cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2013.9.11.193 - Nicolas Coolman (11/09/2013)
~ Lanc� par Manzai (11/09/2013 21:30:06)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16660
MFIE: Mozilla Firefox 23.0.1 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 9WXVT
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du syst�me
avast! Internet Security v8.0.1497.0
Windows Defender W8

---\\ Logiciels d'optimisation du syst�me
CCleaner v4.04 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer
FrostWire 5.6.3 v5.6.3.5

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Java 7 Update 25

---\\ Informations sur le syst�me
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3911 MB (52% free)
System Restore: Activ� (Enable)
System drive C: has 365 GB (81%) free of 446 GB

---\\ Mode de connexion au syst�me
~ Computer Name: MANZAI
~ User Name: Manzai
~ All Users Names: Manzai, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\Manzai\AppData\Roaming\
~ %Desktop% : C:\Users\Manzai\Desktop\
~ %Favorites% : C:\Users\Manzai\Favorites\
~ %LocalAppData% : C:\Users\Manzai\AppData\Local\
~ %StartMenu% : C:\Users\Manzai\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enum�ration des unit�s disques
C:\ Hard drive, Flash drive, Thumb drive (Free 365 Go of 446 Go)
D:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)



---\\ Etat du Centre de S�curit� Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.AC155DD9BD1E6D3B740826A4D1C68AAE] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/07/2013 - 06:13:37.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioth�que de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parall�le.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de p�riph�rique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/49
~ Mes musiques (My Musics) : 1/22
~ Mes Videos (My Videos) : 2/1440
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 2/160
~ Mon Bureau (My Desktop) : 2/13
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lanc�s
[MD5.0EFF23C3D910380746D4F56BA5C746C4] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1192784] [PID.4048]
[MD5.E659E38D2D51DF5817C91D7386920C7E] - (.CyberLink - MediaEspresso DeviceDetector.) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [995856] [PID.2388]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.4696]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.4784]
[MD5.6582A15F11F722FEBE603004A73CBD77] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184] [PID.7564]
[MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [276376] [PID.10096]
[MD5.72EF708552059546B1AAA82E7AA59439] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.2848]
[MD5.18F20138A715E0677A24A0986BC9AEA2] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe [1862024] [PID.7828]
[MD5.F7128E5772F9312F0D111A5FA5D41773] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656] [PID.4592]
[MD5.475950AA624AD3813490BC01864184CC] - (.http://www.dreamule.org - Dreamule.) -- C:\Program Files (x86)\DreaMule\emule.exe [6696960] [PID.8376]
[MD5.0CED501E811F5C4745415FCC000CE043] - (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe [164864] [PID.9116]
[MD5.28E623E4595B41896BAAE560CABDBF2A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7935488] [PID.7700]
~ Processes Running: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 10030



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Camtasia Studio 8.lnk . (.TechSmith Corporation - Camtasia Studio.) -- C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
O4 - GS\Desktop [Public]: CyberGhost VPN.lnk . (.CyberGhost SRL - CyberGhost VPN Client.) -- C:\Program Files\CyberGhost VPN\CyberGhost.exe
O4 - GS\Desktop [Public]: Deluge.lnk . (...) -- C:\Program Files (x86)\Deluge\deluge.exe
O4 - GS\Desktop [Public]: FarCry 3.lnk . (.Ubisoft Entertainment - Far Cry 3.) -- C:\Program Files (x86)\FarCry 3\bin\farcry3.exe
O4 - GS\Desktop [Public]: Livestream Procaster.lnk . (...) -- C:\Program Files (x86)\Livestream Procaster\Procaster.exe
O4 - GS\Desktop [Public]: LogMeIn Hamachi.lnk . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - GS\Desktop [Public]: Oracle VM VirtualBox.lnk . (...) -- C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe (.not file.)
O4 - GS\Program [Public]: SumatraPDF.lnk . (.Krzysztof Kowalczyk - SumatraPDF.) -- C:\Program Files (x86)\SumatraPDF\SumatraPDF.exe
O4 - GS\QuickLaunch [Manzai]: CyberGhost VPN.lnk . (.CyberGhost SRL - CyberGhost VPN Client.) -- C:\Program Files\CyberGhost VPN\CyberGhost.exe
O4 - GS\QuickLaunch [Manzai]: Droppix Recorder.lnk . (.Droppix - Droppix Recorder.) -- C:\Program Files (x86)\Droppix\Droppix Recorder 2\Droppix Recorder\DxRecord.exe
O4 - GS\QuickLaunch [Manzai]: FrostWire 5.6.3.lnk . (.FrostWire - FrostWire Launcher.) -- C:\Program Files (x86)\FrostWire 5\FrostWire.exe
O4 - GS\QuickLaunch [Manzai]: Oracle VM VirtualBox.lnk . (...) -- C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe (.not file.)
O4 - GS\QuickLaunch [Manzai]: Winamp.lnk . (.Nullsoft, Inc. - Winamp.) -- C:\Program Files (x86)\Winamp\winamp.exe
O4 - GS\TaskBar [Manzai]: Task Manager.lnk . (.Microsoft Corporation - Gestionnaire des t�ches.) -- C:\Windows\system32\taskmgr.exe
O4 - GS\Program [Manzai]: Songr.lnk . (.Xamasoft - Songr.) -- C:\Users\Manzai\AppData\Local\Songr\Songr.exe
O4 - GS\Desktop [Manzai]: DreaMule.lnk . (.http://www.dreamule.org - Dreamule.) -- C:\Program Files (x86)\DreaMule\emule.exe
O4 - GS\Desktop [Manzai]: FrostWire 5.6.3.lnk . (.FrostWire - FrostWire Launcher.) -- C:\Program Files (x86)\FrostWire 5\FrostWire.exe
O4 - GS\Desktop [Manzai]: Nero Express.lnk . (.Acresso Software Inc. - InstallShield.) -- C:\Windows\Installer\{E10AAE4A-98B8-420A-BD93-E0520C23D624}\NeroExpress.exe_81A8FD91A6494AD5B4998149EAAC7E7C.exe
O4 - GS\Desktop [Manzai]: Windows 7 USB DVD Download Tool.lnk . (.Microsoft Corporation - Microsoft Store ISO Backup Tool.) -- C:\Users\Manzai\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe
O4 - GS\Desktop [Manzai]: Wondershare Streaming Audio Recorder.lnk . (.WonderShare Software Co.,Ltd. - Wondershare Streaming Audio Recorder.) -- C:\Program Files (x86)\Wondershare\Streaming Audio Recorder\StreamingAudioRecorder.exe
~ Global Startup: 41 Legitimates Filtered in 00mn 00s



---\\ Applications lanc�es au d�marrage du syt�me (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [InstallerLauncher] C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe (.not file.)
O4 - HKLM\..\RunOnce: [ThreatdictionRemov] C:\Users\Manzai\Desktop\Threatdiction AntiVirus Beta\Threatdiction.exe (.not file.)
O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] . (.Disc Soft Ltd - DAEMON Tools Ultra Agent.) -- C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] Cl� orpheline
O4 - HKLM\..\Wow6432Node\Run: [RadioController] . (.Dritek System Inc. - RF Button Helper.) -- C:\Program Files (x86)\RadioController\RfBtnHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKLM\..\Wow6432Node\Run: [Wondershare Helper Compact.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [aswAhAScr.dll] . (.AVAST Software - avast! RegSvr.) -- C:\Program Files\AVAST Software\Avast\aswRegSvr.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [aswasOutExt.dll] . (.AVAST Software - avast! RegSvr.) -- C:\Program Files\AVAST Software\Avast\aswRegSvr.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [aswasOutExt64.dll] . (.AVAST Software - avast! RegSvr.) -- C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Agent de l'application Wallet] C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (.not file.)
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows�.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows�.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows�.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-761035849-3168717432-3512893582-1001\..\Run: [DAEMON Tools Ultra Agent] . (.Disc Soft Ltd - DAEMON Tools Ultra Agent.) -- C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FF5C19B-90B0-4663-B719-2E0C34E76340}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B1EBCD0-F775-45D5-A685-7720C9F3A8D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FF5C19B-90B0-4663-B719-2E0C34E76340}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B1EBCD0-F775-45D5-A685-7720C9F3A8D7}: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Elan Service (ETDService) . (.ELAN Microelectronics Corp. - Elan Service.) - C:\Program Files\Elantech\ETDService.exe
O23 - Service: McAfee Boot Delay Start Service (mcbootdelaystartsvc) . (...) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (.not file.)
O23 - Service: ZAtheros Wlan Agent (ZAtheros Wlan Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
~ Services: 14 Legitimates Filtered in 00mn 04s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Audio Record Expert 2.0 - (.Guangming Software, Inc..) [HKLM][64Bits] -- Audio Record Expert_is1
O42 - Logiciel: Cyberfox Web Browser - (.8pecxstudios.) [HKLM][64Bits] -- {5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1
O42 - Logiciel: Droppix Recorder 2 - (.Droppix.) [HKLM][64Bits] -- DxStd2_is1
O42 - Logiciel: oggcodecs - (.illiminable.) [HKLM][64Bits] -- {D65F0073-A820-4085-B997-A061171595A7}
~ Logic: 96 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Shareaza]
[HKCU\Software\SimpleCast]
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\DCoder]
[HKLM\Software\Wow6432Node\Droppix]
~ Key Software: 198 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/09/2013 - 12:06:03 - [4,796] ----D C:\Program Files (x86)\Audio Record Expert
O43 - CFD: 07/09/2013 - 00:32:23 - [25,109] ----D C:\Program Files (x86)\DreaMule
O43 - CFD: 21/08/2013 - 20:19:43 - [26,009] ----D C:\Program Files (x86)\Droppix
O43 - CFD: 03/09/2013 - 11:37:14 - [-162,800] ----D C:\Program Files (x86)\FarCry 3
O43 - CFD: 11/03/2013 - 04:53:27 - [0,407] ----D C:\Program Files (x86)\RadioController
O43 - CFD: 01/09/2013 - 12:32:08 - [0] ----D C:\Program Files (x86)\SpacialAudio
O43 - CFD: 21/08/2013 - 20:19:59 - [5,209] ----D C:\Program Files (x86)\Common Files\Droppix
O43 - CFD: 11/03/2013 - 05:13:55 - [0,040] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 21/08/2013 - 20:31:07 - [0,539] ----D C:\ProgramData\Droppix
O43 - CFD: 21/08/2013 - 20:19:58 - [0] ----D C:\Users\Manzai\AppData\Roaming\Droppix
O43 - CFD: 21/08/2013 - 15:01:07 - [0,014] ----D C:\Users\Manzai\AppData\Roaming\lm
O43 - CFD: 02/09/2013 - 01:37:50 - [0,001] ----D C:\Users\Manzai\AppData\Local\Seven_Alien_Technologies_
O43 - CFD: 01/09/2013 - 12:32:06 - [0,000] ----D C:\Users\Manzai\AppData\Local\SpacialAudio
O43 - CFD: 21/08/2013 - 20:20:01 - [0,010] ----D C:\Users\Manzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Droppix Recorder 2
~ Program Folder: 179 Legitimates Filtered in 00mn 02s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.ADD2FE1A9F4EE41A6D724819550D4E1F] - 08/09/2013 - 11:09:32 RSHAD . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\Windows\System32\Drivers\VirtualAudio.sys [31080]
O44 - LFC:[MD5.F9BE29D5E097F03F81D3CD12B794CB66] - 04/09/2013 - 00:50:48 RSHAD . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [31232]
~ Files: 37 Legitimates Filtered in 00mn 04s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.0D91BF1D78C6804950536A2BE4924485] - 01/09/2013 - 11:28:36 ---A- - C:\Windows\Prefetch\MIPONY-INSTALLER.EXE-BA55DCB1.pf
O45 - LFCP:[MD5.C29F7A4766DFAFC1DE19AA73A9AADDC7] - 01/09/2013 - 11:31:52 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-5ACB3EEC.pf
O45 - LFCP:[MD5.F1C158D0FC2F5C37BC1D6EACA58F1B19] - 01/09/2013 - 11:32:03 ---A- - C:\Windows\Prefetch\SAMCAST.EXE-69954932.pf
O45 - LFCP:[MD5.496E8E005CE0A83130D9392248F73321] - 02/09/2013 - 01:16:32 ---A- - C:\Windows\Prefetch\THREATDICTION.TMP-8AB800F5.pf
O45 - LFCP:[MD5.390B78D83BAAF4FD81A37B61D9363F33] - 02/09/2013 - 01:16:47 ---A- - C:\Windows\Prefetch\THREATDICTION.TMP-2A373C99.pf
O45 - LFCP:[MD5.0643D645A5B54C26869B2D4C296AFB97] - 02/09/2013 - 01:16:48 ---A- - C:\Windows\Prefetch\THREATDICTION.TMP-BCC0BBFF.pf
O45 - LFCP:[MD5.59E8E782126208666407B811813FD96C] - 04/09/2013 - 00:50:46 ---A- - C:\Windows\Prefetch\CGWEBINSTALL-EN.TMP-5E857009.pf
O45 - LFCP:[MD5.50A7BDEC5D3334D4410B65CF9EDFCDD5] - 04/09/2013 - 00:50:53 ---A- - C:\Windows\Prefetch\SERVICERESTARTER.EXE-D42CB20F.pf
O45 - LFCP:[MD5.3366772E7BF5FFA35C4D11DB4E561F1B] - 04/09/2013 - 11:02:51 ---A- - C:\Windows\Prefetch\DTULTRA.EXE-0F5EF714.pf
O45 - LFCP:[MD5.D41374E5DE858408015E73E33523560A] - 04/09/2013 - 23:11:33 ---A- - C:\Windows\Prefetch\NERO-BROM-EXPRESS-11.2.00900.-9DE4D84C.pf
O45 - LFCP:[MD5.22DD6435E8986935A3093C0822E80139] - 05/09/2013 - 00:00:10 ---A- - C:\Windows\Prefetch\NEROAUDIORIP.EXE-390FECD8.pf
O45 - LFCP:[MD5.A5E072EC5124BC47F2C825141CE8991A] - 06/09/2013 - 23:28:55 ---A- - C:\Windows\Prefetch\EMULE.EXE-ED97D1FF.pf
O45 - LFCP:[MD5.459C06C7EAE87DE7745EF1F132C05ED1] - 06/09/2013 - 23:32:06 ---A- - C:\Windows\Prefetch\DREAMULE.TMP-54BA13DC.pf
O45 - LFCP:[MD5.AD581C516C73EE3C182390A9DCA52D5C] - 06/09/2013 - 23:32:06 ---A- - C:\Windows\Prefetch\DREAMULE.TMP-64FCE5F6.pf
O45 - LFCP:[MD5.CCA068D792128B2BB56C3A075969751A] - 06/09/2013 - 23:32:17 ---A- - C:\Windows\Prefetch\DREAMULE.TMP-30C3D3A6.pf
O45 - LFCP:[MD5.A14B1AE838136898A29E96FBBEF967BF] - 06/09/2013 - 23:32:20 ---A- - C:\Windows\Prefetch\DREAMULE.TMP-561440BA.pf
O45 - LFCP:[MD5.5E0F2FFAD343A4F8D782253E732EE977] - 08/09/2013 - 11:02:17 ---A- - C:\Windows\Prefetch\SOUNDRECORDER.EXE-3D878C35.pf
O45 - LFCP:[MD5.A50B1799E52DF89379C2329930D24763] - 08/09/2013 - 11:06:16 ---A- - C:\Windows\Prefetch\EASYREC.EXE-C8B8D6AC.pf
O45 - LFCP:[MD5.B6849E4E05EACCCB0F338DB870342772] - 08/09/2013 - 11:09:22 ---A- - C:\Windows\Prefetch\STREAMING-AUDIO-RECORDER_FULL-196E9008.pf
O45 - LFCP:[MD5.8EA8F560883A4335B5C5DB0A25A17ECB] - 08/09/2013 - 11:09:51 ---A- - C:\Windows\Prefetch\WONDERSHARE HELPER COMPACT.TM-93EE462A.pf
O45 - LFCP:[MD5.57548FE81FDB2339E60EAB7E0D781F0F] - 08/09/2013 - 11:21:53 ---A- - C:\Windows\Prefetch\VIDEOHELP.EXE-86C808B3.pf
O45 - LFCP:[MD5.A53101702CBE0B8BC5C67A78263C57B5] - 08/09/2013 - 21:19:57 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.0CEF3A81FDD4AE76344982B944AA8DD0] - 09/09/2013 - 01:30:42 ---A- - C:\Windows\Prefetch\STREAMINGAUDIORECORDER.EXE-47616DE5.pf
O45 - LFCP:[MD5.0EB806D93AD781810C7A19E9F5655025] - 09/09/2013 - 03:07:42 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.8E1F941CE099012F9B13FB733D6EBE1D] - 09/09/2013 - 17:43:03 ---A- - C:\Windows\Prefetch\CYBERGHOST.EXE-3394D6F8.pf
O45 - LFCP:[MD5.90A75DA12BAC1C33F9AD0ABD47A6626E] - 09/09/2013 - 17:43:26 ---A- - C:\Windows\Prefetch\SONGR.EXE-503689FF.pf
O45 - LFCP:[MD5.5892BC1635FCC7F76EF30481CBC12EEC] - 10/09/2013 - 11:33:19 ---A- - C:\Windows\Prefetch\FROSTWIRE.EXE-819A253E.pf
O45 - LFCP:[MD5.676BAFAA43FC264B257350CE790B948D] - 10/09/2013 - 11:37:28 ---A- - C:\Windows\Prefetch\DELUGE.EXE-A9F989AF.pf
O45 - LFCP:[MD5.2A747F956A2D992B776F28571B769E56] - 11/09/2013 - 13:58:43 ---A- - C:\Windows\Prefetch\CAMRECORDER.EXE-68808D36.pf
O45 - LFCP:[MD5.B24FC033D7D56FC3E5FF90A8F15B74B4] - 11/09/2013 - 14:17:08 ---A- - C:\Windows\Prefetch\CAMTASIASTUDIO.EXE-0DA37BE2.pf
O45 - LFCP:[MD5.277525F1A1517E644F18A5961D76F8E5] - 11/09/2013 - 15:20:18 ---A- - C:\Windows\Prefetch\EMULE.EXE-AD458136.pf
O45 - LFCP:[MD5.7F39190D858680ACC2F2429F2CA1ABCD] - 21/08/2013 - 16:17:37 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3AF05CB9.pf
O45 - LFCP:[MD5.49466C29515922F0E4BDDD6BD85D0328] - 21/08/2013 - 19:41:19 ---A- - C:\Windows\Prefetch\DXRECORD.EXE-5950018A.pf
O45 - LFCP:[MD5.F5F0ECC88307EBD3F22862D4417A1F0C] - 22/08/2013 - 18:42:24 ---A- - C:\Windows\Prefetch\BDWIZREG.EXE-A38CB0DA.pf
O45 - LFCP:[MD5.4761D08B270F9BA61D1CC04343DBE3AA] - 23/08/2013 - 18:16:19 ---A- - C:\Windows\Prefetch\MITM_INSTALL_TOOL.EXE-FCA38546.pf
O45 - LFCP:[MD5.B57B6CC873FF51CC2CEA6DBCCD4105EF] - 24/08/2013 - 07:01:42 ---A- - C:\Windows\Prefetch\LILI USB CREATOR.EXE-2BE29F61.pf
O45 - LFCP:[MD5.18EF07BD3521352248E609ED75F2C5E3] - 27/08/2013 - 16:02:58 ---A- - C:\Windows\Prefetch\BAT_TO_EXE_CONVERTER.EXE-BFE5B96A.pf
O45 - LFCP:[MD5.1FD41785E758228AC5F6FC2FF2E90501] - 28/08/2013 - 09:09:15 ---A- - C:\Windows\Prefetch\WATERFOX.EXE-09810240.pf
O45 - LFCP:[MD5.7D3319483258C5A7AB1ED030FDEFACD4] - 28/08/2013 - 12:06:28 ---A- - C:\Windows\Prefetch\CYBERFOX.EXE-1D29E004.pf
O45 - LFCP:[MD5.F025EC993B730D3E41C7682309F52321] - 28/08/2013 - 12:08:28 ---A- - C:\Windows\Prefetch\CYBERFOX.EXE-87FC3E21.pf
O45 - LFCP:[MD5.B93C22C8B6B8A815219F56DDEDAD57C5] - 28/08/2013 - 22:30:44 ---A- - C:\Windows\Prefetch\RADIONOMY_ALLMYAPPS.EXE-A3BC8C9A.pf
O45 - LFCP:[MD5.749604D5FC445865F346A23FC781F6A3] - 28/08/2013 - 22:47:54 ---A- - C:\Windows\Prefetch\MY RADIOMATISME.EXE-C6A5E122.pf
O45 - LFCP:[MD5.882DFF698A859BF542F922639F118045] - 28/08/2013 - 23:00:19 ---A- - C:\Windows\Prefetch\WMENC.EXE-819C9BCE.pf
O45 - LFCP:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/04/2146 - 14:02:21 - C:\Windows\Prefetch\ReadyBoot
O45 - LFCP:[MD5.32B642F3A1C38AC7AB3DB0A28B204AF6] - 30/08/2013 - 00:39:06 ---A- - C:\Windows\Prefetch\FROSTWIRE-5.6.3.WINDOWS.EXE-17314937.pf
O45 - LFCP:[MD5.FCF32C309B1D17C71E51907BA4D9FD81] - 30/08/2013 - 00:39:31 ---A- - C:\Windows\Prefetch\PIPINSTALLERBUNDLE_FWV5_.EXE-D076711C.pf
O45 - LFCP:[MD5.AC07799776FEDC71054EC1A2A64C29B4] - 31/08/2013 - 00:21:13 ---A- - C:\Windows\Prefetch\CDRUN.EXE-25FD9772.pf
O45 - LFCP:[MD5.9EE50234AEEC040ADD0260BAE863B9A6] - 31/08/2013 - 20:05:33 ---A- - C:\Windows\Prefetch\PROCASTER.EXE-A597EF25.pf
~ Prefetcher: 228 Legitimates Filtered in 00mn 01s



---\\ Cl� de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{a58755dc-0a91-11e3-be70-20898465ee14}\AutoRun\command. (...) -- E:\OriginInstaller.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enum�ration des cl�s de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enum�ration des cl�s de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.286193DC28CFB4CEB8D378E20A0850A9] - 30/08/2013 - 08:48:10 . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336]
~ Drivers: 17 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 08/09/2013 - 10:35:22 ---A- . (...) -- C:\Users\Manzai\Videos\Pourquoi ne peut-on pas commenter les tests - R�gles, bugs, id�es, l'organisation du site )_( - InfoMars.fr.htm [121042]
O61 - LFC: 08/09/2013 - 19:18:12 ---A- . (...) -- C:\Users\Manzai\Documents\VM\WTF is this executable.rar [188056]
O61 - LFC: 08/09/2013 - 21:49:40 ---A- . (...) -- C:\Users\Manzai\Downloads\adMurdererAlternatif24Aout2013R1.zip [60259]
O61 - LFC: 10/09/2013 - 11:33:17 ---A- . (...) -- C:\Users\Manzai\.frostwire5\dbs\crawldb.1\crawldb.lock.db [104]
O61 - LFC: 10/09/2013 - 11:33:21 ---A- . (...) -- C:\Users\Manzai\.frostwire5\library_db\library_db.lock.db [104]
O61 - LFC: 10/09/2013 - 11:33:37 ---A- . (...) -- C:\Users\Manzai\.frostwire5\dbs\sharefiles.1\sharefiles.lock.db [104]
O61 - LFC: 10/09/2013 - 11:33:39 ---A- . (...) -- C:\Users\Manzai\.frostwire5\installer.dat [129]
O61 - LFC: 10/09/2013 - 11:33:39 ---A- . (.FrostWire Team.) -- C:\Users\Manzai\.frostwire5\updates\frostwire-5.6.4.windows.exe [18935664]
O61 - LFC: 10/09/2013 - 11:34:49 ---A- . (...) -- C:\Users\Manzai\.frostwire5\appwork\cfg\subconf_LOCALE.ejs [48]
O61 - LFC: 10/09/2013 - 11:34:49 ---A- . (...) -- C:\Users\Manzai\.frostwire5\appwork\cfg\subconf_youtube.com.ejs [48]
O61 - LFC: 10/09/2013 - 11:34:49 ---A- . (...) -- C:\Users\Manzai\.frostwire5\appwork\tmp\crawler.ejs [688]
O61 - LFC: 10/09/2013 - 11:34:49 ---A- . (...) -- C:\Users\Manzai\.frostwire5\appwork\tmp\hosts.json [1578]
O61 - LFC: 10/09/2013 - 11:35:02 ---A- . (...) -- C:\Users\Manzai\Documents\FrostWire\Torrents\Kamasutra Les secrets du sexe.mp4.torrent [13907]
O61 - LFC: 10/09/2013 - 11:35:08 ---A- . (...) -- C:\Users\Manzai\Documents\FrostWire\Torrents\Sexe.Beurettes.In.The.Cite.FRENCH.XXX.DVDRiP.XViD-PORNOCHiC.torrent [14943]
O61 - LFC: 10/09/2013 - 11:35:50 ---A- . (...) -- C:\Users\Manzai\.frostwire5\frostwire.props [1125]
O61 - LFC: 10/09/2013 - 11:35:50 ---A- . (...) -- C:\Users\Manzai\.frostwire5\installation.props [295]
O61 - LFC: 10/09/2013 - 11:35:50 ---A- . (...) -- C:\Users\Manzai\.frostwire5\questions.props [91]
O61 - LFC: 10/09/2013 - 11:35:50 ---A- . (...) -- C:\Users\Manzai\.frostwire5\tables.props [88]
O61 - LFC: 10/09/2013 - 11:36:01 ---A- . (...) -- C:\Users\Manzai\.frostwire5\dbs\crawldb.1\crawldb.h2.db [19388416]
O61 - LFC: 10/09/2013 - 11:36:01 ---A- . (...) -- C:\Users\Manzai\.frostwire5\dbs\sharefiles.1\sharefiles.h2.db [1089536]
O61 - LFC: 10/09/2013 - 11:36:01 ---A- . (...) -- C:\Users\Manzai\.frostwire5\library_db\library_db.h2.db [1327104]
O61 - LFC: 10/09/2013 - 11:37:21 ---A- . (...) -- C:\Users\Manzai\AppData\Roaming\deluge\ipc\deluge-gtk [5]
O61 - LFC: 10/09/2013 - 11:37:32 ---A- . (...) -- C:\Users\Manzai\AppData\Roaming\deluge\icons\thepiratebay.org.ico [824]
O61 - LFC: 10/09/2013 - 11:38:45 ---A- . (...) -- C:\Users\Manzai\AppData\Roaming\deluge\gtkui.conf~ [1740]
O61 - LFC: 10/09/2013 - 11:38:52 ---A- . (...) -- C:\Users\Manzai\AppData\Roaming\deluge\gtkui.conf [1740]
O61 - LFC: 10/09/2013 - 11:38:55 ---A- . (...) -- C:\Users\Manzai\AppData\Roaming\deluge\state\dd33b08266c2f5dfe1bb5db6a628975bf66b4a9f.torrent [13191]
O61 - LFC: 10/09/2013 - 12:09:44 ---A- . (...) -- C:\Users\Manzai\AppData\Local\recently-used.xbel [1283]
O61 - LFC: 10/09/2013 - 12:09:44 ---A- . (...) -- C:\Users\Manzai\AppData\Roaming\deluge\dht.state [2563]
O61 - LFC: 10/09/2013 - 12:09:44 ---A- . (...) -- C:\Users\Manzai\AppData\Roaming\deluge\files_tab.state [232]
O61 - LFC: 10/09/2013 - 12:09:44 ---A- . (...) -- C:\Users\Manzai\AppData\Roaming\deluge\peers_tab.state [296]
O61 - LFC: 10/09/2013 - 12:09:44 ---A- . (...) -- C:\Users\Manzai\AppData\Roaming\deluge\session.state [5802]
O61 - LFC: 10/09/2013 - 12:09:44 ---A- . (...) -- C:\Users\Manzai\AppData\Roaming\deluge\state\torrents.fastresume [96291]
O61 - LFC: 10/09/2013 - 12:09:44 ---A- . (...) -- C:\Users\Manzai\AppData\Roaming\deluge\state\torrents.state [2983]
O61 - LFC: 10/09/2013 - 12:09:44 ---A- . (...) -- C:\Users\Manzai\AppData\Roaming\deluge\tabs.state [109]
O61 - LFC: 10/09/2013 - 12:09:44 ---A- . (...) -- C:\Users\Manzai\AppData\Roaming\deluge\torrentview.state [2566]
O61 - LFC: 10/09/2013 - 20:23:14 -SHA- . (...) -- C:\Users\Manzai\Downloads\Thumbs.db [9216]
O61 - LFC: 11/09/2013 - 11:38:21 ---A- . (...) -- C:\Users\Manzai\Documents\VM\Antivirus_Free_Edition_x86.zip [9082796]
O61 - LFC: 11/09/2013 - 14:05:15 ---A- . (...) -- C:\Users\Manzai\Documents\VM\url.txt [480]
O61 - LFC: 11/09/2013 - 19:26:09 ---A- . (...) -- C:\Users\Manzai\Documents\VM\0709.7z [283770]
~ 18 Fichiers temporaires (Temporary files)
~ Files: 271 Legitimates Filtered in 00mn 04s



---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Manzai - r5mxbbkd.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.71E91FBB2F2FEE8638B5832EC8CC1590] [SPRF][21/08/2013] (...) -- C:\ProgramData\1377105773.bdinstall.bin [529344]
[MD5.6FE38BB7342692F12A33DDEA72334603] [SPRF][23/08/2013] (...) -- C:\ProgramData\1377278151.bdinstall.bin [235530]
[MD5.11D751D299B9ABDC77BFF4156C75C4CF] [SPRF][01/09/2013] (...) -- C:\Users\Manzai\AppData\Local\Temp\bitool.dll [38480]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][25/08/2013] (...) -- C:\Users\Manzai\AppData\Local\Temp\{FF27A1A2-3DDD-470A-B354-6CC0BBEEA011}.bat [0]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{96C2283B-8374-437E-97F5-5050E9B84A97}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe (.not file.)
O87 - FAEL: "{54EF1D26-1E67-4317-862F-5309CF19152C}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (.not file.)
O87 - FAEL: "{B59D6F63-526A-43F7-AC5A-68F2144DCFEA}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe (.not file.)
O87 - FAEL: "{EBF92FEE-2176-467C-85EC-124426A59397}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe (.not file.)
O87 - FAEL: "{1722FECA-FF02-483A-9BFD-D2E20DDD71CB}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe (.not file.)
O87 - FAEL: "TCP Query User{E2C1322B-00A5-4688-937F-CD06B855A974}C:\program files (x86)\deluge\deluge.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\deluge\deluge.exe
O87 - FAEL: "UDP Query User{C723D1C5-6FBC-46FC-BCBD-B78688964713}C:\program files (x86)\deluge\deluge.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\deluge\deluge.exe
O87 - FAEL: "TCP Query User{ED2FC78C-8474-4828-851C-68BBF65DD5F9}C:\program files (x86)\deluge\deluge.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\deluge\deluge.exe
O87 - FAEL: "UDP Query User{9625BC31-F8A8-4947-978A-F58635692053}C:\program files (x86)\deluge\deluge.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\deluge\deluge.exe
O87 - FAEL: "{262EA9EC-D82C-4ADC-82E3-6001674F06B6}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe (.not file.)
O87 - FAEL: "TCP Query User{8D9563AE-2C4B-4A5B-A3EF-38E49215E584}C:\program files (x86)\dreamule\emule.exe" | In - Public - P6 - TRUE | .(.http://www.dreamule.org - Dreamule.) -- C:\program files (x86)\dreamule\emule.exe
O87 - FAEL: "UDP Query User{CAEC88BF-F4E8-4843-8B2A-074C172CD882}C:\program files (x86)\dreamule\emule.exe" | In - Public - P17 - TRUE | .(.http://www.dreamule.org - Dreamule.) -- C:\program files (x86)\dreamule\emule.exe
~ Firewall: 281 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.2AE0FCE620FC5A536649FA42D5A14345] [WIS][09/11/2005] (.Zentaro Kavanagh - Directshow Codecs for Speex, Vorbis, Theora and Flac..) -- C:\Windows\Installer\128b3f1.msi [1028096]
~ WIS: 39 Legitimates Filtered in 00mn 03s



---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 09/05/2013 137960 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 20/08/2012 176640 | (BrcmCardReader) . (.Broadcom Corp..) - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
SS - | Demand 26/04/2012 2438696 | (CGVPNCliSrvc) . (.mobile concepts GmbH.) - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
SS - | Demand 23/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 16/11/2012 469648 | (DeviceFastLaneService) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
SR - | Demand 25/06/2013 632352 | (Disc Soft Bus Service) . (.Disc Soft Ltd.) - C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
SS - | Demand 22/11/2007 147456 | (Droppix Service) . (.Droppix.) - C:\Program Files (x86)\Common Files\Droppix\DxService.exe
SR - | Auto 10/12/2012 350544 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Demand 23/10/2012 658064 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
SR - | Auto 20/11/2012 100752 | (ETDService) . (.ELAN Microelectronics Corp..) - C:\Program Files\Elantech\ETDService.exe
SS - | Demand 11/03/2013 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 28/06/2013 2470736 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 18/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 18/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Auto 10/07/1658 0 | (McAfee SiteAdvisor Service) . (...) - C:\Program Files (x86)\mcafee\SITEAD~1\mcsacore.exe
SS - | Auto 10/07/1658 0 | (mcbootdelaystartsvc) . (...) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Demand 21/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 11/03/2013 96880 | (RfButtonDriverService) . (.Dritek System INC..) - C:\Windows\RfBtnSvc64.exe
SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 07/08/2013 4308320 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 18/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 09/11/2012 81536 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
~ Services: Scanned in 00mn 03s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Manzai at 11/09/2013 21:31:16
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Manzai at 11/09/2013 21:31:18

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 12902 - (11/09/2013)
Cl�s trouv�es (Keys found) : 2
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 1

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4e42-A125-57C0A11DBCDE}] =>PUP.iMesh
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}] =>PUP.iMesh
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
~ Additionnel Scan: 188231 Items scanned in 00mn 21s



---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/28441146-pup-imesh =>PUP.iMesh
~ MSI: 2 link(s) detected in 00mn 21s



~ 1463 Legitimates filtered by white list
End of the scan (540 lines in 01mn 33s)(0)

Publicité


Signaler le contenu de ce document

Publicité