cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.17.19 - Nicolas Coolman (17/01/2014)
~ Lancé par jac (22/01/2014 07:22:53)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)
GCIE: Google Chrome v32.0.1700.76

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 973HT
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.2.286
Windows Defender W8

---\\ Logiciels d'optimisation du système
CCleaner v4.09 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6098 MB (75% free)
System Restore: Activé (Enable)
System drive C: has 72 GB (48%) free of 150 GB

---\\ Mode de connexion au système
~ Computer Name: JACGEO
~ User Name: jac
~ All Users Names: jac, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\jac\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jac\AppData\Roaming\
~ %Desktop% : C:\Users\jac\Desktop\
~ %Favorites% : C:\Users\jac\Favorites\
~ %LocalAppData% : C:\Users\jac\AppData\Local\
~ %StartMenu% : C:\Users\jac\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 72 Go of 150 Go)
D: Hard drive, Flash drive, Thumb drive (Free 654 Go of 766 Go)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14/11/2013 - 08:37:16.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/12/2013 - 09:37:26.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22/08/2013 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.14/11/2013 - 08:31:09.) -- C:\Windows\system32\Drivers\IpNat.sys [141824]
[MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.14/11/2013 - 08:31:06.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 - 08:16:40.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/08/2013 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/10550
~ Mes musiques (My Musics) : 4/43
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 2/179
~ Mon Bureau (My Desktop) : 2/44
~ Menu demarrer (Programs) : 1/57
~ Hidden Files: Scanned in 00mn 05s



---\\ Processus lancés
[MD5.CAA0C16ADCCE6142A43AD83BFA20B38B] - (.Motorola Mobility LLC - MotoHelperAgent.) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe [698680] [PID.2216]
[MD5.8C9231025FAF86B78906B6C847531FFB] - (.ASUSTeK Computer Inc. - ASUS Routine Controller.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2935424] [PID.2248]
[MD5.4D44112928BA1B3F7D5F7C3BF871FCAF] - (.Sonix - CameraMonitor Application.) -- C:\Windows\vsnp2uvc.exe [675840] [PID.2908]
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.2636]
[MD5.A45938C3B43F32ADE0D803B076AF1B2D] - (...) -- C:\Program Files (x86)\IRIScan Mouse\Scanner Mouse.exe [37777000] [PID.3440]
[MD5.2C728F827E738B7A2932C66DF94CF89C] - (...) -- C:\Users\jac\AppData\Local\Lollipop\lollipop_01220616.exe [3177472] [PID.3520] =>Adware.Lollipop
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.3768]
[MD5.2D75851551D18878FADC21E166DEA3FA] - (.ASUSTek Computer Inc. - AiChargerAP MFC Application.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984] [PID.3816]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432] [PID.2660]
[MD5.46D3D19A4745B67DCA6692AFAB0E136D] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912] [PID.4156]
[MD5.007927703B40F096CEC2D6AFB8EEBD17] - (...) -- C:\Program Files (x86)\IRIScan Mouse\Scanner Mouse Monitoring.exe [2436096] [PID.4432]
[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.4456]
[MD5.33BE35574E1081A91EACD2B98E0A472A] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640] [PID.4664] =>Toolbar.Ask
[MD5.771A5E7CF4C19F3DE5D36B19284F1FC6] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [367168] [PID.5016]
[MD5.5C543230B376A57A8690C7119423F146] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe [264768] [PID.892]
[MD5.849D66021A0EF43A20137BA9D85ECADF] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.5012]
[MD5.8E5651B04BE775696B32F7F1F5DA8871] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8336896] [PID.3184]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [aaaaacalgebmfelllfiaoknifldpngjh] Avira SearchFree Toolbar plus Web Protection v.30.1, (Désactivé) =>Toolbar.Avira
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 15 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (...) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (.not file.)
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 02s
~ Nombre de lignes (Lines number): 15476



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION - Epson Easy Photo Print (TBL x64).) -- C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-00A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll =>Toolbar.Ask
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: More Great Games.lnk - Clé orpheline
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Encore plus de jeux.lnk - Clé orpheline
O4 - GS\Program [Public]: HD VDeck.lnk . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [jac]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [jac]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [jac]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [jac]: Bureau.lnk . (...) -- C:\Users\jac\Desktop
O4 - GS\Program [jac]: Cards2.lnk . (...) -- D:\a-games\Best of Card Games\Cards2.exe
O4 - GS\Program [jac]: Corbeille.lnk - Clé orpheline
O4 - GS\Program [jac]: Data (D).lnk . (...) -- D:\
O4 - GS\Program [jac]: Demon Hunter Chronicles from Beyond - The Untold Story.lnk . (...) -- C:\Users\jac\Downloads\Demon Hunter Chronicles from Beyond - The Untold Story
O4 - GS\Program [jac]: Dream Hills Captured Magic.lnk . (...) -- C:\Users\jac\Desktop\JEUX EN COURS\Dream Hills Captured Magic\dream_hills.exe
O4 - GS\Program [jac]: Eteindre.lnk . (.Microsoft Corporation - Outil d’arrêt et d’annotation Windows.) -- C:\Windows\System32\shutdown.exe
O4 - GS\Program [jac]: Haunted House Mysteries.lnk . (...) -- C:\Program Files (x86)\Games\Haunted House Mysteries\TheHauntedHouse.exe (.not file.)
O4 - GS\Program [jac]: Hidden Expedition Smithsonian Hope Diamond Collectors.lnk . (...) -- C:\Users\jac\Desktop\JEUX EN COURS\Hidden Expedition Smithsonian Hope Diamond Collectors\HiddenExpedition_SmithsonianHopeDiamond_CE.exe (.not file.)
O4 - GS\Program [jac]: Images.lnk . (...) -- C:\Users\jac\Pictures
O4 - GS\Program [jac]: IncrediMail Application.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O4 - GS\Program [jac]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [jac]: IRIScan Mouse.lnk . (...) -- C:\Program Files (x86)\IRIScan Mouse\Scanner Mouse.exe
O4 - GS\Program [jac]: JEUX EN COURS.lnk . (...) -- C:\Users\jac\Desktop\JEUX EN COURS
O4 - GS\Program [jac]: Jeux telecharges.lnk . (...) -- D:\a-Téléchargements
O4 - GS\Program [jac]: Mexicana Deadly Holiday.lnk . (...) -- C:\Program Files (x86)\Games\Mexicana Deadly Holiday\MexicanaDeadlyHoliday.exe
O4 - GS\Program [jac]: Mystery of Sargasso Sea.lnk . (...) -- C:\Users\jac\Desktop\JEUX EN COURS\Mystery of Sargasso Sea\MSS.exe (.not file.)
O4 - GS\Program [jac]: Ordinateur.lnk - Clé orpheline
O4 - GS\Program [jac]: The Agency of Anomalies Mind Invasion Collectors .lnk . (.VELOCITY+RAZZ - HTTP://RAZZ.OWNS.IT.) -- C:\Program Files (x86)\Games\The Agency of Anomalies Mind Invasion Collectors\AgencyofAnomalies4_MindInvasion_CE.exe
O4 - GS\Program [jac]: The Great Gatsby Secret Treasure.lnk . (...) -- C:\Program Files (x86)\Games\The Great Gatsby Secret Treasure\GatsbyWin32.exe
O4 - GS\Program [jac]: Téléchargements.lnk . (...) -- C:\Users\jac\Downloads
O4 - GS\Program [jac]: Windows (C).lnk . (...) -- C:\
O4 - GS\Desktop [jac]: Shtriga Summer Camp.lnk . (...) -- C:\Program Files (x86)\Games\Shtriga Summer Camp\ShtrigaSummerCamp.exe
~ Global Startup: 64 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [jac]: IRIScan Mouse.lnk . (...) -- C:\Program Files (x86)\IRIScan Mouse\Scanner Mouse.exe
O4 - GS\Startup [jac]: OneNote 2007 - Capture d'écran et lancement.lnk . (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll
O4 - HKLM\..\Run: [snp2uvc] . (.Sonix - CameraMonitor Application.) -- C:\WINDOWS\vsnp2uvc.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIVE.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\steam.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [lollipop_01220616] . (...) -- c:\users\jac\appdata\local\lollipop\lollipop_01220616.exe =>Adware.Lollipop
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [ASUS Ai Charger] . (.ASUSTek Computer Inc. - AiChargerAP MFC Application.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Wow6432Node\Run: [ASUS Easy Update] . (.ASUSTeK Computer Inc. - ALU MFC Application.) -- C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [FUFAXRCV] . (.SEIKO EPSON CORPORATION - Fax Reception.) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
O4 - HKLM\..\Wow6432Node\Run: [FUFAXSTM] . (.SEIKO EPSON CORPORATION - Fax Transmission.) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Wow6432Node\Run: [snp2uvc] . (.Sonix - CameraMonitor Application.) -- C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Wow6432Node\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O4 - HKUS\S-1-5-21-2587761482-4189958653-10404214-1001\..\Run: [EPLTarget\P0000000000000001] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIVE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-2587761482-4189958653-10404214-1001\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\steam.exe
O4 - HKUS\S-1-5-21-2587761482-4189958653-10404214-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2587761482-4189958653-10404214-1001\..\Run: [lollipop_01220616] . (...) -- c:\users\jac\appdata\local\lollipop\lollipop_01220616.exe =>Adware.Lollipop
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8D7BE13-3B77-42FB-ADC0-BB6C478248F2}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B8D7BE13-3B77-42FB-ADC0-BB6C478248F2}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA Stereo Initialization dll, Version 3.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O23 - Service: oem14.inf (VIAKaraokeService) . (.VIA Technologies, Inc. - Service binary.) - C:\Windows\System32\viakaraokesrv.exe
~ Services: 18 Legitimates Filtered in 00mn 02s



---\\ Tâches planifiées en automatique (O39)
[MD5.B6037110B175707A353B12C814D34968] [APT] [Motorola Device Manager Engine] (...) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [196920]
[MD5.B6037110B175707A353B12C814D34968] [APT] [Motorola Device Manager Initial Update] (...) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [196920]
[MD5.B6037110B175707A353B12C814D34968] [APT] [Motorola Device Manager Update] (...) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [196920]
[MD5.00000000000000000000000000000000] [APT] [{11A3CED8-905D-4840-A948-4F9FF526C355}] (...) -- D:\a-games\Lost Tales Forgotten Souls\Uninstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{957B416E-3B6B-420B-8725-B63F99EB085D}] (...) -- F:\Setup.exe (.not file.) [0]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 03s



---\\ Logiciels installés (O42)
O42 - Logiciel: 7ZIP Packages - (...) [HKCU][64Bits] -- 7ZIP Packages
O42 - Logiciel: Alex Hunter Lord of the Mind Platinum 1.00 - (.Games.) [HKLM][64Bits] -- Alex Hunter Lord of the Mind Platinum 1.00
O42 - Logiciel: Dream Hills Captured Magic 1.00 - (.Games.) [HKLM][64Bits] -- Dream Hills Captured Magic 1.00
O42 - Logiciel: Fall of the New Age CE 1.00 - (.Games.) [HKLM][64Bits] -- Fall of the New Age CE 1.00
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {2CF22C94-1369-4C04-9A5F-A4BC6D91B508}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail
O42 - Logiciel: Lollipop - (.Lollipop Network, S.L..) [HKCU][64Bits] -- lollipop_01220616 =>Adware.Lollipop
O42 - Logiciel: MOZART version 1.0 - (...) [HKLM][64Bits] -- Mozart, Le Dernier Secret_is1
O42 - Logiciel: Mexicana Deadly Holiday 1.00 - (.Games.) [HKLM][64Bits] -- Mexicana Deadly Holiday 1.00
O42 - Logiciel: Midnight Macabre Mystery of the Elephant 1.00 - (.Games.) [HKLM][64Bits] -- Midnight Macabre Mystery of the Elephant 1.00
O42 - Logiciel: Scanner Mouse - (.Dacuda.) [HKLM][64Bits] -- {034B2BAC-C151-41E1-A7E8-7A02C77A2457}
O42 - Logiciel: Shtriga Summer Camp 1.00 - (.Games.) [HKLM][64Bits] -- Shtriga Summer Camp 1.00
O42 - Logiciel: The Far Kingdoms 1.00 - (.Games.) [HKLM][64Bits] -- The Far Kingdoms 1.00
O42 - Logiciel: The Great Gatsby Secret Treasure 1.00 - (.Games.) [HKLM][64Bits] -- The Great Gatsby Secret Treasure 1.00
~ Logic: 37 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\Dango]
[HKCU\Software\Dream Hills]
[HKCU\Software\Forever Entertainment]
[HKCU\Software\HogGame]
[HKCU\Software\IEAdsBlocker] =>PUP.YrJieGames
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKCU\Software\JetFunDo]
[HKCU\Software\QuanticLab]
[HKCU\Software\Scanner Mouse]
[HKCU\Software\TIconBlu]
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\thief]
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\Wow6432Node\AskPartnerNetwork]
[HKLM\Software\Wow6432Node\Scanner Mouse]
~ Key Software: 351 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/11/2013 - 08:57:00 - [13,032] ----D C:\Program Files (x86)\AskPartnerNetwork
O43 - CFD: 16/01/2014 - 10:02:06 - [7,465] ----D C:\Program Files (x86)\Gigaset QuickSync
O43 - CFD: 22/11/2012 - 09:50:08 - [26,483] ----D C:\Program Files (x86)\IncrediMail
O43 - CFD: 22/11/2013 - 08:56:51 - [0] ----D C:\ProgramData\APN
O43 - CFD: 22/11/2013 - 08:57:00 - [7,209] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 16/01/2014 - 16:48:21 - [11,527] ----D C:\ProgramData\Gigaset QuickSync
O43 - CFD: 22/11/2012 - 09:50:29 - [0] ----D C:\ProgramData\IM
O43 - CFD: 22/11/2012 - 09:50:08 - [6,696] ----D C:\ProgramData\IncrediMail
O43 - CFD: 13/11/2013 - 15:21:18 - [0] ----D C:\ProgramData\Moncarwit
O43 - CFD: 18/01/2014 - 11:23:16 - [0] ----D C:\ProgramData\T1 Games
O43 - CFD: 25/11/2013 - 13:22:35 - [0,001] ----D C:\ProgramData\Trymedia =>Adware.Trymedia
O43 - CFD: 12/12/2012 - 17:03:28 - [0,540] ----D C:\Users\jac\AppData\Roaming\7ZIPPackages
O43 - CFD: 20/01/2014 - 19:28:58 - [4,481] ----D C:\Users\jac\AppData\Roaming\Brave Giant
O43 - CFD: 23/11/2013 - 08:27:49 - [1,195] ----D C:\Users\jac\AppData\Roaming\FGS
O43 - CFD: 18/12/2013 - 18:39:48 - [0,179] ----D C:\Users\jac\AppData\Roaming\Germanicus Head Games
O43 - CFD: 08/01/2014 - 11:38:56 - [0,575] ----D C:\Users\jac\AppData\Roaming\JetFun
O43 - CFD: 20/12/2013 - 16:12:44 - [110,068] ----D C:\Users\jac\AppData\Roaming\MysteryTag
O43 - CFD: 30/12/2013 - 19:28:08 - [0,038] ----D C:\Users\jac\AppData\Roaming\The Great Gatsby
O43 - CFD: 12/03/2013 - 08:49:02 - [1,001] ----D C:\Users\jac\AppData\Local\amulet
O43 - CFD: 21/01/2014 - 16:45:42 - [0,354] ----D C:\Users\jac\AppData\Local\AskPartnerNetwork
O43 - CFD: 22/11/2012 - 10:50:48 - [241,885] ----D C:\Users\jac\AppData\Local\IM
O43 - CFD: 22/01/2014 - 07:16:30 - [3,380] ----D C:\Users\jac\AppData\Local\Lollipop =>Adware.Lollipop
O43 - CFD: 28/11/2013 - 14:52:36 - [8,821] ----D C:\Users\jac\AppData\Local\Scanner Mouse
O43 - CFD: 03/04/2013 - 10:55:13 - [0,201] ----D C:\Users\jac\AppData\Local\Updater19962 =>PUP.CrossRider
O43 - CFD: 16/07/2013 - 09:13:55 - [0] ----D C:\Users\jac\AppData\Local\Updater27096 =>PUP.CrossRider
O43 - CFD: 29/01/2013 - 19:26:24 - [0] ----D C:\Users\jac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PMahjongFR
O43 - CFD: 21/01/2014 - 19:04:55 - [0,002] ----D C:\Users\jac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop
~ Program Folder: 202 Legitimates Filtered in 00mn 25s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/01/2014 - 16:41:34 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.24C43E96B8CD8ED0A3885007D8D84E06] - 21/01/2014 - 17:51:42 ---A- . (...) -- C:\snp2uvc-001.raw [614424]
~ Files: 19 Legitimates Filtered in 00mn 42s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.6FD630C654A0339EA5F41D0DA690B443] - 01/01/2014 - 17:39:52 ---A- - C:\Windows\Prefetch\THEHAUNTEDHOUSE.EXE-51A70F98.pf
O45 - LFCP:[MD5.EF6BEAEF148C66D1AE61AA406435C22C] - 05/01/2014 - 11:50:05 ---A- - C:\Windows\Prefetch\MYTHICWONDERS_THEPHILOSOPHERS-B12C759A.pf
O45 - LFCP:[MD5.2EB50302DFB8087AADE1C65666A783DB] - 05/01/2014 - 12:57:51 ---A- - C:\Windows\Prefetch\ESOTERICAHOLLOWEARTH_OG.EXE-587496C9.pf
O45 - LFCP:[MD5.BF77351662BE7F01B6EFF13D48E0DC6E] - 07/01/2014 - 18:07:47 ---A- - C:\Windows\Prefetch\DREAM_HILLS.EXE-14469028.pf
O45 - LFCP:[MD5.9477F719E0293A915EED89C033924B84] - 09/01/2014 - 17:15:21 ---A- - C:\Windows\Prefetch\WITCHESLEGACY_HUNTERANDTHEHUN-C964D900.pf
O45 - LFCP:[MD5.172BEFE6A3EF5DA119F5F1D10890E702] - 10/01/2014 - 17:26:12 ---A- - C:\Windows\Prefetch\WITCHESLEGACY3_HUNTERANDTHEHU-86947E51.pf
O45 - LFCP:[MD5.CB2ED4888630CABBB2B184615C8402BE] - 11/01/2014 - 10:37:29 ---A- - C:\Windows\Prefetch\SETUP_GF8719T1L1_D2233501855_-D7E6E1CB.pf
O45 - LFCP:[MD5.F8D6161357866AAE3AB1C36CC6D8457E] - 12/01/2014 - 17:42:12 ---A- - C:\Windows\Prefetch\HAUNTEDTRAIN_SPIRITSOFCHARONC-4A957207.pf
O45 - LFCP:[MD5.C601F03FFCA8C3E14253D08E588F8D63] - 14/01/2014 - 09:47:19 ---A- - C:\Windows\Prefetch\MIDNIGHT-MACABRE-MYSTERY-OF-T-22A53897.pf
O45 - LFCP:[MD5.374E6E32207DD54549DA3BF72A9434A9] - 14/01/2014 - 09:47:19 ---A- - C:\Windows\Prefetch\MIDNIGHT-MACABRE-MYSTERY-OF-T-28D33056.pf
O45 - LFCP:[MD5.ACA84BC25512DEDD6DA712FAA9A4B484] - 14/01/2014 - 12:50:56 ---A- - C:\Windows\Prefetch\MM_BFG_1-1-14-2.EXE-4AFCE982.pf
O45 - LFCP:[MD5.B0BC4F006EDB875CFC0252E64A8173A3] - 14/01/2014 - 13:46:26 ---A- - C:\Windows\Prefetch\CRUELCOLLECTIONS_THEANYWISHHO-AF96E9DF.pf
O45 - LFCP:[MD5.C3DBD49B91D3319AADB36293EEB02BEA] - 14/01/2014 - 15:37:19 ---A- - C:\Windows\Prefetch\CRUEL-COLLECTIONS-THE-ANY-WIS-ACDB6846.pf
O45 - LFCP:[MD5.6718463E3978FDDC686936EB46012F3A] - 14/01/2014 - 15:37:19 ---A- - C:\Windows\Prefetch\CRUEL-COLLECTIONS-THE-ANY-WIS-B1BA66E5.pf
O45 - LFCP:[MD5.631D86F35230BC08B4DB424AD027C42A] - 14/01/2014 - 15:44:06 ---A- - C:\Windows\Prefetch\SETUP_GF8184T1L1_D2235577298_-6E092213.pf
O45 - LFCP:[MD5.8A2E6B38934F79BBD2E6870647F0F6A1] - 14/01/2014 - 15:49:51 ---A- - C:\Windows\Prefetch\CRUELCOLLECTIONS_THEANYWISHHO-080AFE37.pf
O45 - LFCP:[MD5.137AFA01C775224B54B5239A3A928F39] - 15/01/2014 - 11:45:31 ---A- - C:\Windows\Prefetch\MIDNIGHTMACMYSTERYELEPHANT.EX-7F080693.pf
O45 - LFCP:[MD5.FC6F01F8E460680155812EBE2DB498E2] - 15/01/2014 - 11:50:08 ---A- - C:\Windows\Prefetch\MM_BFG_1-1-14-2.EXE-29A8DEE2.pf
O45 - LFCP:[MD5.F3169509744020A63C361853930B48BB] - 15/01/2014 - 13:32:57 ---A- - C:\Windows\Prefetch\EXCURSIONS-OF-EVIL_S1_L1_GF80-9627B139.pf
O45 - LFCP:[MD5.2A2F16D2A11DE2D485BE209684308E41] - 15/01/2014 - 17:11:13 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.40774894E381D6B1319B13E40D3E019B] - 15/01/2014 - 17:21:19 ---A- - C:\Windows\Prefetch\AICHARGERAP.EXE-60EB3008.pf
O45 - LFCP:[MD5.069F2DDF48D45FDD84A4D298169D20AE] - 16/01/2014 - 08:53:59 ---A- - C:\Windows\Prefetch\PHOTOSAPP.EXE-8FE95EC8.pf
O45 - LFCP:[MD5.DE1FB27DFFB6FCEAE49229B6F50BDFEC] - 16/01/2014 - 09:02:30 ---A- - C:\Windows\Prefetch\AMARANTHINE-VOYAGE-THE-LIVING-B1D63E93.pf
O45 - LFCP:[MD5.4894F0352F68F10D2D9FFA21CD3C9171] - 16/01/2014 - 09:02:30 ---A- - C:\Windows\Prefetch\AMARANTHINE-VOYAGE-THE-LIVING-BDA81AFA.pf
O45 - LFCP:[MD5.76E808EE134E001889A23484D3E61AC6] - 16/01/2014 - 09:05:51 ---A- - C:\Windows\Prefetch\KWTOSEDSBXZZM.EXE-318D4FB4.pf
O45 - LFCP:[MD5.2B3DF7D0EB6A0EF48663C8B136B40A67] - 16/01/2014 - 09:23:05 ---A- - C:\Windows\Prefetch\SETUP_GF8720T1L1_D2236586935_-7EFAEE9E.pf
O45 - LFCP:[MD5.213308265730A7E9855A5CA0E6701400] - 16/01/2014 - 10:03:40 ---A- - C:\Windows\Prefetch\SETUP_GIGASET_QUICKSYNC_8_3_6-40688D72.pf
O45 - LFCP:[MD5.C1F05C59C60EC04A00395ED7A4E51313] - 16/01/2014 - 10:53:18 ---A- - C:\Windows\Prefetch\AMARANTHINE_VOYAGE_THE_LIVING-F924068D.pf
O45 - LFCP:[MD5.447861C6EB0D43509E49714340ABCA8A] - 16/01/2014 - 13:55:38 ---A- - C:\Windows\Prefetch\AMARANTHINEVOYAGELIVINGMOUNTA-AABC932F.pf
O45 - LFCP:[MD5.6B3A84BAD6444FE8F206962AF29D4EE2] - 16/01/2014 - 17:25:11 ---A- - C:\Windows\Prefetch\GQS.UI.EXE-EC3DDDCC.pf
O45 - LFCP:[MD5.251ADF671EBDF62C8D94DE50A3495456] - 16/01/2014 - 18:29:06 ---A- - C:\Windows\Prefetch\PF-SETUP-FR-653.EXE-20809D58.pf
O45 - LFCP:[MD5.AC6107D3EDCD98D2C3F987B12E836669] - 17/01/2014 - 10:44:41 ---A- - C:\Windows\Prefetch\AMARANTHINE_VOYAGE_THE_LIVING-950C81D9.pf
O45 - LFCP:[MD5.0CA6B6C58389B2B3C71A4E77DDF65ADB] - 18/01/2014 - 08:32:27 ---A- - C:\Windows\Prefetch\SHADOWSHELTER.EXE-A4841D0D.pf
O45 - LFCP:[MD5.6A70B2114AD2FE35F82EEBD863553914] - 18/01/2014 - 11:12:00 ---A- - C:\Windows\Prefetch\ORDERLIGHTDEATHLYARTISANCE.EX-18544F81.pf
O45 - LFCP:[MD5.C93A1A99223CEB543BDF036FBC92E0D6] - 18/01/2014 - 18:33:23 ---A- - C:\Windows\Prefetch\SHADOWSHELTER.EXE-639B6E12.pf
O45 - LFCP:[MD5.1DFE435AFB788C4AA7F4A37129BCD22D] - 18/01/2014 - 20:12:47 ---A- - C:\Windows\Prefetch\SHARETWITTER.EXE-E0181B6E.pf
O45 - LFCP:[MD5.93F6FA15A5D27D97608117DA5A955412] - 19/01/2014 - 07:40:33 ---A- - C:\Windows\Prefetch\SCANNER MOUSE.EXE-A8CE9A0C.pf
O45 - LFCP:[MD5.FD199C93E4FD74682A10F018AED6A580] - 19/01/2014 - 17:33:42 ---A- - C:\Windows\Prefetch\ORDEROFTHELIGHT_THEDEATHLYART-A489CE7D.pf
O45 - LFCP:[MD5.ABFBDC2D1B752178879276F1799E9CA7] - 19/01/2014 - 19:23:32 ---A- - C:\Windows\Prefetch\BUNDLE.EXE-3A2B4779.pf
O45 - LFCP:[MD5.795E7A9DAD7B4A7C45FF8397746BE7BD] - 19/01/2014 - 19:23:38 ---A- - C:\Windows\Prefetch\MM-SALEMWITCHTRIALS.EXE-0CCEAF78.pf
O45 - LFCP:[MD5.58FD36D8F072929CC6FBCD67223B3C7D] - 19/01/2014 - 19:41:46 ---A- - C:\Windows\Prefetch\CARDS2.EXE-9119EE3F.pf
O45 - LFCP:[MD5.94404371F41D5BB212DE1B828B1D1429] - 19/01/2014 - 19:53:31 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.B0A446EB91662D924B17D28DDB2CA283] - 20/01/2014 - 11:22:35 ---A- - C:\Windows\Prefetch\PMBPORTABLE.EXE-6537437F.pf
O45 - LFCP:[MD5.9957B5D6AF109DA03134FA5110BBDFFE] - 20/01/2014 - 11:23:41 ---A- - C:\Windows\Prefetch\PMBPINSTALLER.EXE-40801ECC.pf
O45 - LFCP:[MD5.7DA0C21F31EBE381758D72609267CB1A] - 20/01/2014 - 11:24:13 ---A- - C:\Windows\Prefetch\PMBPINSTALLER.EXE-D53D8FB3.pf
O45 - LFCP:[MD5.5D71068B4BF159CD0E9112D88DBE1B04] - 20/01/2014 - 11:24:26 ---A- - C:\Windows\Prefetch\PMBP_WIN57_UPGRADE1208A.EXE-13E0B7AB.pf
O45 - LFCP:[MD5.87C18FDF860B23899193738A0F824FAF] - 20/01/2014 - 11:24:36 ---A- - C:\Windows\Prefetch\PMBPORTABLE.EXE-251514B1.pf
O45 - LFCP:[MD5.B3F0580618E73731FD652FAD8801558B] - 20/01/2014 - 11:24:37 ---A- - C:\Windows\Prefetch\PMBPINSTALLER.EXE-60F4F35B.pf
O45 - LFCP:[MD5.C76D835CF5E067FC7CC5E74E1C746E58] - 20/01/2014 - 11:25:14 ---A- - C:\Windows\Prefetch\PMBPORTABLE.EXE-C917C6BE.pf
O45 - LFCP:[MD5.87542F6293086CD93DEE4F4BE73BC33E] - 20/01/2014 - 11:45:37 ---A- - C:\Windows\Prefetch\DANGEROUSGAMES_PRISONERSOFDES-A7B8613C.pf
O45 - LFCP:[MD5.8562726EEF147BB85646004D281A076B] - 20/01/2014 - 19:26:54 ---A- - C:\Windows\Prefetch\APP.EXE-7BF9C5A3.pf
O45 - LFCP:[MD5.8D7794B9C3209D587BF055131DD732FA] - 20/01/2014 - 19:29:07 ---A- - C:\Windows\Prefetch\APP.EXE-DC4CE086.pf
O45 - LFCP:[MD5.ABC2CE1BB0698FB127B6C9FBB5E84616] - 21/01/2014 - 07:08:26 ---A- - C:\Windows\Prefetch\SHAREFACEBOOK.EXE-7098A3A4.pf
O45 - LFCP:[MD5.120A85CB7516804DC11142041E96C44A] - 21/01/2014 - 09:03:49 ---A- - C:\Windows\Prefetch\MIDNIGHT-CASTLE_S1_L1_GF5489T-2F0D6FCF.pf
O45 - LFCP:[MD5.8920084BB56EA44BED479AB16DFC8485] - 21/01/2014 - 09:03:49 ---A- - C:\Windows\Prefetch\MIDNIGHT-CASTLE_S1_L1_GF5489T-74D729E6.pf
O45 - LFCP:[MD5.1DEB7478D5840058D2EEAA24E71BC7F8] - 21/01/2014 - 09:05:21 ---A- - C:\Windows\Prefetch\SETUP_GF5489T1L1_D2239825522_-0E4D337B.pf
O45 - LFCP:[MD5.F2885615032A96019E6F1531D8C06290] - 21/01/2014 - 09:06:10 ---A- - C:\Windows\Prefetch\MIDNIGHTCASTLE.EXE-146782DF.pf
O45 - LFCP:[MD5.1B54F1EC4E9E97E5E6403481BDCEA3B0] - 21/01/2014 - 11:34:16 ---A- - C:\Windows\Prefetch\MSS.EXE-14744D0B.pf
O45 - LFCP:[MD5.1EB48801F38FE4E034ACCD6D56BE46A4] - 21/01/2014 - 16:38:22 ---A- - C:\Windows\Prefetch\SPYHUNTER-INSTALLER.EXE-40D63F75.pf =>Crapware.SpyHunter
O45 - LFCP:[MD5.E24DD5799B55E7D38DE8133FC72C33CC] - 21/01/2014 - 19:33:33 ---A- - C:\Windows\Prefetch\SHTRIGASUMMERCAMP.EXE-F55724B8.pf
O45 - LFCP:[MD5.EF1DDFF5F9866C5F9B56DC90FCC4F524] - 21/01/2014 - 19:34:09 ---A- - C:\Windows\Prefetch\SHTRIGASUMMERCAMP.EXE-8DA1CEA0.pf
O45 - LFCP:[MD5.2D775B9544A289C8A91ECF22CF262DD7] - 21/01/2014 - 20:52:10 ---A- - C:\Windows\Prefetch\PfPre_c1f1db9d.db
O45 - LFCP:[MD5.EFDF0CE50DE7CF6CCB9AFB996E452E8E] - 22/01/2014 - 07:16:44 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-0DF277E1.pf =>Adware.Lollipop
O45 - LFCP:[MD5.99B3D297E241D7952D338CE8EA2E7523] - 22/01/2014 - 07:16:44 ---A- - C:\Windows\Prefetch\VSNP2UVC.EXE-F6B7F0A7.pf
O45 - LFCP:[MD5.5418B8674F16D921266342EB09277D17] - 22/01/2014 - 07:18:34 ---A- - C:\Windows\Prefetch\IMLPP.EXE-468937FB.pf
O45 - LFCP:[MD5.13D8F7B453662C809F11302B4693FF24] - 22/01/2014 - 07:18:38 ---A- - C:\Windows\Prefetch\IMAPP.EXE-BB8E10B4.pf
O45 - LFCP:[MD5.64195A89D47B9919587DE19CA8DD4A83] - 22/01/2014 - 07:18:38 ---A- - C:\Windows\Prefetch\INCMAIL.EXE-32F9B55A.pf
O45 - LFCP:[MD5.E6FEEB4392D6E8A2A0E74CA9510BF645] - 22/01/2014 - 07:18:51 ---A- - C:\Windows\Prefetch\IMNOTFY.EXE-8DBD7167.pf
O45 - LFCP:[MD5.60D29CC371F0C6306A047385C55E3203] - 22/01/2014 - 07:19:13 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf
O45 - LFCP:[MD5.7608881F63EE06061FC003022F6BA7B4] - 26/12/2013 - 19:12:06 ---A- - C:\Windows\Prefetch\REDEMPTION_CEMETERY_BITTER_FR-A6348628.pf
O45 - LFCP:[MD5.F73F30DC59FE86FB18284DDE9455CBE6] - 28/12/2013 - 11:50:16 ---A- - C:\Windows\Prefetch\LOVEALCHEMYAHEARTINWINTER_OG.-06C9F4FD.pf
O45 - LFCP:[MD5.90A44E4F89D229BDDFD0867671D8CD52] - 30/12/2013 - 17:38:35 ---A- - C:\Windows\Prefetch\THEEMERALDMAIDEN_SYMPHONYOFDR-68360D57.pf
O45 - LFCP:[MD5.DFF2B154DA33E02929A824F6EFC1A68F] - 31/12/2013 - 15:55:27 ---A- - C:\Windows\Prefetch\HIDDENEXPEDITION_SMITHSONIANH-3CA5B7BA.pf
~ Prefetcher: 194 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.CD3E02718CA7B8AB25A3CA4541FC8B2F] - 11/02/2009 - 12:48:38 ---A- . (.Pas de propriétaire - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [35584]
O58 - SDL:[MD5.ACBF0E3D74660CAC4F2109C6C9DCB156] - 12/03/2009 - 10:21:00 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [3552512]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - 04/01/2008 - 06:34:42 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp32.sys [10216]
O58 - SDL:[MD5.EDAA17CE771C696655B6585F7CAD2100] - 04/01/2008 - 06:34:48 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys [11832]
O58 - SDL:[MD5.FEF9DD9EA587F8886ADE43C1BEFBDAFE] - 24/08/2010 - 08:16:40 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [13440]
O58 - SDL:[MD5.1392B92179B07B672720763D9B1028A5] - 03/08/2010 - 06:21:24 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys [14464]
O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
~ Drivers: 17 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 20/01/2014 - 07:24:44 ---A- . (...) -- C:\Users\jac\AppData\Roaming\Brave Giant\DemonHunter\CE\profile\6A616367656F.ach [39426]
O61 - LFC: 20/01/2014 - 07:24:44 ---A- . (...) -- C:\Users\jac\AppData\Roaming\Brave Giant\DemonHunter\CE\profile\GlobalProfile.prf [195]
O61 - LFC: 20/01/2014 - 07:24:44 ---A- . (...) -- C:\Users\jac\AppData\Roaming\Brave Giant\DemonHunter\CE\profile\Profile_01.prf [818]
O61 - LFC: 20/01/2014 - 07:24:44 ---A- . (...) -- C:\Users\jac\AppData\Roaming\Brave Giant\DemonHunter\CE\profile\Save_01.cub [2328881]
O61 - LFC: 20/01/2014 - 07:24:44 ---A- . (...) -- C:\Users\jac\AppData\Roaming\Brave Giant\DemonHunter\CE\profile\Save_01_bak.cub [2328881]
O61 - LFC: 20/01/2014 - 07:24:48 ---A- . (...) -- C:\Users\jac\Downloads\DemonHunterChrBeyondUntoldStory.rar [852925764]
O61 - LFC: 20/01/2014 - 07:24:48 ---A- . (...) -- C:\Users\jac\Downloads\PMBP_WIN57_Upgrade1208a.exe [6892672]
O61 - LFC: 21/01/2014 - 07:24:31 ---A- . (...) -- C:\Users\jac\AppData\Local\AskPartnerNetwork\Toolbar\AVIRA-V7\APNStorage.stg [370952]
O61 - LFC: 21/01/2014 - 07:24:32 ---A- . (...) -- C:\Users\jac\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 21/01/2014 - 07:24:34 ---A- . (...) -- C:\Users\jac\AppData\Local\Google\Chrome\User Data\Local State [54901]
O61 - LFC: 21/01/2014 - 07:24:39 ---A- . (...) -- C:\Users\jac\AppData\Local\Lollipop\logo.ico [17542] =>Adware.Lollipop
O61 - LFC: 21/01/2014 - 07:24:39 ---A- . (...) -- C:\Users\jac\AppData\Local\Lollipop\lollipop_01220616.dat [2048] =>Adware.Lollipop
O61 - LFC: 21/01/2014 - 07:24:39 ---A- . (...) -- C:\Users\jac\AppData\Local\Lollipop\lollipop_01220616_cfg.lpd [341207] =>Adware.Lollipop
O61 - LFC: 21/01/2014 - 07:24:44 ---A- . (...) -- C:\Users\jac\AppData\Roaming\AlawarEntertainment\GameCartel\Summer Camp\log.sflog [3964]
O61 - LFC: 21/01/2014 - 07:24:44 ---A- . (...) -- C:\Users\jac\AppData\Roaming\AlawarEntertainment\GameCartel\Summer Camp\saves\419167257816429cb641b83a8c791ba4.sav [282973]
O61 - LFC: 21/01/2014 - 07:24:44 ---A- . (...) -- C:\Users\jac\AppData\Roaming\AlawarEntertainment\GameCartel\Summer Camp\saves\options.xml [564]
O61 - LFC: 21/01/2014 - 07:24:44 ---A- . (...) -- C:\Users\jac\AppData\Roaming\AlawarEntertainment\GameCartel\Summer Camp\saves\saves.xml [865]
O61 - LFC: 21/01/2014 - 07:24:44 ---A- . (...) -- C:\Users\jac\AppData\Roaming\AlawarEntertainment\GameCartel\Summer Camp\saves\saves.xml.crc [9]
O61 - LFC: 21/01/2014 - 07:24:45 ---A- . (...) -- C:\Users\jac\AppData\Roaming\Germanicus Head Games\MysteryOfSargassoSea\profiles.xml [120]
O61 - LFC: 21/01/2014 - 07:24:45 ---A- . (...) -- C:\Users\jac\AppData\Roaming\Germanicus Head Games\MysteryOfSargassoSea\profiles\player_2\story.xml [99591]
O61 - LFC: 21/01/2014 - 07:24:47 ---A- . (...) -- C:\Users\jac\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 21/01/2014 - 07:24:47 ---A- . (...) -- C:\Users\jac\AppData\Roaming\ZHP\ZHPDiag.txt [62655] =>.Nicolas Coolman
O61 - LFC: 21/01/2014 - 07:24:47 ---A- . (...) -- C:\Users\jac\Downloads\091014093126641404636577.bmp [64854]
O61 - LFC: 21/01/2014 - 07:24:47 ---A- . (.Setup Process (r).) -- C:\Users\jac\Downloads\AdwCleaner.exe [205168]
O61 - LFC: 21/01/2014 - 07:24:48 ---A- . (.Games.) -- C:\Users\jac\Downloads\ShtrigaSummerCamp.exe [832068835]
O61 - LFC: 21/01/2014 - 07:24:48 -SHA- . (...) -- C:\Users\jac\Downloads\Demon Hunter Chronicles from Beyond - The Untold Story\Thumbs.db [10240]
O61 - LFC: 21/01/2014 - 07:24:48 -SHA- . (...) -- C:\Users\jac\Downloads\Thumbs.db [165888]
O61 - LFC: 22/01/2014 - 07:24:34 ---A- . (...) -- C:\Users\jac\AppData\Local\IM\content.xml [24635]
O61 - LFC: 22/01/2014 - 07:24:39 ---A- . (...) -- C:\Users\jac\AppData\Local\Lollipop\lollipop_01220616.bat [324] =>Adware.Lollipop
O61 - LFC: 22/01/2014 - 07:24:39 ---A- . (...) -- C:\Users\jac\AppData\Local\Lollipop\lollipop_01220616.exe [3177472] =>Adware.Lollipop
O61 - LFC: 22/01/2014 - 07:24:39 ---A- . (...) -- C:\Users\jac\AppData\Local\Lollipop\lollipop_01220616.lpd [3930] =>Adware.Lollipop
O61 - LFC: 22/01/2014 - 07:24:39 ---A- . (...) -- C:\Users\jac\AppData\Local\Lollipop\lollipop_01220616_ps.lpd [1585] =>Adware.Lollipop
O61 - LFC: 22/01/2014 - 07:24:43 ---A- . (...) -- C:\Users\jac\AppData\Local\Scanner Mouse\logs\CPU.csv [0]
O61 - LFC: 22/01/2014 - 07:24:43 ---A- . (...) -- C:\Users\jac\AppData\Local\Scanner Mouse\logs\Memory.csv [0]
O61 - LFC: 22/01/2014 - 07:24:43 ---A- . (...) -- C:\Users\jac\AppData\Local\Scanner Mouse\logs\UsbDeviceList.txt [2442]
O61 - LFC: 22/01/2014 - 07:24:43 ---A- . (...) -- C:\Users\jac\AppData\Local\Scanner Mouse\logs\nImages.csv [0]
O61 - LFC: 22/01/2014 - 07:24:47 ---A- . (...) -- C:\Users\jac\AppData\Roaming\ZHP\Log.txt [64671] =>.Nicolas Coolman
O61 - LFC: 22/01/2014 - 07:24:47 ---A- . (...) -- C:\Users\jac\AppData\Roaming\ZHP\TestsZHPDiag.txt [2775] =>.Nicolas Coolman
~ 55 Fichiers temporaires (Temporary files)
~ Files: 248 Legitimates Filtered in 00mn 21s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] [SPRF][22/06/2012] (...) -- C:\Users\jac\AppData\Local\Temp\ESGScanner.sys [22704]
[MD5.883DFC791AAF1298FCFC2BCF5471BBFC] [SPRF][21/01/2014] (...) -- C:\Users\jac\AppData\Local\Temp\SHSetup.exe [46777424] =>Crapware.SpyHunter
~ Files: 2 Legitimates Filtered in 00mn 02s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{0A591617-923B-4EEA-870B-7D77847DA499}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{9FFB1E99-04C5-46C6-940C-2E02DEA49B94}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "UDP Query User{F4EB0C9F-5388-47E9-BD42-AFF3ED3F6B67}C:\windows\syswow64\lxdicoms.exe" |In - Public - P17 - TRUE | .(...) -- C:\windows\syswow64\lxdicoms.exe (.not file.)
O87 - FAEL: "TCP Query User{668AF184-0FE5-406E-8A30-2CAC39721579}C:\windows\syswow64\lxdicoms.exe" |In - Public - P6 - TRUE | .(...) -- C:\windows\syswow64\lxdicoms.exe (.not file.)
O87 - FAEL: "UDP Query User{DCD781AB-2FD5-44AF-8437-CC4441E95E3F}C:\windows\system32\lxdicoms.exe" |In - Public - P17 - TRUE | .(...) -- C:\windows\system32\lxdicoms.exe (.not file.)
O87 - FAEL: "TCP Query User{EF412E6C-C717-409D-908F-85DB149D6927}C:\windows\system32\lxdicoms.exe" |In - Public - P6 - TRUE | .(...) -- C:\windows\system32\lxdicoms.exe (.not file.)
O87 - FAEL: "UDP Query User{62215CBC-2E1B-420A-BCB4-DF33CBA59A22}C:\windows\system32\spool\drivers\x64\3\lxdipswx.exe" |In - Public - P17 - TRUE | .(...) -- C:\windows\system32\spool\drivers\x64\3\lxdipswx.exe (.not file.)
O87 - FAEL: "TCP Query User{157999F7-7C03-4253-9604-B00C813DF46B}C:\windows\system32\spool\drivers\x64\3\lxdipswx.exe" |In - Public - P6 - TRUE | .(...) -- C:\windows\system32\spool\drivers\x64\3\lxdipswx.exe (.not file.)
O87 - FAEL: "{F5130460-D1B0-4527-8AD5-CDA070BC78C1}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{09AF5763-5D23-436E-ACEF-9E7283052BAD}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{186ECB5F-AECE-4523-81B1-844557E4D81B}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{CC2E5A20-5A49-44A9-BC4A-A4D81CB52E19}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{D4CAB0A6-2A9B-4AA1-914C-B28628180936}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{281D02C3-EE4E-434C-81D0-82F8B3E5B734}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{2CE06118-8763-4241-8E01-7CDDEF8C6238}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{695F03D1-A2A0-414D-8014-BBF23C00C66D}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{806D4B49-69AB-4097-B280-84ACE71EC244}" |In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\spool\drivers\x64\3\lxdijswx.exe (.not file.)
O87 - FAEL: "{18C052CF-18F5-4C00-A38D-923D8A2DA2CE}" |In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\spool\drivers\x64\3\lxdijswx.exe (.not file.)
O87 - FAEL: "{480AF11E-FC55-414C-B115-3929391DE629}" |In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\spool\drivers\x64\3\lxditime.exe (.not file.)
O87 - FAEL: "{BC467641-A04F-47E2-A1BD-FADAC5515877}" |In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\spool\drivers\x64\3\lxditime.exe (.not file.)
O87 - FAEL: "{9583BEC0-7CBF-40AF-A026-F454F60B86FE}" |In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\spool\drivers\x64\3\lxdipswx.exe (.not file.)
O87 - FAEL: "{EA145667-AB77-49B0-B1D0-175806A7A46A}" |In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\spool\drivers\x64\3\lxdipswx.exe (.not file.)
O87 - FAEL: "{67F1AB1A-5828-417E-85B4-6050A8CAE477}" |In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\lxdicoms.exe (.not file.)
O87 - FAEL: "{A7E229EE-53EF-4178-8473-8F7019F67FF7}" |In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\lxdicoms.exe (.not file.)
O87 - FAEL: "{31DE08F1-1205-422B-BA7E-28C29FCB3C8E}" |In - Private - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\lxdicoms.exe (.not file.)
O87 - FAEL: "{5DAF42B5-8099-4177-B5AD-DDD2B98FFD11}" |In - Private - P6 - TRUE | .(...) -- C:\Windows\SysWOW64\lxdicoms.exe (.not file.)
~ Firewall: 304 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "25946514D2147365007A7A857BC0A000" . (.Avira SearchFree Toolbar.) -- C:\WINDOWS\Installer\{41564952-412D-5637-00A7-A758B70C0A00}\ToolbarIcon.exe =>Toolbar.Avira
O90 - PUC: "49C22FC2963140C4A9F54ACBD6195B80" . (.IncrediMail.) -- C:\Windows\Installer\{2CF22C94-1369-4C04-9A5F-A4BC6D91B508}\ARPPRODUCTICON.exe
O90 - PUC: "bfc8e94b490f764429a5792c9327bc05" . (.Gigaset QuickSync.) -- C:\WINDOWS\Installer\{b49e8cfb-f094-4467-925a-97c23972cb50}\ARPPRODUCTICON.exe
~ Update Products: 133 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.E4998D930DCD77ACEB8690DEBE386D0B] [WIS][28/01/2013] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\1102817.msi [2837504]
[MD5.A319C9E3D8C64E8E8CDBD681729AD0B4] [WIS][22/01/2013] (.Dacuda - Scanner Mouse ScanApp-Master-1.7.0.215.msi.) -- C:\Windows\Installer\194e1d9.msi [35864576]
[MD5.EACFF4CBE1EC3A8212663F0FF397034F] [WIS][20/12/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\2819f74.msi [813568] =>Toolbar.Avira
~ WIS: 128 Legitimates Filtered in 00mn 07s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 21/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 01/06/2012 920736 | (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
SS - | Demand 01/06/2012 951936 | (asHmComSvc) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
SS - | Demand 17/02/2012 149120 | (AsSysCtrlService) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
SS - | Demand 26/04/2011 2702848 | (FirebirdServerMAGIXInstance) . (.MAGIX®.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
SS - | Auto 14/07/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14/07/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 09/10/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 20/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 28/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 20/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
SR - | Auto 20/12/2013 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
SR - | Auto 12/12/2011 135824 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\system32\EscSvc64.exe
SR - | Auto 24/05/2011 1840128 | (Fabs) . (.MAGIX AG.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 15/11/2013 137528 | (Motorola Device Manager) . (.Motorola Mobility LLC.) - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
SR - | Auto 31/07/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 02/09/2011 65657 | (PST Service) . (.Motorola.) - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
SR - | Auto 31/07/2012 382312 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 06/07/2012 27792 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 07s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by jac at 22/01/2014 07:25:58
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by jac at 22/01/2014 07:26:00

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13024 - (17/01/2014)
Clés trouvées (Keys found) : 24
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 10
Fichiers trouvés (Files found) : 5

[HKLM\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh] =>Toolbar.Avira^
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_01220616] =>Adware.Lollipop^
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}] =>Adware.GamePlayLabs
[HKLM\Software\Classes\S] =>Toolbar.Agent
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}] =>Adware.VidSaver
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh] =>Toolbar.Avira
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211701196}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211701196}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211701196}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110211701196}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-00A7-7A786E7484D7} =>Toolbar.Ask^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:lollipop_01220616 =>Adware.Lollipop^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^
C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh =>Toolbar.Avira^
C:\ProgramData\Trymedia =>Adware.Trymedia^
C:\Users\jac\AppData\Local\Lollipop =>Adware.Lollipop^
C:\Users\jac\AppData\Local\Updater19962 =>PUP.CrossRider^
C:\Users\jac\AppData\Local\Updater27096 =>PUP.CrossRider^
C:\Users\jac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop^
C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin Games =>Adware.iWinArcade
C:\Users\jac\AppData\Local\AskPartnerNetwork =>Toolbar.Ask
C:\Users\jac\AppData\Local\Lollipop\lollipop_01220616.exe =>Adware.Lollipop^
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^
[HKCU\Software\IEAdsBlocker] =>PUP.YrJieGames^
C:\Users\jac\AppData\Local\Temp\SHSetup.exe =>Crapware.SpyHunter^
C:\Windows\Installer\2819f74.msi =>Toolbar.Avira^
~ Additionnel Scan: 274510 Items scanned in 00mn 12s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/35904936-pup-yrjiegames =>PUP.YrJieGames
~ http://nicolascoolman.webs.com/apps/blog/show/29710349-adware-trymedia =>Adware.Trymedia
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter =>Crapware.SpyHunter
~ http://nicolascoolman.webs.com/apps/blog/show/26820943-adware-gameplaylabs =>Adware.GamePlayLabs
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade
~ MSI: 10 link(s) detected in 00mn 12s



~ 1625 Legitimates filtered by white list
End of the scan (716 lines in 03mn 19s)(0)

Publicité


Signaler le contenu de ce document

Publicité