cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par Jean Javques (31/01/2014 22:33:06)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16750
GCIE: Google Chrome v32.0.1700.102 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK

---\\ Logiciels de protection du système
Panda Cloud Cleaner v1.0.40
Windows Defender W8

---\\ Logiciels d'optimisation du système
CCleaner v4.08 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Reader XI
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3980 MB (59% free)
System Restore: Activé (Enable)
System drive C: has 399 GB (87%) free of 458 GB

---\\ Mode de connexion au système
~ Computer Name: VAUDE-PC
~ User Name: Jean Javques
~ All Users Names: yveline, Jean Javques, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Jean Javques\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Jean Javques\AppData\Roaming\
~ %Desktop% : C:\Users\Jean Javques\Desktop\
~ %Favorites% : C:\Users\Jean Javques\Favorites\
~ %LocalAppData% : C:\Users\Jean Javques\AppData\Local\
~ %StartMenu% : C:\Users\Jean Javques\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 399 Go of 458 Go)
D: Hard drive, Flash drive, Thumb drive (Free 457 Go of 458 Go)
E: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.E7099336BF7531B6FCC920DCB5101259] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/10/2013 - 07:19:22.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/101
~ Mes musiques (My Musics) : 3/9
~ Mes Videos (My Videos) : 2/12
~ Mes Favoris (My Favorites) : 1/60
~ Mes Documents (My Documents) : 1/501
~ Mon Bureau (My Desktop) : 2/3315
~ Menu demarrer (Programs) : 1/66
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.198B8C260AA185881415E2128E262497] - (.Panda Security - Internet resident proxy.) -- C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA GLOBAL PROTECTION 2013\WebProxy.exe [108032] [PID.1696]
[MD5.280B64F6BFCEDE6D67D261EB808AA617] - (.Acer Incorporated - Hotkey Utility.) -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [524944] [PID.2260]
[MD5.0049D80BAB72557E9DD09C223FD71E58] - (...) -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176] [PID.6004]
[MD5.63A2D767B9261B4F33F97BF88F2FB197] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [276328] [PID.5496]
[MD5.C65B7FA0CF8E53E1D5D1697D0CA08ACB] - (.ITE Tech. Inc. - ITECIR Filter Application for RCMM Protocol.) -- C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe [604304] [PID.3908]
[MD5.F9413654DBA2F81CA2FDC827C41BDF6E] - (.Panda Security, S.L. - Panda permanent protection.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\ApVxdWin.exe [1038192] [PID.5264]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3416]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.5328]
[MD5.FB1A303207C1124C2B61A50E5A32AC21] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968] [PID.6288]
[MD5.2FB757B35C94B1C1C65BA35E4E7EC0F2] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [174952] [PID.6704]
[MD5.F9DFC08677FC9AC81DD5ACA5EE879E47] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [565096] [PID.6668]
[MD5.B2F0B501A7C017F21C4B4417623895BD] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [367976] [PID.5588]
[MD5.51DFD7030E0F3DC588DBD5F298B167C1] - (.PointGrab LTD - PointGrab Hand Gesture Control.) -- C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGPanel.exe [7884072] [PID.6512]
[MD5.7AE4D6C70C2D7912AB2B4651DF595575] - (.CyberLink - MediaEspresso DeviceDetector.) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [990320] [PID.6728]
[MD5.74D1E004483998E076FBBC0DE9B59763] - (.Panda Security, S.L. - PavBckPT Aplicación.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\PavBckPT.exe [112128] [PID.6476]
[MD5.9B593137FBCC7C1E5D0E4A422749D9A5] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584] [PID.5764]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.7508]
[MD5.09C30C42E193AC396C094792BC1071AD] - (.Nicolas Coolman - ZHPFix.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPFix.exe [3043328] [PID.6804]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Jean Javques\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [aaaaabcbmongicmdegkmmfgdickgnnob] Movies Toolbar v.29.1, (Désactivé) =>PUP.MoviesToolbar
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 28 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Classic Explorer Bar - [HKLM]{553891B7-A0D5-4526-BE18-D3CE461D6310} . (.IvoSoft - Adds classic Windows Explorer features.) -- C:\Program Files\Classic Shell\ClassicExplorer64.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk - Clé orpheline
O4 - GS\Desktop [Public]: Hand Gesture Control.lnk . (.PointGrab LTD - PointGrab Hand Gesture Control.) -- C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGPanel.exe
O4 - GS\Desktop [Public]: Hand Gesture Tutorial.lnk . (.Flexera Software LLC - InstallShield.) -- C:\windows\Installer\{92586A21-3E08-4055-B413-8ACCAAB50A42}\_Built1_6C85496067AB4E2C951FAC4F4B617EE2.exe
O4 - GS\Desktop [Public]: Installer l’accès à distance.lnk . (...) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\Tools\RemoteAccess\BADriveWebSetup.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Public]: Panda Cloud Cleaner.lnk . (...) -- C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PAsCleaner.exe
O4 - GS\Desktop [Public]: Panda Global Protection 2013.lnk . (.Panda Security, S.L. - Panda Console.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\Iface.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Panda Global Protection 2013.lnk . (.Panda Security, S.L. - Panda Console.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\IFace.exe
O4 - GS\QuickLaunch [yveline]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [yveline]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [yveline]: Panda Global Protection 2013.lnk . (.Panda Security, S.L. - Panda Console.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\Iface.exe
O4 - GS\TaskBar [yveline]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [yveline]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [yveline]: Continue Video Performer installation.lnk . (...) -- C:\Documents and Settings\Yveline\Local Settings\Temp\Video Performer63615.exe (.not file.) =>PUP.VideoPerformer
O4 - GS\Desktop [yveline]: Courrier électronique.lnk - Clé orpheline
O4 - GS\Desktop [yveline]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [yveline]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [yveline]: Internet.lnk - Clé orpheline
O4 - GS\Desktop [yveline]: Mes documents.lnk . (...) -- C:\Users\Jean Javques\Documents
O4 - GS\Desktop [yveline]: Raccourci vers Lecteur CD.lnk - Clé orpheline
O4 - GS\Desktop [yveline]: Raccourci vers Mont Dore Touristra 012.lnk . (...) -- C:\Users\Jean Javques\Desktop\Mes images\Mont Dore Touristra 012.jpg (.not file.)
O4 - GS\Desktop [yveline]: Video Performer.lnk . (...) -- C:\Program Files (x86)\VideoPerformer\VideoPerformer.exe (.not file.) =>PUP.VideoPerformer
O4 - GS\QuickLaunch [Jean Javques]: Google Chrome.lnk - Clé orpheline
O4 - GS\QuickLaunch [Jean Javques]: iLivid.lnk . (...) -- C:\Users\Jean Javques\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
O4 - GS\QuickLaunch [Jean Javques]: Launch Internet Explorer Browser.lnk - Clé orpheline
O4 - GS\QuickLaunch [Jean Javques]: Panda Global Protection 2013.lnk . (.Panda Security, S.L. - Panda Console.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\Iface.exe
O4 - GS\TaskBar [Jean Javques]: Google Chrome.lnk - Clé orpheline
O4 - GS\Program [Jean Javques]: Bibliothèques (2).lnk . (...) -- C:\Users\Jean Javques\AppData\Roaming\Microsoft\Windows\Libraries
O4 - GS\Program [Jean Javques]: Bibliothèques.lnk . (...) -- C:\Users\Jean Javques\AppData\Roaming\Microsoft\Windows\Libraries
O4 - GS\Program [Jean Javques]: Internet Explorer.lnk - Clé orpheline
O4 - GS\Desktop [Jean Javques]: Continue Video Downloader Installation.lnk . (...) -- C:\Users\Jean Javques\AppData\Local\Temp\4416e10a-b5e8-487c-8460-537d297fff5d\setup (1).exe (.not file.)
O4 - GS\Desktop [Jean Javques]: Developpement Social Local - Raccourci.lnk . (...) -- C:\Users\Jean Javques\Desktop\FORMATION JJV\Développement Social Local\Developpement Social Local.ppt
O4 - GS\Desktop [Jean Javques]: dsresource.lnk . (...) -- C:\Users\Jean Javques\Downloads\dsresource.pdf
O4 - GS\Desktop [Jean Javques]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Jean Javques]: Lien Social numero 565 PARTENARIAT LOUBAT - Raccourci.lnk . (...) -- C:\Users\Jean Javques\Downloads\Lien Social numero 565 PARTENARIAT LOUBAT.htm
O4 - GS\Desktop [Jean Javques]: PARTENARIAT 2 - Raccourci (2).lnk . (...) -- C:\Users\Jean Javques\Desktop\FORMATION JJV\Partenariat\PARTENARIAT 2.ppt
O4 - GS\Desktop [Jean Javques]: PARTENARIAT 2 - Raccourci.lnk . (...) -- C:\Users\Jean Javques\Desktop\FORMATION JJV\Partenariat\PARTENARIAT 2.ppt
O4 - GS\Desktop [Jean Javques]: POLITIQUE_DE_LA_VILLE - Copie (1) - Copie - Raccourci.lnk . (...) -- C:\Users\Jean Javques\Documents\POLITIQUE_DE_LA_VILLE - Copie (1) - Copie.ppt
O4 - GS\Desktop [Jean Javques]: PROJETS TERRITORIAUX - Raccourci.lnk . (...) -- C:\Users\Jean Javques\Desktop\FORMATION JJV\Territoire\PROJETS TERRITORIAUX.doc
O4 - GS\Desktop [Jean Javques]: Questionnaire_Atlas_territoirev2 - Raccourci.lnk . (...) -- C:\Users\Jean Javques\Desktop\FORMATION JJV\Territoire\Questionnaire_Atlas_territoirev2.pdf
O4 - GS\Desktop [Jean Javques]: Raccourci vers Poste de travail.lnk - Clé orpheline
O4 - GS\Desktop [Jean Javques]: RAPPORT ALEXIS - Copie.lnk . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\WINDOWS\system32\cmd.exe =>.Microsoft Corporation
O4 - GS\Desktop [Jean Javques]: RAPPORT ALEXIS.lnk . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\WINDOWS\system32\cmd.exe =>.Microsoft Corporation
O4 - GS\Desktop [Jean Javques]: welschinger CAFDES PARTENARIAT ET FAMILLE - Raccourci.lnk . (...) -- C:\Users\Jean Javques\Downloads\welschinger CAFDES PARTENARIAT ET FAMILLE.pdf
~ Global Startup: 83 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Acer Remote.lnk . (.Acer - ArcServer.) -- C:\Program Files (x86)\Acer Remote\ArcServer.exe
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [THXCfg64] . (.Creative Technology Ltd. - Pas de description.) -- C:\Windows\system32\THXCfg64.dll
O4 - HKCU\..\Run: [Spotify Web Helper] . (...) -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [CIRAP] . (.ITE Tech. Inc. - ITECIR Filter Application for RCMM Protocol.) -- C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe
O4 - HKLM\..\Wow6432Node\Run: [THX Audio Control Panel] . (.Creative Technology Ltd - THXAudio.) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdReg] . (.Creative Technology Ltd. - Creative UpdReg.) -- C:\Windows\UpdReg.exe
O4 - HKLM\..\Wow6432Node\Run: [APVXDWIN] . (.Panda Security, S.L. - Panda permanent protection.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\APVXDWIN.exe
O4 - HKLM\..\Wow6432Node\Run: [SCANINICIO] . (.Panda Security, S.L. - Inicio Programado.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\Inicio.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Wow6432Node\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Qualcomm Atheros Commnucations - Extension Core.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKUS\S-1-5-21-46766209-2143859517-1278411539-1001\..\Run: [Spotify Web Helper] . (...) -- C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Classic IE9 Settings [64Bits] - {56753E59-AF1D-4FBA-9E15-31557124ADA2} -- Clé orpheline
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{157ABCE1-3E41-4D5F-80F3-0719E8552F9B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{157ABCE1-3E41-4D5F-80F3-0719E8552F9B}: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: avldr . (.On-Access Anti-Malware Scanner Sync - On-Access Anti-Malware Scanner Sync.) -- C:\Windows\System32\avldr64.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: AtherosSvc (AtherosSvc) . (.Windows (R) Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: PGService (PGService) . (.PointGrab LTD - PointGrab Hand Gesture Control.) - C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGService.exe
O23 - Service: PG_Service_Launcher (PG_Service_Launcher) . (.PointGrab LTD - PG Application.) - C:\Program Files (x86)\PointGrab\Hand Gesture Control\PG_Service_Launcher.exe
O23 - Service: Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: 20 Legitimates Filtered in 00mn 06s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Digital Sites.job [330]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Nettoyage de base.job [550]
[MD5.00000000000000000000000000000000] [APT] [Digital Sites] (...) -- C:\Users\Jean Javques\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.exe (.not file.) [0]
[MD5.51DFD7030E0F3DC588DBD5F298B167C1] [APT] [PointGrab] (.PointGrab LTD.) -- C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGPanel.exe [7884072]
~ Scheduled Task: 48 Legitimates Filtered in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-4300-76A7-A758B70C0A00} =>Toolbar.Ask
O42 - Logiciel: fst_fr_35 - (.FREESOFTTODAY.) [HKLM][64Bits] -- fst_fr_35_is1 =>PUA.FSTfr9
~ Logic: 35 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APNDTX]
~ Key Software: 242 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/08/2013 - 08:38:56 - [0] ----D C:\ProgramData\OEM_YAHOO
O43 - CFD: 19/01/2014 - 23:40:55 - [0] ----D C:\Users\Jean Javques\AppData\Local\cougar-messenger
~ Program Folder: 155 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.706198D0924AC3B32B841196A5E4B031] - 24/01/2014 - 18:44:39 ---A- . (...) -- C:\PhysicalMBR.bin [512]
O44 - LFC:[MD5.7B92B97228C4D7470E6897AE83E45968] - 28/01/2014 - 00:32:39 ---A- . (...) -- C:\DelFix.txt [1418]
O44 - LFC:[MD5.502AE2783CFE8C6AA45D3124159FBE3C] - 31/01/2014 - 22:15:24 ---A- . (...) -- C:\Windows\System32\Drivers\APPFCONT.DAT [373564]
O44 - LFC:[MD5.502AE2783CFE8C6AA45D3124159FBE3C] - 31/01/2014 - 22:15:24 ---A- . (...) -- C:\Windows\System32\Drivers\APPFCONT.DAT.bck [373564]
O44 - LFC:[MD5.6B9C1D8165B8300B63C46658D5AD6E64] - 31/01/2014 - 22:16:41 ---A- . (...) -- C:\Windows\System32\Drivers\APPFLTR.CFG [1132]
O44 - LFC:[MD5.6B9C1D8165B8300B63C46658D5AD6E64] - 31/01/2014 - 22:16:41 ---A- . (...) -- C:\Windows\System32\Drivers\APPFLTR.CFG.bck [1132]
~ Files: 24 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.616F452AF2C9D846C5017070078F2100] - 18/01/2014 - 00:26:42 ---A- - C:\Windows\Prefetch\PASCLEANER.EXE-6520ACD2.pf
O45 - LFCP:[MD5.2AA0AB215CBDBC3FC0172798933B3259] - 19/01/2014 - 23:40:32 ---A- - C:\Windows\Prefetch\COUGARMESSENGER.EXE-26094AF1.pf
O45 - LFCP:[MD5.CC1E2BA406F9C544E3D1121E8CBAE160] - 19/01/2014 - 23:40:55 ---A- - C:\Windows\Prefetch\MESSENGER-FULL-INSTALLER.EXE-84F0DDFF.pf
O45 - LFCP:[MD5.9F132D8BC3DA347D6913887C0F17CF26] - 20/01/2014 - 00:01:51 ---A- - C:\Windows\Prefetch\DOWNLOADMANAGER.EXE-8F7A5A8A.pf
O45 - LFCP:[MD5.C69BA207304BAD15BE682C0F2B0388F1] - 20/01/2014 - 21:43:26 ---A- - C:\Windows\Prefetch\ILIVIDSETUP-R362-N-BC.EXE-8E083884.pf =>Adware.Bandoo
O45 - LFCP:[MD5.AB581E9E80621ACA51775686B24D8AD9] - 20/01/2014 - 22:18:02 ---A- - C:\Windows\Prefetch\DOWNLOADMANAGER.EXE-AF083AE3.pf
O45 - LFCP:[MD5.0B18A7509B9F7BB4A91FA2C85FC1ECDC] - 20/01/2014 - 22:24:19 ---A- - C:\Windows\Prefetch\ILIVIDMEDIABAR.EXE-61AC5590.pf =>Adware.Bandoo
O45 - LFCP:[MD5.8E119000E716D98986DD7EF026EBB951] - 24/01/2014 - 07:35:49 ---A- - C:\Windows\Prefetch\DIVX PLAYER.EXE-5FEDDA7E.pf
O45 - LFCP:[MD5.BDCC7A545F87135807DA99CEB5AA93F9] - 24/01/2014 - 10:40:13 ---A- - C:\Windows\Prefetch\CLASSICIE9_32.EXE-0E9BE20B.pf
O45 - LFCP:[MD5.DF6842BA8D43B7B993A5FD59E47C417E] - 24/01/2014 - 10:43:38 ---A- - C:\Windows\Prefetch\SPOTIFY.EXE-C7B8724F.pf
O45 - LFCP:[MD5.F86421FAF14774ACC47035D8B5A3E9DB] - 24/01/2014 - 10:58:26 ---A- - C:\Windows\Prefetch\INS9025.EXE-F0A58405.pf
O45 - LFCP:[MD5.10426E51CFF59C62B61B6345AC939994] - 25/01/2014 - 15:11:58 ---A- - C:\Windows\Prefetch\OTL (1).EXE-12B82F97.pf
O45 - LFCP:[MD5.B18159368A1DA153CCF06D8FB7216591] - 29/01/2014 - 08:43:57 ---A- - C:\Windows\Prefetch\INS7152.EXE-03AAA612.pf
O45 - LFCP:[MD5.74B8CF4CBD05D88970B9DA037764B1B3] - 29/01/2014 - 08:45:01 ---A- - C:\Windows\Prefetch\INS7368.EXE-950E645C.pf
O45 - LFCP:[MD5.39E331035619358B232E787E84A6B25F] - 29/01/2014 - 18:02:51 ---A- - C:\Windows\Prefetch\32.0.1700.102_32.0.1700.76_CH-3B11559E.pf
O45 - LFCP:[MD5.4C8843110C25CD4CD30F6F61B52DAA94] - 30/01/2014 - 09:48:57 ---A- - C:\Windows\Prefetch\CIRAP.EXE-64FAB07B.pf
O45 - LFCP:[MD5.F1D8DEAFC7F34369F5A71AF336AE5BAA] - 30/01/2014 - 10:03:53 ---A- - C:\Windows\Prefetch\32.0.1700.102_CHROME_INSTALLE-B917545F.pf
O45 - LFCP:[MD5.60E353A98E5F9951A7C6E54EE4FA1F8B] - 31/01/2014 - 00:20:44 ---A- - C:\Windows\Prefetch\CLASSICSTARTMENU.EXE-B2535E93.pf
O45 - LFCP:[MD5.686C1961CCCBC48350E4C675836BC862] - 31/01/2014 - 10:59:03 ---A- - C:\Windows\Prefetch\PSHOST.EXE-34DCC7B4.pf
O45 - LFCP:[MD5.AEDD0870FD51D5D474504104F5F4F2E2] - 31/01/2014 - 10:59:03 ---A- - C:\Windows\Prefetch\PSIMSVC.EXE-28D2951E.pf
O45 - LFCP:[MD5.A816D53CA9F66BB0C845F473C8B341FB] - 31/01/2014 - 11:10:27 ---A- - C:\Windows\Prefetch\IFACE.EXE-631DCCC5.pf
O45 - LFCP:[MD5.392597E662202FBC6B66D3C7DB330A71] - 31/01/2014 - 11:53:14 ---A- - C:\Windows\Prefetch\PSIMREAL.EXE-B26D90FE.pf
O45 - LFCP:[MD5.3A159B576C5157D5C815535439AE1057] - 31/01/2014 - 20:56:23 ---A- - C:\Windows\Prefetch\UPDREG.EXE-A07E2F17.pf
O45 - LFCP:[MD5.F007DD956FE89C3129E39E24CF0D5B72] - 31/01/2014 - 21:02:04 ---A- - C:\Windows\Prefetch\APVXDWIN.EXE-7064F1C2.pf
O45 - LFCP:[MD5.E3FC407934ABFA7C68A0FE1930E06621] - 31/01/2014 - 21:06:52 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.E80BAB6A34AB2D4C668A7210458604DC] - 31/01/2014 - 22:16:48 ---A- - C:\Windows\Prefetch\PAVBCKPT.EXE-C5FADC3C.pf
O45 - LFCP:[MD5.B4FDD49604871DA49F973E0208559AFA] - 31/01/2014 - 22:16:49 ---A- - C:\Windows\Prefetch\SRVLOAD.EXE-E0C8A024.pf
O45 - LFCP:[MD5.93EE66F9A4BDA0316CFF93D4E62F4BCD] - 31/01/2014 - 22:21:40 ---A- - C:\Windows\Prefetch\PAVJOBS.EXE-D52EB926.pf
O45 - LFCP:[MD5.44A2777F73B18BC8546A2E922B0321B6] - 31/01/2014 - 22:30:36 ---A- - C:\Windows\Prefetch\PLATASKS.EXE-63D546F4.pf
~ Prefetcher: 222 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
~ IFEO: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 9 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.8A64C45F467FB30C47A30AE2819DDD62] - 28/08/2013 - 09:06:04 ---A- . (.Pas de propriétaire - COMFiltr.) -- C:\Windows\System32\Drivers\COMFiltr.sys [15928]
O58 - SDL:[MD5.27069CFFF29B7F04F4B1BB10154BE52B] - 19/10/2012 - 03:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:[MD5.0BD906A79F9CE3013F7D9D0AC45F9F9D] - 19/10/2012 - 03:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:[MD5.3DBC10CBC436288801FAEE66DE91AE47] - 20/07/2012 - 08:15:00 ---A- . (.Etron Technology Inc - Etron eXtensible Hub Driver..) -- C:\Windows\System32\Drivers\EtronHub3.sys [65152]
O58 - SDL:[MD5.DE261095A2220D400D9603E1E42D4185] - 20/07/2012 - 08:15:00 ---A- . (.Etron Technology Inc - Etron eXtensible Host Controller Driver..) -- C:\Windows\System32\Drivers\EtronXHCI.sys [88832]
O58 - SDL:[MD5.7940C1782C703D8305F81B0449072B7B] - 28/04/2011 - 18:23:36 ---A- . (.ITE Tech. Inc. - ITE Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\itecir.sys [70760]
O58 - SDL:[MD5.0C70C2127D01CAD333DDF5EFE4B308AB] - 20/06/2012 - 08:31:02 ---A- . (.ITE Tech. Inc. - ITECIR Filter Driver.) -- C:\Windows\System32\Drivers\ITECIRfilter.sys [18064]
O58 - SDL:[MD5.0E7689F3BFD1012B0280E077402365F2] - 16/04/2012 - 13:32:18 ---A- . (.Windows (R) Codename Longhorn DDK provider - NDIS User mode I/O Driver.) -- C:\Windows\System32\Drivers\RtkIOAC60.sys [38504]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 18 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 28/01/2014 - 22:33:24 ---A- . (...) -- C:\Users\Jean Javques\Downloads\accuse_reception_CME_Adhérents.pdf [26956]
O61 - LFC: 29/01/2014 - 22:33:24 ---A- . (...) -- C:\Users\Jean Javques\Downloads\Coopérer coordonner - Nouveaux enjeux - Vie sociale - CEDIAS - Avant propos.pdf [357273]
O61 - LFC: 29/01/2014 - 22:33:24 ---A- . (...) -- C:\Users\Jean Javques\Downloads\Coopérer coordonner - Nouveaux enjeux - Vie sociale - CEDIAS - Coopération dans le social - Hardy.pdf [212334]
O61 - LFC: 29/01/2014 - 22:33:24 ---A- . (...) -- C:\Users\Jean Javques\Downloads\Coopérer coordonner - Nouveaux enjeux - Vie sociale - CEDIAS - Coord. gérontologique (1).pdf [308385]
O61 - LFC: 29/01/2014 - 22:33:24 ---A- . (...) -- C:\Users\Jean Javques\Downloads\Coopérer coordonner - Nouveaux enjeux - Vie sociale - CEDIAS - Coord. gérontologique.pdf [308385]
O61 - LFC: 29/01/2014 - 22:33:24 ---A- . (...) -- C:\Users\Jean Javques\Downloads\DC 3 - DEES - Coordination (1).docx [51144]
O61 - LFC: 29/01/2014 - 22:33:24 ---A- . (...) -- C:\Users\Jean Javques\Downloads\DC 3 - DEES - Coordination.docx [51144]
O61 - LFC: 29/01/2014 - 22:33:24 ---A- . (...) -- C:\Users\Jean Javques\Downloads\adwcleaner (2).exe [1166132]
O61 - LFC: 30/01/2014 - 22:33:24 ---A- . (...) -- C:\Users\Jean Javques\AppData\Roaming\ZHP\ZHPFix[R1].txt [2194] =>.Nicolas Coolman
O61 - LFC: 30/01/2014 - 22:33:24 ---A- . (...) -- C:\Users\Jean Javques\AppData\Roaming\ZHP\ZHPFix[R2].txt [2326] =>.Nicolas Coolman
O61 - LFC: 30/01/2014 - 22:33:24 ---A- . (.vaude.) -- C:\Users\Jean Javques\Documents\Alexis.doc [28160]
O61 - LFC: 30/01/2014 - 22:33:24 ---A- . (.vaude.) -- C:\Users\Jean Javques\Documents\CURRICULUM VITAE.doc [28160]
O61 - LFC: 31/01/2014 - 22:33:23 ---A- . (...) -- C:\Users\Jean Javques\AppData\Local\Google\Chrome\User Data\Local State [58480]
O61 - LFC: 31/01/2014 - 22:33:24 ---A- . (...) -- C:\Users\Jean Javques\AppData\Roaming\ZHP\Log.txt [157831] =>.Nicolas Coolman
O61 - LFC: 31/01/2014 - 22:33:24 ---A- . (...) -- C:\Users\Jean Javques\AppData\Roaming\ZHP\TestsZHPDiag.txt [3007] =>.Nicolas Coolman
O61 - LFC: 31/01/2014 - 22:33:24 ---A- . (...) -- C:\Users\Jean Javques\AppData\Roaming\ZHP\ZHPDiag.txt [45943] =>.Nicolas Coolman
O61 - LFC: 31/01/2014 - 22:33:24 ---A- . (...) -- C:\Users\Jean Javques\AppData\Roaming\ZHP\ZHPFixQuarantine.txt [2619] =>.Nicolas Coolman
~ 4 Fichiers temporaires (Temporary files)
~ Files: 165 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {AA9A4890-4262-4441-8977-E2FFCBFB706C} - (Yahoo!) - http://fr.yhs4.search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.30580F7B1B30BBC94570D864ACCCA452] [SPRF][24/01/2014] (...) -- C:\Users\Jean Javques\AppData\LocalLow\lpm.dat [10498]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{EB480BEE-E496-45B1-89EA-6392B03F8328}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Jean Javques\AppData\Local\Temp\7zS7F34\hppiw.exe (.not file.)
O87 - FAEL: "{145C0FF8-71CD-4640-89C3-43D706C2B64F}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Jean Javques\AppData\Local\Temp\7zS7F34\hppiw.exe (.not file.)
O87 - FAEL: "{3D5E7D71-E6B1-40DE-B323-E6CE5E29FDB1}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Jean Javques\AppData\Local\Temp\7zS0353\hppiw.exe (.not file.)
O87 - FAEL: "{7FA876C0-7E92-4D0F-82CC-9ECAB32D8F0C}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Jean Javques\AppData\Local\Temp\7zS0353\hppiw.exe (.not file.)
O87 - FAEL: "{F12223E7-0AFC-4D3E-AACC-0210420E0B1D}" |In - None - P6 - TRUE | .(...) -- C:\Users\Jean Javques\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
O87 - FAEL: "{B5637B74-1A8B-4F43-8114-150D58FC9C87}" |In - None - P17 - TRUE | .(...) -- C:\Users\Jean Javques\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
~ Firewall: 253 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "12A6852980E355044B31A8CCAA5BA024" . (.PointGrab Hand Gesture Control Tutorial.) -- C:\windows\Installer\{92586A21-3E08-4055-B413-8ACCAAB50A42}\ARPPRODUCTICON.exe
O90 - PUC: "381541B4689E5854DAFDC037BD751521" . (.PointGrab Hand Gesture Control.) -- C:\Windows\Installer\{4B145183-E986-4585-ADDF-0C73DB575112}\ARPPRODUCTICON.exe
O90 - PUC: "D2A425F473650034677A7A857BC0A000" . (.Ask Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-4300-76A7-A758B70C0A00}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 71 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A18901901EDE918C422E3FF6E4C0D458] [WIS][11/01/2014] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\10eb1790.msi [463872] =>Toolbar.Ask
[MD5.A77AFBB8B88E4FCD542670CF41095A57] [WIS][02/04/2013] (.PointGrab - PointGrab Hand Gesture Control Tutorial.) -- C:\Windows\Installer\3c399.msi [197375488]
[MD5.C133F19570415BEC44B8403A15BD4E9A] [WIS][29/04/2011] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\4792d3.msi [523776]
[MD5.E5291134C278BE005F45418A26FB71FB] [WIS][31/05/2013] (.PointGrab - Hand Gesture Control.) -- C:\Windows\Installer\6a7e2.msi [43737600]
~ WIS: 71 Legitimates Filtered in 00mn 04s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 26/09/2012 276288 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 28/08/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/08/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 24/04/2013 310400 | (AtherosSvc) . (.Windows (R) Win 7 DDK provider.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 29/06/2013 68608 | (ClassicShellService) . (.IvoSoft.) - C:\Program Files\Classic Shell\ClassicShellService.exe
SR - | Demand 18/01/2013 660040 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
SR - | Demand 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 20/09/2012 29696 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 17/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 14/07/2012 769432 | (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/11/2012 177440 | (Panda Software Controller) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\PsCtrls.exe
SR - | Auto 21/09/2012 202016 | (PAVFNSVR) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\PavFnSvr.exe
SR - | Auto 04/02/2008 62768 | (PavPrSrv) . (.Panda Security, S.L..) - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
SR - | Auto 13/04/2011 313664 | (PAVSRV) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\pavsrvx86.exe
SR - | Auto 28/01/2013 54064 | (PGService) . (.PointGrab LTD.) - C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGService.exe
SR - | Auto 28/01/2013 170816 | (PG_Service_Launcher) . (.PointGrab LTD.) - C:\Program Files (x86)\PointGrab\Hand Gesture Control\PG_Service_Launcher.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/11/2009 226560 | (PSHost) . (.Panda Security International.) - c:\program files (x86)\panda security\panda global protection 2013\firewall\PSHOST.exe
SR - | Auto 19/06/2008 108288 | (PSIMSVC) . (.Panda Security S.L..) - C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\PsImSvc.exe
SR - | Auto 16/08/2010 28992 | (PskSvcRetail) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\PskSvc.exe
SR - | Auto 16/11/2012 173344 | (TPSrv) . (.Panda Security, S.L..) - C:\Program Files (x86)\Panda Security\Panda Global Protection 2013\TPSrvWow.exe
SR - | Auto 17/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

~ Services: Scanned in 00mn 04s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Jean Javques at 31/01/2014 22:33:44
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Jean Javques at 31/01/2014 22:33:46

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

[HKLM\Software\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob] =>PUP.MoviesToolbar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-4300-76A7-A758B70C0A00}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\fst_fr_35_is1] =>PUA.FSTfr9^
C:\Users\Jean Javques\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob =>PUP.MoviesToolbar^
C:\Windows\Installer\10eb1790.msi =>Toolbar.Ask^
~ Additionnel Scan: 211800 Items scanned in 00mn 11s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/33744863-pup-moviestoolbar =>PUP.MoviesToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/29895028-pup-videoperformer =>PUP.VideoPerformer
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/34014358-pua-fstfr9 =>PUA.FSTfr9
~ http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard
~ http://nicolascoolman.webs.com/apps/blog/show/33367156-spyware-protectedsearch =>Spyware.ProtectedSearch
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ MSI: 8 link(s) detected in 00mn 11s



~ 1368 Legitimates filtered by white list
End of the scan (569 lines in 00mn 52s)(0)

Publicité


Signaler le contenu de ce document

Publicité