cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.2.5 - Nicolas Coolman (02/01/2014)
~ Lancé par Bernard (02/01/2014 20:49:36)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16750
MFIE: Mozilla Firefox 26.0

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Pro, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : G6JXV
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Windows Defender W8

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 10 ActiveX 64-bit
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 45

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 7924 MB (81% free)
System Restore: Activé (Enable)
System drive C: has 137 GB (65%) free of 209 GB

---\\ Mode de connexion au système
~ Computer Name: DELL
~ User Name: Bernard
~ All Users Names: UpdatusUser, HomeGroupUser$, Bernard, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Bernard\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Bernard\AppData\Roaming\
~ %Desktop% : C:\Users\Bernard\Desktop\
~ %Favorites% : C:\Users\Bernard\Favorites\
~ %LocalAppData% : C:\Users\Bernard\AppData\Local\
~ %StartMenu% : C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 137 Go of 209 Go)
D: Hard drive, Flash drive, Thumb drive (Free 141 Go of 233 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.E7099336BF7531B6FCC920DCB5101259] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/10/2013 - 07:19:22.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/367
~ Mes musiques (My Musics) : 4/15
~ Mes Videos (My Videos) : 2/6
~ Mes Favoris (My Favorites) : 1/872
~ Mes Documents (My Documents) : 2/181
~ Mon Bureau (My Desktop) : 4/25
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.555FC83CB7A62BFA94D6C1B44A7E121A] - (.Pas de propriétaire - Stage Remote Service.) -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe [475200] [PID.3456]
[MD5.1926FB0A6DCD57A4806445EB5A914E28] - (.Pas de propriétaire - Stage Remote Player.) -- C:\Program Files (x86)\Dell\Stage Remote\DMR.exe [891456] [PID.2180]
[MD5.FB7680DC6B75024E74DC4876A184638C] - (.Pas de propriétaire - HP SimpleSave Backup.) -- C:\Users\Bernard\AppData\Roaming\HP SimpleSave Application\StartHelper.exe [477080] [PID.4676]
[MD5.A7810B302294793DE88542AAE177D1B1] - (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424] [PID.3128]
[MD5.00D1FB0073B4A8BD2989EA8FF4CC792B] - (.SupportSoft, Inc. - Dell Support Center Updates.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064] [PID.4240]
[MD5.309BF2F494E57B4C2BFDFA94F8C6A238] - (.Logitech, Inc. - LockStatusTray Application.) -- C:\Windows\LockStatusTray.exe [192512] [PID.4524]
[MD5.9D51EA92A612B37E76E5E4621650C50A] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288] [PID.1200]
[MD5.E8985DE49E6BCBDBDE908D3D165046BE] - (.Pas de propriétaire - PrestigoSync detector/launcher module.) -- C:\Program Files (x86)\Philips\PrestigoSync\1.0.18.0\PSDetectorLauncher.exe [455544] [PID.1744]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.5652]
[MD5.E4F6125ED5185F8FA37CC4F449B85526] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770608] [PID.3556]
[MD5.0E3F332A0092E14401D1117126DDACA2] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe [13543264] [PID.4940]
[MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8321024] [PID.3960]
[MD5.49D9C17FDDFAC66F27FA735E94923216] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [414496] [PID.848]
[MD5.28D79AAA4E1C15577A86F930E8DA5E50] - (.Absolute Software - AbsoluteNotifierService.) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [10920] [PID.1764]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.1800]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1820]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1856]
[MD5.68B86DD9D455A6A8DE6D13C84FB5CE31] - (.ArcSoft, Inc. - UACTokenSvc.) -- C:\Users\Bernard\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512] [PID.1884]
[MD5.4CB575D97653FA91FFB02DA3105EB084] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752] [PID.1948]
[MD5.E5E6A7D13BBC0F80B866D021F306BF6C] - (.Pas de propriétaire - Inkjet Printer/Scanner/Fax Extended Servey.) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe [107912] [PID.2000]
[MD5.2664F84DBB5904FEF141B8D914A17C39] - (.Pas de propriétaire - NvtlServer Application.) -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [83456] [PID.2092]
[MD5.20372BE109FEE1C37E2D5216680DB9EB] - (.pdfforge GmbH - PDF Architect Helper Service.) -- C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496] [PID.2136]
[MD5.DA4ECE4EC909E1791339F3FFAF36418A] - (.QUALCOMM, Inc. - QDLService2k.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [330488] [PID.2220]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2240]
[MD5.6970BF76E88C68D40C0FDC73F0145602] - (...) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [453120] [PID.2308]
[MD5.465680BDE344CE4FF6646626AA3A9125] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe [223112] [PID.3136]
[MD5.23D990150D56B670A62B21B9ABDD45EE] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.2460]
[MD5.934BB0D23A25C8C136570800A5A149B6] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [687400] [PID.2576]
[MD5.D630B6F2E8379B6F10DC16E82A426552] - (.SupportSoft, Inc. - SupportSoft Agent Service.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [206064] [PID.4580]
[MD5.CBDEE152D73200EE49031A26310B9D3E] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2533400] [PID.2616]
[MD5.B90A279073A815A4AA2C45A09EE004FA] - (.pdfforge GmbH - PDF Architect Conversion Service.) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280] [PID.5064]
[MD5.DF4A7E1E2BA788E28747F1EF49692ED6] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [5341536] [PID.2288]
[MD5.428360DE895B0D80BE90A088C3E10E14] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe [199520] [PID.5292]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.5440]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 1 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\gau92qxy.default\prefs.js
M0 - MFSP: prefs.js [Bernard - gau92qxy.default] http://www.mozilla.com
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Documentation d'aide de Dell.lnk . (...) -- C:\Program Files (x86)\Dell Inc\Dell Edoc Viewer\EDocs.exe (.not file.)
O4 - GS\Program [Public]: Intel(R) Wireless Display.lnk . (.Intel Corporation - WiDiApp.) -- C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Bernard]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Bernard]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Bernard]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [Bernard]: Usenet.nl.lnk . (...) -- C:\Program Files (x86)\Usenet.nl\Usenet.nl.exe
O4 - GS\Program [Bernard]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Bernard]: Documents.lnk . (...) -- C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
~ Global Startup: 56 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Digital Line Detect.lnk . (.Avanquest Software - Digital Line Detection.) -- C:\Program Files (x86)\Digital Line Detect\DLG.exe
O4 - GS\Startup [Public]: PHOTOfunSTUDIO 5.0.lnk . (.Panasonic Corporation - AutoStartService.) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
O4 - GS\Startup [Bernard]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Bernard\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - GS\Startup [Bernard]: HP SimpleSave Monitor.lnk . (...) -- C:\Users\Bernard\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Stage Remote] . (.Pas de propriétaire - Stage Remote Manager.) -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] . (.Microsoft Corporation - Gestionnaire pour appareils Windows Mobile.) -- C:\Windows\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\WINDOWS\system32\nvspcap64.dll
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [MobileDocuments] . (.Apple Inc. - ubd.exe.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKCU\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
O4 - HKLM\..\Wow6432Node\Run: [Absolute Notifier] . (.Absolute Software - Absolute Notifier.) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [CanalPlayerHelper] C:\Program Files (x86)\Lecteur CANALPLAY\CanalPlayerHelper.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Dell DataSafe Online] . (.Dell, Inc. - Dell DataSafe Online Service.) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell Webcam Central] . (.Creative Technology Ltd - WebcamDell2.exe.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
O4 - HKLM\..\Wow6432Node\Run: [dellsupportcenter] . (.SupportSoft, Inc. - Dell Support Center Updates.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
O4 - HKLM\..\Wow6432Node\Run: [Desktop Disc Tool] . (.Pas de propriétaire - Roxio Burn Launcher.) -- C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe =>.Roxio
O4 - HKLM\..\Wow6432Node\Run: [LockStatusTray] . (.Logitech, Inc. - LockStatusTray Application.) -- C:\Windows\LockStatusTray.exe
O4 - HKLM\..\Wow6432Node\Run: [NeroLauncher] . (...) -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [NUSB3MON] . (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [PrestigoSync] . (.Pas de propriétaire - PrestigoSync detector/launcher module.) -- C:\Program Files (x86)\Philips\PrestigoSync\1.0.18.0\PSDetectorLauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [RoxWatchTray] . (.Sonic Solutions - RoxMMTrayApp Module.) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe =>.Sonic Solutions
O4 - HKLM\..\Wow6432Node\Run: [Samsung PanelMgr] . (...) -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-21-529212220-699487193-201672674-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-529212220-699487193-201672674-1001\..\Run: [MobileDocuments] . (.Apple Inc. - ubd.exe.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKUS\S-1-5-21-529212220-699487193-201672674-1001\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-529212220-699487193-201672674-1001\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKUS\S-1-5-21-529212220-699487193-201672674-1001\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.canalplay.com
O15 - Trusted Zone: [HKCU\...\Domains] *.canalplusactive.com
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} ((no name)) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} ((no name)) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{54CF48F5-DAC1-4DC6-96E6-09B054CCF07C}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{D20BD567-9ADE-47DE-8F6D-2C5E563B703E}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{54CF48F5-DAC1-4DC6-96E6-09B054CCF07C}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{D20BD567-9ADE-47DE-8F6D-2C5E563B703E}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) --
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Windows\system32\nvinitx.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Mobile Broadband Service (WMCoreService) . (...) - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
~ Services: 26 Legitimates Filtered in 00mn 03s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [4883] (...) -- C:\Users\Bernard\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0E39FC21-CD7D-4C9C-8C5D-A3ECC2147140}] (...) -- H:\HP SimpleSave Application\BackupServiceInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{19213C94-D598-4204-AD2D-2D9B37E3C454}] (...) -- E:\autoRcd.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1BB91E9B-8FFD-4AB3-8D33-33E3B4F0C3CB}] (...) -- C:\Users\Bernard\Desktop\sp57364.3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5126115F-013D-4A94-AD70-1438C942F76F}] (...) -- C:\Users\Bernard\Desktop\R277344.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9B122DFC-B945-46EF-8276-B9855BB6DB93}] (...) -- C:\Users\Bernard\AppData\Local\Temp\wza998\DriverSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AF3A65A8-BB93-4EE3-A3DE-01BD839B2D58}] (...) -- C:\Users\Bernard\Desktop\sp56922.2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CB1D085E-1139-4863-B8E8-49D286B72FBF}] (...) -- F:\R277344.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CC96F9D0-DA6F-4504-B9A1-29B5A78CC6CB}] (...) -- C:\Users\Bernard\AppData\Local\Temp\Temp1_Vista_Win7_R256.zip\Vista_Win7_R256\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E95FB067-9BC8-4375-9E58-98BF42121805}] (...) -- E:\setup.exe (.not file.) [0]
~ Scheduled Task: 22 Legitimates Filtered in 00mn 02s



---\\ Logiciels installés (O42)
O42 - Logiciel: ThermaData Logger - (.Electronic Temperature Instruments Ltd.) [HKLM][64Bits] -- {C3E63F02-D0B3-4017-AB9B-F46FE8C6DFE0}
O42 - Logiciel: ThermaData Logger Cradle (Driver Removal) - (...) [HKLM][64Bits] -- TDLCRADL&10C4&8213
O42 - Logiciel: ThermaData Logger USB Lead (Driver Removal) - (...) [HKLM][64Bits] -- SLABCOMM&10C4&EA60
O42 - Logiciel: ThermaData Studio - (.ETI Ltd.) [HKLM][64Bits] -- {5C780CC5-6C48-49D7-8915-35BF49483CCC}
~ Logic: 35 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Apricorn]
[HKCU\Software\IncrediMail]
[HKCU\Software\ƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ő¶¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
~ Key Software: 447 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/08/2011 - 19:05:05 - [0] --H-D C:\ProgramData\Rpcnet
O43 - CFD: 11/11/2011 - 23:38:40 - [5,914] --H-D C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}
O43 - CFD: 09/12/2011 - 18:12:58 - [0,004] ----D C:\Users\Bernard\AppData\Roaming\com.AccuWeather.air.stratus.6AF67E59E785A9A644FCA43BED05A7731922EF40.1
O43 - CFD: 31/12/2013 - 19:09:58 - [1,228] ----D C:\Users\Bernard\AppData\Roaming\newnext.me
O43 - CFD: 01/04/2011 - 20:26:37 - [0,375] ----D C:\Users\Bernard\AppData\Local\autorun
O43 - CFD: 28/02/2011 - 20:36:36 - [0,036] ----D C:\Users\Bernard\AppData\Local\E.T.I_Ltd
O43 - CFD: 22/12/2013 - 12:18:28 - [1,224] ----D C:\Users\Bernard\AppData\Local\genienext
~ 177 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 495 Legitimates Filtered in 00mn 08s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.206E696DEA0D9D3DFC66D131DFD05D60] - 02/01/2014 - 18:51:56 ---A- . (...) -- C:\Windows\ODBC.INI [489]
O44 - LFC:[MD5.2F24FAF2B2A54BC16FED405FE7E6FF72] - 22/12/2013 - 12:18:02 ---A- . (.SocialHelper.org - SocialHelper Extension.) -- C:\Windows\System32\SocialHelper.dll [31232] =>Adware.CouponBar
O44 - LFC:[MD5.976CB5BD1411997909F98BB4AD6DFADE] - 22/12/2013 - 12:48:51 ---A- . (...) -- C:\Windows\IE11_main.log [2744]
O44 - LFC:[MD5.646D70D058047454C52A0DB79F866A60] - 27/12/2013 - 22:32:49 ---A- . (...) -- C:\Windows\win.ini [565]
O44 - LFC:[MD5.34E341E36E8D3D0B8188320F465F9152] - 31/12/2013 - 19:17:24 ---A- . (...) -- C:\Windows\DPINST.LOG [1171334]
~ Files: 33 Legitimates Filtered in 00mn 09s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{5b913983-5485-11e3-beab-f04da26bfd6c}\AutoRun\command. (...) -- F:\Startme.exe (.not file.)
O51 - MPSK:{5b913a7f-5485-11e3-beab-f04da26bfd6c}\AutoRun\command. (...) -- F:\Startme.exe (.not file.)
O51 - MPSK:{7825f140-3ce6-11e0-8861-806e6f6e6963}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.7A505465BBB1EB8B5AD4D76E8749383B] - 20/08/2010 - 11:05:18 ---A- . (.ST Microelectronics - Accelerometer Port I/O.) -- C:\Windows\System32\Drivers\Accelern.sys [27760]
O58 - SDL:[MD5.0928BD20273625622722FE1DE5BBDE57] - 12/07/2010 - 11:38:06 ---A- . (.Quanta Computer - Win7 QicFilterDriver-64Bits.) -- C:\Windows\System32\Drivers\qicflt.sys [29288]
O58 - SDL:[MD5.92E7F6666633D2DD91D527503DAA7BE0] - 20/08/2010 - 11:05:12 ---A- . (.ST Microelectronics - Disk Class Filter Driver for Accelerometer.) -- C:\Windows\System32\Drivers\stdcfltn.sys [21616]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:[MD5.825E7A1F48FB8BCFBA27C178AAB4E275] - 02/11/2009 - 12:48:02 ---A- . (...) -- C:\Windows\System32\Drivers\TurboB.sys [13784]
~ Drivers: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe http://aartemis.com =>PUP.AArtemis
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {28B57708-A54D-4D76-B500-119BBA515B9F} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {AE0D770A-15D6-4BE0-B20A-6105B7D39C40} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {FC11D0A5-C79E-4DC1-8CDC-4FD6C196DEEA} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.A7DEB4D003DAE979FC13BA32EC10124F] [SPRF][02/01/2014] (...) -- C:\Users\Bernard\AppData\Local\Temp\ExchangePerflog_8484fa31cbd3d13fcfcccd43.dat [8874]
[MD5.BCB0728F4B117855765CE8FE883B5E9B] [SPRF][16/02/2013] (...) -- C:\Users\Bernard\AppData\Local\Temp\NOSEventMessages.dll [1536]
[MD5.F0A5B44B9B8A23E2F2950B346B5C7718] [SPRF][23/12/2013] (...) -- C:\Users\Bernard\AppData\Local\Temp\Quarantine.exe [360051]
[MD5.4DA57E612033ACE195B21F97DEE211E8] [SPRF][25/02/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Bernard\AppData\Local\Temp\uninst1.exe [394832] =>PUP.Babylon
[MD5.45ADCA3838FAE1DFCC8A650754911370] [SPRF][22/12/2013] (.Skytech Co., Ltd. - Skytech.) -- C:\Users\Bernard\AppData\Local\Temp\vit_aartemis_20131111182538.exe [564376] =>PUP.AArtemis
[MD5.E563A65BAEA25CEF8F49FB0228CB8555] [SPRF][17/02/2013] (...) -- C:\Users\Bernard\AppData\Local\Temp\vlc-2.0.5-win32.exe [22916830]
[MD5.B22198403FFEAF57BE49FF5A08DA1EF4] [SPRF][20/10/2013] (...) -- C:\Users\Bernard\AppData\Local\Temp\vlc-2.0.8-win32.exe [23003252]
[MD5.7E89844169E755775F09AA4724680281] [SPRF][24/11/2013] (...) -- C:\Users\Bernard\AppData\Local\Temp\vlc-2.1.1-win32.exe [24489269]
[MD5.B91FE1536AB4D680DDD77469EA3FD4BF] [SPRF][10/12/2013] (...) -- C:\Users\Bernard\AppData\Local\Temp\vlc-2.1.2-win32.exe [24097311]
[MD5.F86A72F8DA73A0901300B6727E8C0B07] [SPRF][27/12/2013] (...) -- C:\Users\Bernard\AppData\Local\Temp\w64.exe [111104]
[MD5.AF5C84446657B48C9B9B870C46438261] [SPRF][01/01/2014] (...) -- C:\Users\Bernard\Desktop\adwcleaner.exe [1233962]
~ Files: 21 Legitimates Filtered in 00mn 01s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{051E85E0-32C5-4F1F-B564-50D0468D462B}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{7592E2B2-2549-486E-92F5-7977B6A26E74}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{531B0728-5D63-4E42-9A0B-A8ADB8323F5F}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe (.not file.)
O87 - FAEL: "{86BC035B-5E6A-4484-855E-40A6CBC5B3FE}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe (.not file.)
O87 - FAEL: "{41BE3705-AE0A-472E-8E69-43ABE4FA81BF}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe (.not file.)
O87 - FAEL: "{02161721-EB3F-4521-A031-8E9B0085A326}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>Adware.Bandoo
O87 - FAEL: "{7DC4216C-153D-4B91-8254-5D61F85DF2D3}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>Adware.Bandoo
~ Firewall: 323 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "20F36E3C3B0D7104BAB94FF68E6CFD0E" . (.ThermaData Logger.) -- C:\Windows\Installer\{C3E63F02-D0B3-4017-AB9B-F46FE8C6DFE0}\_112D608FD02CD87FDC7735.exe
O90 - PUC: "4E11D749BCA5F944ABE033BAFCF5DA9D" . (.PrestigoSync.) -- C:\Windows\Installer\{947D11E4-5ACB-449F-BA0E-33ABCF5FADD9}\ARPPRODUCTICON.exe
O90 - PUC: "5CC087C584C67D94985153FB9484C3CC" . (.ThermaData Studio.) -- C:\Windows\Installer\{5C780CC5-6C48-49D7-8915-35BF49483CCC}\_853F67D554F05449430E7E.exe
O90 - PUC: "DE939EBE2164DF543AE977CA91C92437" . (.Absolute Notifier.) -- C:\Windows\Installer\{EBE939ED-4612-45FD-A39E-77AC199C4273}\ARPPRODUCTICON.exe
~ Update Products: 163 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.0415C05879F88E81AAF2D817A48F6454] [WIS][21/10/2010] (.ETI Ltd - ThermaData Logger.) -- C:\Windows\Installer\13b365d.msi [30518784]
[MD5.EF36AA3BEE19F87E9BD84559DCCCEDE5] [WIS][21/10/2010] (.ETI Ltd - ThermaData Studio.) -- C:\Windows\Installer\13b3661.msi [14752768]
[MD5.BE3009EAB6824C75188D3688E542A373] [WIS][08/11/2012] (.Novate Wireless - Microsoft Windows VC8.0 Support Files.) -- C:\Windows\Installer\151f66.msi [3093504]
[MD5.596B845F89210C769928F3C899A520F7] [WIS][08/11/2012] (.Novatel Wireless Inc. - DMBU.) -- C:\Windows\Installer\151f6a.msi [34177536]
[MD5.75D85870A4671CD092E5D8DA4A8B93BC] [WIS][02/11/2012] (.SweetIM Technologies Ltd. - SweetPacks bundle uninstaller.) -- C:\Windows\Installer\1b0a60.msi [2579456] =>PUP.SweetIM
~ WIS: 169 Legitimates Filtered in 00mn 16s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 24/02/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/02/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/11/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 05/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 14/11/2013 1914656 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Demand 04/09/2010 1116656 | (RoxMediaDB12OEM) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
SS - | Auto 04/09/2010 219632 | (RoxWatch12) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
SS - | Demand 09/08/2010 166704 | (Samsung UPD Service) . (.Samsung Electronics CO., LTD..) - C:\Windows\System32\SUPDSvc.exe
SS - | Demand 06/04/2012 158208 | (Samsung UPD Service2) . (.Samsung Electronics.) - C:\WINDOWS\System32\SUPDSvc2.exe
SS - | Demand 28/09/2010 450560 | (Service CANALPLAY) . (.Canal+ Distribution.) - C:\Program Files (x86)\Lecteur CANALPLAY\CanalPlayService.exe
SS - | Demand 22/04/2012 720936 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 04/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
SS - | Demand 26/08/2010 74392 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
SS - | Demand 02/11/2009 126352 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 10/05/2011 10920 | (AbsoluteNotifier) . (.Absolute Software.) - C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
SR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 03/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 20/06/2011 83512 | (BackupService) . (.ArcSoft, Inc..) - C:\Users\Bernard\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 12/09/2013 1337752 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
SR - | Auto 09/10/2008 107912 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 01/07/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 25/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 26/08/2010 2823000 | (NOBU) . (.Dell, Inc..) - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
SR - | Auto 14/11/2013 15125280 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 11/11/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 29/12/2009 83456 | (NvtlService) . (...) - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
SR - | Auto 08/04/2013 1320496 | (PDF Architect Helper Service) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect\HelperService.exe
SR - | Auto 08/04/2013 799280 | (PDF Architect Service) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect\ConversionService.exe
SR - | Auto 14/01/2010 330488 | (QDLService2kDell) . (.QUALCOMM, Inc..) - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Auto 21/05/2009 206064 | (sprtsvc_DellSupportCenter) . (.SupportSoft, Inc..) - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
SR - | Auto 11/11/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 17/12/2013 5341536 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 01/07/2010 2533400 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 28/01/2010 453120 | (WMCoreService) . (...) - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe

~ Services: Scanned in 00mn 17s



---\\ Scan Additionnel (O88)
Database Version : 13018 - (02/01/2014)
Clés trouvées (Keys found) : 21
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 6

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Classes\Installer\Features\43688B8A09F7F2046BA6682479556F5A] =>Toolbar.eBay
[HKLM\Software\Classes\Installer\Products\43688B8A09F7F2046BA6682479556F5A] =>Toolbar.eBay
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\43688B8A09F7F2046BA6682479556F5A] =>Toolbar.eBay
[HKLM\Software\Wow6432Node\Classes\Installer\Features\43688B8A09F7F2046BA6682479556F5A] =>Toolbar.eBay
[HKLM\Software\Wow6432Node\Classes\Installer\Products\43688B8A09F7F2046BA6682479556F5A] =>Toolbar.eBay
[HKLM\Software\Classes\Installer\Features\7A931B0A5D8E8E947AFB2124E1562280] =>PUP.Dealio
[HKLM\Software\Classes\Installer\Products\7A931B0A5D8E8E947AFB2124E1562280] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7A931B0A5D8E8E947AFB2124E1562280] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Classes\Installer\Features\7A931B0A5D8E8E947AFB2124E1562280] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Classes\Installer\Products\7A931B0A5D8E8E947AFB2124E1562280] =>PUP.Dealio
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A8B88634-7F90-402F-B66A-86429755F6A5}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
C:\Users\Bernard\AppData\Local\Temp\uninst1.exe =>PUP.Babylon^
C:\Users\Bernard\AppData\Local\Temp\vit_aartemis_20131111182538.exe =>PUP.AArtemis^
C:\Windows\Installer\1b0a60.msi =>PUP.SweetIM^
C:\Users\Bernard\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\Bernard\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
~ Additionnel Scan: 434890 Items scanned in 00mn 19s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/30634288-adware-couponbar =>Adware.CouponBar
~ http://nicolascoolman.webs.com/apps/blog/show/35393224-pup-aartemis =>PUP.AArtemis
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ MSI: 7 link(s) detected in 00mn 19s



~ 1584 Legitimates filtered by white list
End of the scan (581 lines in 01mn 10s)(0)

Publicité


Signaler le contenu de ce document

Publicité