744A8BEC353] [SPRF][05/01/2009] (...) -- C:\Windows\Downloaded Program Files\bdcore.dll   [32]
[MD5.169308DD5FBA9E9C34458248FBA135E4] [SPRF][28/05/2010] (...) -- C:\Windows\Downloaded Program Files\cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe   [99936]
[MD5.2B1C4C87EB20ADDBA59DCA975E28DFFB] [SPRF][05/01/2009] (...) -- C:\Windows\Downloaded Program Files\ipsupd.dll   [741376]
[MD5.18075B2C9F0F300BEE209744A8BEC353] [SPRF][05/01/2009] (...) -- C:\Windows\Downloaded Program Files\libfn.dll   [32]
[MD5.1B3C87DE7DDCFC23EDE7D41A49C7AC7C] [SPRF][17/05/2005] (.Winwise - WwGame.) -- C:\Windows\Downloaded Program Files\npwwg.dll   [300032]
~ Files: 11 Legitimates Filtered in 00mn 02s



---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: Photos iCloud - {F0D63F85-37EC-4097-B30D-61B4A8917118}
~ MNS: 1 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/11/2014 267440 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 07/09/2013 55624 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 10/07/1658 0 |  (BroadCamService) . (...) - C:\Program Files\NCH Software\BroadCam\broadcam.exe
SS - | Auto 13/08/2014 409304 |  (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-Service.exe
SS - | Demand 10/07/1658 0 |  (fsssvc) . (...) - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
SS - | Demand 19/02/2011 30192 |  (GoogleDesktopManager-051210-111108) . (.Google.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
SS - | Auto 19/10/2014 107912 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/10/2014 107912 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 26/08/2012 194032 |  (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 10/07/1658 0 |  (iPod Service) . (...) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 20/07/2009 121360 |  (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
SS - | Demand 14/11/2011 311928 |  (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SS - | Demand 15/11/2014 114288 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 15/09/2014 729608 |  (Orange update Core Service) . (.Orange SA.) - C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
SS - | Auto 23/10/2013 172192 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 31/08/2014 179200 |  (Update service) . (.Company.) - C:\Program Files\Popcorn Time\Updater.exe
SS - | Disabled 10/07/1658 0 |  (wlcrasvc) . (...) - C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
SR - | Auto 18/08/2011 819976 |  (ABBYY.Licensing.FineReader.Professional.11.0) . (.ABBYY.) - C:\Program Files\ABBYY FineReader 11\NetworkLicenseServer.exe
SR - | Auto 23/09/2012 171600 |  (AdobeActiveFileMonitor11.0) . (.Adobe Systems Incorporated.) - C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
SR - | Auto 12/09/2014 64704 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 16/11/2012 217088 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 05/11/2012 20992 |  (ApacheServer) . (.Apache Software Foundation.) - D:\FILMS\wawamania films\SecureWAMP\Apache2\bin\httpd.exe
SR - | Auto 19/07/2007 689408 |  (APC UPS Service) . (.American Power Conversion Corporation.) - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
SR - | Auto 30/08/2011 390504 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 13/08/2014 384728 |  (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
SR - | Auto 13/08/2014 777944 |  (BstHdUpdaterSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-UpdaterService.exe
SR - | Auto 02/08/2011 63488 |  (CDMA Device Service) . (...) - C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
SR - | Auto 23/12/2010 19968 |  (CronService) . (.Fork Ltd..) - C:\Prey\platform\windows\cronsvc.exe
SR - | Auto 17/10/2013 1970544 |  (Dedicarz Service) . (...) - C:\Program Files\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
SR - | Auto 24/02/2014 1343408 |  (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
SR - | Auto 12/09/2012 529408 |  (KinoniSvc) . (...) - E:\EpocCam_and_Barcode_drivers\KinoniSvc.exe
SR - | Auto 19/04/2007 537520 |  (lxcz_device) . (...) - C:\Windows\system32\lxczcoms.exe
SR - | Auto 16/10/2009 94208 |  (lxduCATSCustConnectService) . (.Lexmark International, Inc..) - C:\Windows\system32\spool\DRIVERS\W32X86\3\lxduserv.exe
SR - | Auto 16/10/2009 589824 |  (lxdu_device) . (...) - C:\Windows\system32\lxducoms.exe
SR - | Auto 01/10/2014 1871160 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 01/10/2014 968504 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 11/01/2013 8202752 |  (MySQL) . (...) - D:\FILMS\wawamania films\SecureWAMP\mysql\bin\mysqld.exe
SR - | Auto 25/03/2010 490280 |  (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 17/05/2011 366872 |  (PS3 Media Server) . (.Tanuki Software, Ltd..) - E:\PS3 Media Server\win32\service\wrapper.exe
SR - | Auto 12/09/2014 4799760 |  (TeamViewer9) . (.TeamViewer GmbH.) - C:\Users\Public\temp\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 18/01/2012 450848 |  (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 13s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys   [691696]
~ Emulateurs:  Scanned in 00mn 13s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (22/11/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}]   =>Toolbar.Orange
~ Additionnel Scan: 455106 Items scanned in 01mn 07s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/  =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/  =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/  =>.Applications lancées au démarrage du système (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
~ MSI: 0 link(s) detected in 00mn 00s



~ 1454 Legitimates filtered by white list
End of the scan (614 lines in 03mn 20s)(0)