Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.6.19.29 par Nicolas Coolman, Update du 18/06/2013
Run by norbert at 21/06/2013 17:04:13
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385 (Defaut)
GCIE: Google Chrome v27.0.1453.116
OBIE: Safari v5.34.57.2
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 64-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 9YQTR
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
avast! Free Antivirus v7.0.1426.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.2.0223.1
Windows Defender W7
---\\ System Optimizer
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 ActiveX
Adobe Reader XI
---\\ System Information
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (58% free)
System Restore: Activ� (Enable)
System drive C: has 11 GB (9%) free of 116 GB
---\\ Logged in mode
~ Computer Name: NORBERT-PC
~ User Name: norbert
~ All Users Names: norbert, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\norbert\AppData\Roaming\
~ %Desktop% : C:\Users\norbert\Desktop\
~ %Favorites% : C:\Users\norbert\Favorites\
~ %LocalAppData% : C:\Users\norbert\AppData\Local\
~ %StartMenu% : C:\Users\norbert\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 11 Go of 116 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 329 Go of 330 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 07:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8523338F749AC8C5300C125BC4B08275] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/03/2013 - 06:49:19.) -- C:\Windows\System32\wininet.dll [1198080]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.17/08/2010 - 19:36:45.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioth�que de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12/04/2013 - 15:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/517
~ Mes musiques (My Musics) : 1/166
~ Mes Favoris (My Favorites) : 1/34
~ Mes Documents (My Documents) : 1/45
~ Mon Bureau (My Desktop) : 1/2892
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 04s
---\\ Processus lanc�s
[MD5.F4DCD4912B185C3AAEB92A7040832AD1] - (.Pas de propri�taire - ALU.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [51768] [PID.2100]
[MD5.852EE4F61139A1B3F44EDAA0D5B3FC14] - (...) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [53888] [PID.2132]
[MD5.868E3486E7EC522330344152A5535783] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [305720] [PID.2148]
[MD5.BDD790326FABC31FB635130810245062] - (.Pas de propri�taire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440] [PID.2508]
[MD5.37DEB76A2CF005841C4E45DE2B94D84F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3058304] [PID.2988]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.2748]
[MD5.782FEF655DBF8653C9F2722BEBF7A8A6] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4241512] [PID.4068]
[MD5.58D926F3B2113BF849162C9C26FE21DC] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [672912] [PID.3848]
[MD5.1DAC4ABDD489EF891A924F4954C13172] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [277104] [PID.4952]
[MD5.FCB358973491095D026BB289EA5CC75A] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [115712] [PID.2604]
[MD5.44BA6701B36DE1F6C0661E732080ADCF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7521280] [PID.2772]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1412]
[MD5.7C157574A181B19B9DCF5F339E25337E] - (.Pas de propri�taire - GFNEXSrv.) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208] [PID.1440]
[MD5.4041D31508A2A084DFB42C595854090F] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44768] [PID.1484]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1768]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1788]
[MD5.65608C44E71D7BA056C9EFCD8A00A7FE] - (.Microsoft Corp. - Bing Desktop updating service.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192] [PID.1852]
[MD5.9E897C2438BF9A48EE8F01076C403DA8] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe [182912] [PID.2516]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe [2488888] [PID.2864]
[MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe [113208] [PID.2944]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe [174648] [PID.3000]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\norbert\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 8 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: (no name) [64Bits] - {d5f79f97-94aa-439c-9f38-54a9298600e5} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [BingDesktop] . (.Microsoft Corp. - Bing Desktop Application.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Microsoft Office Excel 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
O4 - GS\TaskBar: Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
O4 - GS\TaskBar: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\norbert\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - GS\QuickLaunch: Apple Safari.lnk . (...) -- C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Winamp.lnk . (.Nullsoft, Inc. - Winamp.) -- C:\Program Files (x86)\Winamp\winamp.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - Global Startup: C:\Users\norbert\Desktop\Aller sur MSN.fr.url . (.Skype Technologies S.A. - Skype.) -- C:\Users\norbert\Desktop\Aller sur MSN.fr.url
O4 - GS\Desktop: DVDVideoSoft Free Studio.lnk . (.DvdVideoSoft Ltd. - FreeStudioManager.) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe
O4 - Global Startup: C:\Users\norbert\Desktop\D�couvrez Hotmail.url . (.DvdVideoSoft Ltd. - FreeStudioManager.) -- C:\Users\norbert\Desktop\D�couvrez Hotmail.url
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop: Ordinateur - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop: Windows Live Messenger.lnk . (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
~ Global Startup: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpNameServer = 192.168.254.1 192.168.254.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpDomain = solutek.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpNameServer = 192.168.254.1 192.168.254.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpDomain = solutek.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpNameServer = 192.168.254.1 192.168.254.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpDomain = solutek.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1 192.168.254.2
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{76AEE4B6-CE8A-4502-B384-C4FA202CC3F0}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7A8CFA46-941E-4A86-B854-662A58F662B6}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C0BBE1D5-A962-4AFF-AB5D-43D1581FA1E0}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F5057DC6-312A-441B-BFAD-07716B5B1BD1}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 05s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\IncrediMail]
~ Key Software: 157 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/01/2011 - 08:48:12 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 10/01/2011 - 08:46:14 - [0,023] ----D C:\ProgramData\IncrediMail
O43 - CFD: 17/10/2012 - 20:33:09 - [0,099] ----D C:\Users\norbert\AppData\Roaming\Shareaza
O43 - CFD: 11/01/2011 - 19:15:26 - [54,117] ----D C:\Users\norbert\AppData\Local\IM
O43 - CFD: 08/01/2012 - 11:22:17 - [0] ----D C:\Users\norbert\AppData\Local\Shareaza
~ 278 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 463 Legitimates Filtered in 00mn 26s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.33355434198F2C09A40A27D1E0A717AF] - 18/06/2013 - 08:54:17 ---A- . (...) -- C:\Windows\SysNative\prfc0404.dat [116342]
O44 - LFC:[MD5.4B8CB56C10F0FBB4EE21CF734345BDA4] - 18/06/2013 - 08:54:17 ---A- . (...) -- C:\Windows\SysNative\prfc0816.dat [144906]
O44 - LFC:[MD5.215AE10010A60A5E072B54AC49425AA7] - 18/06/2013 - 08:54:17 ---A- . (...) -- C:\Windows\SysNative\prfh0404.dat [395034]
O44 - LFC:[MD5.BB130E734F7B549518717516627F62DF] - 18/06/2013 - 08:54:17 ---A- . (...) -- C:\Windows\SysNative\prfh0816.dat [700386]
O44 - LFC:[MD5.33355434198F2C09A40A27D1E0A717AF] - 18/06/2013 - 08:54:17 RSHAD . (...) -- C:\Windows\System32\prfc0404.dat [116342]
O44 - LFC:[MD5.4B8CB56C10F0FBB4EE21CF734345BDA4] - 18/06/2013 - 08:54:17 RSHAD . (...) -- C:\Windows\System32\prfc0816.dat [144906]
O44 - LFC:[MD5.215AE10010A60A5E072B54AC49425AA7] - 18/06/2013 - 08:54:17 RSHAD . (...) -- C:\Windows\System32\prfh0404.dat [395034]
O44 - LFC:[MD5.BB130E734F7B549518717516627F62DF] - 18/06/2013 - 08:54:17 RSHAD . (...) -- C:\Windows\System32\prfh0816.dat [700386]
O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 17/06/2013 - 13:22:04 ---A- . (...) -- C:\Windows\diagerr.xml [1908]
O44 - LFC:[MD5.16EDC8540B951620E64DC656CA954381] - 17/06/2013 - 13:22:04 ---A- . (...) -- C:\Windows\diagwrn.xml [2622]
O44 - LFC:[MD5.07B9A02E29D6A41B051876030B61B205] - 13/06/2013 - 13:43:21 ---A- . (...) -- C:\Windows\ntbtlog.txt [395742]
O44 - LFC:[MD5.503F58A2054453521E92E876EB50A0E2] - 11/06/2013 - 16:05:39 ---A- . (...) -- C:\WinUpdateFix.txt [1286]
O44 - LFC:[MD5.B200508C361F341A25935816294330FC] - 07/06/2013 - 14:09:52 ---A- . (...) -- C:\Windows\IE9_main.log [15192]
~ Files: 59 Legitimates Filtered in 00mn 24s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\AmIcoSinglun64 [Key] . (.AlcorMicro Co., Ltd. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O53 - SMSR:HKLM\...\startupreg\Hiyo [Key] . (...) -- C:\Program Files (x86)\HiYo\bin\HiYo.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Magentic [Key] . (...) -- C:\Program Files (x86)\Magentic\bin\Magentic.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\MobileDocuments [Key] . (...) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Setwallpaper [Key] . (...) -- c:\programdata\SetWallpaper.cmd (.not file.)
~ SMSR Keys: 26 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {4399BB5B-4A79-4CEE-ABC0-7A0483AC0223} [DefaultScope] - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {FD1D6973-B94F-47E2-971E-FC8C56677C7F} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][24/12/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.718D8BD731B457E7A387AD66A4601F61] [SPRF][18/06/2013] (...) -- C:\Users\norbert\AppData\Local\Temp\ICReinstall_7z920.exe [605576]
[MD5.8377FA7E5AFE48D93BD646446EFD22D8] [SPRF][12/01/2011] (.Pas de propri�taire - Photo Notifier and Animation Creator Installer.) -- C:\Users\norbert\Desktop\pnac_install.exe [444240]
~ Files: Scanned in 00mn 04s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{A073D531-AB2F-409E-9567-0BFA06E46020}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{17E037BA-8D04-4570-98D1-8F37FB2BE025}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{A740BEFF-791F-452C-BA9D-86DA44B1C59F}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{2323AEF7-1FE0-46B8-B32F-FC0D2D2CE665}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{528D0B95-A7B1-4D0B-BC1D-C05F73668F0D}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{82A744E5-95E5-479C-AC41-B8F586A809AC}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{E0E22E96-C223-4E1C-82E6-60B27C6C3978}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{99C8B23E-E748-4A63-9108-86BEEFC2C2DF}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "TCP Query User{F8BB361F-432D-4F12-A4CE-1513EAB0AC66}C:\program files (x86)\shareaza\shareaza.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\shareaza\shareaza.exe (.not file.)
O87 - FAEL: "UDP Query User{75E4D1B4-B752-4146-B8EE-3713DD4213B7}C:\program files (x86)\shareaza\shareaza.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\shareaza\shareaza.exe (.not file.)
O87 - FAEL: "{B2DCC7D5-89A4-4CCB-A1C1-469C48C0A9E2}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{F3C4345A-6B38-41C6-87E7-BF4B0EEF3C80}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{3427553A-B43C-4C1A-B616-4C39FD191160}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{5C7B35FB-2789-4276-8E88-5D60483CC463}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
~ Firewall: 203 Legitimates Filtered in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : v2.12520 - (18/06/2013)
Cl�s trouv�es (Keys found) : 14
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
~ Additionnel Scan: 251471 Items scanned in 00mn 32s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 21/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 08/12/2009 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 11/12/2009 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 94208 | (ATKGFNEXSrv) . (...) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 07/03/2012 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 17/08/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/08/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/08/2010 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 18/02/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 05s
~ 1392 Legitimates filtered by white list
End of the scan (417 lines in 02mn 13s)(0)
Run by norbert at 21/06/2013 17:04:13
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385 (Defaut)
GCIE: Google Chrome v27.0.1453.116
OBIE: Safari v5.34.57.2
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 64-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 9YQTR
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
avast! Free Antivirus v7.0.1426.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.2.0223.1
Windows Defender W7
---\\ System Optimizer
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 ActiveX
Adobe Reader XI
---\\ System Information
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (58% free)
System Restore: Activ� (Enable)
System drive C: has 11 GB (9%) free of 116 GB
---\\ Logged in mode
~ Computer Name: NORBERT-PC
~ User Name: norbert
~ All Users Names: norbert, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\norbert\AppData\Roaming\
~ %Desktop% : C:\Users\norbert\Desktop\
~ %Favorites% : C:\Users\norbert\Favorites\
~ %LocalAppData% : C:\Users\norbert\AppData\Local\
~ %StartMenu% : C:\Users\norbert\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 11 Go of 116 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 329 Go of 330 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 07:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8523338F749AC8C5300C125BC4B08275] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/03/2013 - 06:49:19.) -- C:\Windows\System32\wininet.dll [1198080]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.17/08/2010 - 19:36:45.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioth�que de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12/04/2013 - 15:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/517
~ Mes musiques (My Musics) : 1/166
~ Mes Favoris (My Favorites) : 1/34
~ Mes Documents (My Documents) : 1/45
~ Mon Bureau (My Desktop) : 1/2892
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 04s
---\\ Processus lanc�s
[MD5.F4DCD4912B185C3AAEB92A7040832AD1] - (.Pas de propri�taire - ALU.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [51768] [PID.2100]
[MD5.852EE4F61139A1B3F44EDAA0D5B3FC14] - (...) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [53888] [PID.2132]
[MD5.868E3486E7EC522330344152A5535783] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [305720] [PID.2148]
[MD5.BDD790326FABC31FB635130810245062] - (.Pas de propri�taire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440] [PID.2508]
[MD5.37DEB76A2CF005841C4E45DE2B94D84F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3058304] [PID.2988]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.2748]
[MD5.782FEF655DBF8653C9F2722BEBF7A8A6] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4241512] [PID.4068]
[MD5.58D926F3B2113BF849162C9C26FE21DC] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [672912] [PID.3848]
[MD5.1DAC4ABDD489EF891A924F4954C13172] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [277104] [PID.4952]
[MD5.FCB358973491095D026BB289EA5CC75A] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [115712] [PID.2604]
[MD5.44BA6701B36DE1F6C0661E732080ADCF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7521280] [PID.2772]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1412]
[MD5.7C157574A181B19B9DCF5F339E25337E] - (.Pas de propri�taire - GFNEXSrv.) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208] [PID.1440]
[MD5.4041D31508A2A084DFB42C595854090F] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44768] [PID.1484]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1768]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1788]
[MD5.65608C44E71D7BA056C9EFCD8A00A7FE] - (.Microsoft Corp. - Bing Desktop updating service.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192] [PID.1852]
[MD5.9E897C2438BF9A48EE8F01076C403DA8] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe [182912] [PID.2516]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe [2488888] [PID.2864]
[MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe [113208] [PID.2944]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe [174648] [PID.3000]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\norbert\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 8 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: (no name) [64Bits] - {d5f79f97-94aa-439c-9f38-54a9298600e5} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [BingDesktop] . (.Microsoft Corp. - Bing Desktop Application.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Microsoft Office Excel 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
O4 - GS\TaskBar: Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
O4 - GS\TaskBar: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\norbert\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - GS\QuickLaunch: Apple Safari.lnk . (...) -- C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Winamp.lnk . (.Nullsoft, Inc. - Winamp.) -- C:\Program Files (x86)\Winamp\winamp.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - Global Startup: C:\Users\norbert\Desktop\Aller sur MSN.fr.url . (.Skype Technologies S.A. - Skype.) -- C:\Users\norbert\Desktop\Aller sur MSN.fr.url
O4 - GS\Desktop: DVDVideoSoft Free Studio.lnk . (.DvdVideoSoft Ltd. - FreeStudioManager.) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe
O4 - Global Startup: C:\Users\norbert\Desktop\D�couvrez Hotmail.url . (.DvdVideoSoft Ltd. - FreeStudioManager.) -- C:\Users\norbert\Desktop\D�couvrez Hotmail.url
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop: Ordinateur - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop: Windows Live Messenger.lnk . (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
~ Global Startup: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpNameServer = 192.168.254.1 192.168.254.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpDomain = solutek.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpNameServer = 192.168.254.1 192.168.254.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpDomain = solutek.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpNameServer = 192.168.254.1 192.168.254.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpDomain = solutek.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1 192.168.254.2
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{76AEE4B6-CE8A-4502-B384-C4FA202CC3F0}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7A8CFA46-941E-4A86-B854-662A58F662B6}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C0BBE1D5-A962-4AFF-AB5D-43D1581FA1E0}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F5057DC6-312A-441B-BFAD-07716B5B1BD1}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 05s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\IncrediMail]
~ Key Software: 157 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/01/2011 - 08:48:12 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 10/01/2011 - 08:46:14 - [0,023] ----D C:\ProgramData\IncrediMail
O43 - CFD: 17/10/2012 - 20:33:09 - [0,099] ----D C:\Users\norbert\AppData\Roaming\Shareaza
O43 - CFD: 11/01/2011 - 19:15:26 - [54,117] ----D C:\Users\norbert\AppData\Local\IM
O43 - CFD: 08/01/2012 - 11:22:17 - [0] ----D C:\Users\norbert\AppData\Local\Shareaza
~ 278 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 463 Legitimates Filtered in 00mn 26s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.33355434198F2C09A40A27D1E0A717AF] - 18/06/2013 - 08:54:17 ---A- . (...) -- C:\Windows\SysNative\prfc0404.dat [116342]
O44 - LFC:[MD5.4B8CB56C10F0FBB4EE21CF734345BDA4] - 18/06/2013 - 08:54:17 ---A- . (...) -- C:\Windows\SysNative\prfc0816.dat [144906]
O44 - LFC:[MD5.215AE10010A60A5E072B54AC49425AA7] - 18/06/2013 - 08:54:17 ---A- . (...) -- C:\Windows\SysNative\prfh0404.dat [395034]
O44 - LFC:[MD5.BB130E734F7B549518717516627F62DF] - 18/06/2013 - 08:54:17 ---A- . (...) -- C:\Windows\SysNative\prfh0816.dat [700386]
O44 - LFC:[MD5.33355434198F2C09A40A27D1E0A717AF] - 18/06/2013 - 08:54:17 RSHAD . (...) -- C:\Windows\System32\prfc0404.dat [116342]
O44 - LFC:[MD5.4B8CB56C10F0FBB4EE21CF734345BDA4] - 18/06/2013 - 08:54:17 RSHAD . (...) -- C:\Windows\System32\prfc0816.dat [144906]
O44 - LFC:[MD5.215AE10010A60A5E072B54AC49425AA7] - 18/06/2013 - 08:54:17 RSHAD . (...) -- C:\Windows\System32\prfh0404.dat [395034]
O44 - LFC:[MD5.BB130E734F7B549518717516627F62DF] - 18/06/2013 - 08:54:17 RSHAD . (...) -- C:\Windows\System32\prfh0816.dat [700386]
O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 17/06/2013 - 13:22:04 ---A- . (...) -- C:\Windows\diagerr.xml [1908]
O44 - LFC:[MD5.16EDC8540B951620E64DC656CA954381] - 17/06/2013 - 13:22:04 ---A- . (...) -- C:\Windows\diagwrn.xml [2622]
O44 - LFC:[MD5.07B9A02E29D6A41B051876030B61B205] - 13/06/2013 - 13:43:21 ---A- . (...) -- C:\Windows\ntbtlog.txt [395742]
O44 - LFC:[MD5.503F58A2054453521E92E876EB50A0E2] - 11/06/2013 - 16:05:39 ---A- . (...) -- C:\WinUpdateFix.txt [1286]
O44 - LFC:[MD5.B200508C361F341A25935816294330FC] - 07/06/2013 - 14:09:52 ---A- . (...) -- C:\Windows\IE9_main.log [15192]
~ Files: 59 Legitimates Filtered in 00mn 24s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\AmIcoSinglun64 [Key] . (.AlcorMicro Co., Ltd. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O53 - SMSR:HKLM\...\startupreg\Hiyo [Key] . (...) -- C:\Program Files (x86)\HiYo\bin\HiYo.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Magentic [Key] . (...) -- C:\Program Files (x86)\Magentic\bin\Magentic.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\MobileDocuments [Key] . (...) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Setwallpaper [Key] . (...) -- c:\programdata\SetWallpaper.cmd (.not file.)
~ SMSR Keys: 26 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {4399BB5B-4A79-4CEE-ABC0-7A0483AC0223} [DefaultScope] - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {FD1D6973-B94F-47E2-971E-FC8C56677C7F} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][24/12/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.718D8BD731B457E7A387AD66A4601F61] [SPRF][18/06/2013] (...) -- C:\Users\norbert\AppData\Local\Temp\ICReinstall_7z920.exe [605576]
[MD5.8377FA7E5AFE48D93BD646446EFD22D8] [SPRF][12/01/2011] (.Pas de propri�taire - Photo Notifier and Animation Creator Installer.) -- C:\Users\norbert\Desktop\pnac_install.exe [444240]
~ Files: Scanned in 00mn 04s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{A073D531-AB2F-409E-9567-0BFA06E46020}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{17E037BA-8D04-4570-98D1-8F37FB2BE025}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{A740BEFF-791F-452C-BA9D-86DA44B1C59F}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{2323AEF7-1FE0-46B8-B32F-FC0D2D2CE665}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{528D0B95-A7B1-4D0B-BC1D-C05F73668F0D}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{82A744E5-95E5-479C-AC41-B8F586A809AC}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{E0E22E96-C223-4E1C-82E6-60B27C6C3978}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "{99C8B23E-E748-4A63-9108-86BEEFC2C2DF}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.)
O87 - FAEL: "TCP Query User{F8BB361F-432D-4F12-A4CE-1513EAB0AC66}C:\program files (x86)\shareaza\shareaza.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\shareaza\shareaza.exe (.not file.)
O87 - FAEL: "UDP Query User{75E4D1B4-B752-4146-B8EE-3713DD4213B7}C:\program files (x86)\shareaza\shareaza.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\shareaza\shareaza.exe (.not file.)
O87 - FAEL: "{B2DCC7D5-89A4-4CCB-A1C1-469C48C0A9E2}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{F3C4345A-6B38-41C6-87E7-BF4B0EEF3C80}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.)
O87 - FAEL: "{3427553A-B43C-4C1A-B616-4C39FD191160}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
O87 - FAEL: "{5C7B35FB-2789-4276-8E88-5D60483CC463}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.)
~ Firewall: 203 Legitimates Filtered in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : v2.12520 - (18/06/2013)
Cl�s trouv�es (Keys found) : 14
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
~ Additionnel Scan: 251471 Items scanned in 00mn 32s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 21/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 08/12/2009 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 11/12/2009 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 94208 | (ATKGFNEXSrv) . (...) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 07/03/2012 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 17/08/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/08/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/08/2010 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 18/02/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 05s
~ 1392 Legitimates filtered by white list
End of the scan (417 lines in 02mn 13s)(0)