Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par CC (02/02/2014 21:06:10)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v32.0.1700.102 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Premium, 64-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
CCleaner =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
eMule
µTorrent v2.2.1 =>P2P.µTorrent
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (15% free)
System Restore: Activé (Enable)
System drive C: has 38 GB (8%) free of 454 GB
---\\ Mode de connexion au système
~ Computer Name: PCCC
~ User Name: CC
~ All Users Names: Julie, CCadmin, CC, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\CC\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\CC\AppData\Roaming\
~ %Desktop% : C:\Users\CC\Desktop\
~ %Favorites% : C:\Users\CC\Favorites\
~ %LocalAppData% : C:\Users\CC\AppData\Local\
~ %StartMenu% : C:\Users\CC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 38 Go of 454 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 12 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowPrinters: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowNetConn: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 08:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.117EA87DF785CA1B9D821F6F213DCE07] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:50:23.) -- C:\Windows\System32\Wininit.exe [123904]
[MD5.60CA010B705660542FB33B43C3653BA0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.15/11/2013 - 02:29:03.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.6D0773A3A65D28B663F334C90441D01A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 08:11:08.) -- C:\Windows\System32\Winlogon.exe [405504]
[MD5.2BA159E1F9FD75F6A496742B20F1D9CF] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 03:31:51.) -- C:\Windows\system32\Drivers\AFD.sys [404992]
[MD5.E68D9B3A3905619732F7FE039466A623] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 08:15:00.) -- C:\Windows\system32\Drivers\atapi.sys [20952]
[MD5.B4D787DB8D30793A4D4DF9FEED18F136] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:50:39.) -- C:\Windows\system32\Drivers\Cdfs.sys [90624]
[MD5.C025AA69BE3D0D25C7A2E746EF6F94FC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 06:34:39.) -- C:\Windows\system32\Drivers\Cdrom.sys [79872]
[MD5.8B722BA35205C71E7951CDC4CDBADE19] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 16:14:19.) -- C:\Windows\system32\Drivers\DfsC.sys [97792]
[MD5.F942C5820205F2FB453243EDFEC82A3D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 06:39:41.) -- C:\Windows\system32\Drivers\HDAudBus.sys [948736]
[MD5.CBB597659A2713CE0C9CC20C88C7591F] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:47:27.) -- C:\Windows\system32\Drivers\i8042prt.sys [64000]
[MD5.B7E6212F581EA5F6AB0C3A6CEEEB89BE] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:48:45.) -- C:\Windows\system32\Drivers\IpNat.sys [115712]
[MD5.1485811B320FF8C7EDAD1CAEBB1C6C2B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:39:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [135680]
[MD5.FC2C792EBDDC8E28DF939D6A92C83D61] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 06:42:33.) -- C:\Windows\system32\Drivers\netBT.sys [248320]
[MD5.2ACCAA3C3C55370A32F17B3595E1A217] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:13:14.) -- C:\Windows\system32\Drivers\ntfs.sys [1513320]
[MD5.AECD57F94C887F58919F307C35498EA0] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 10:37:57.) -- C:\Windows\system32\Drivers\Parport.sys [96768]
[MD5.AC7BC4D42A7E558718DFDEC599BBFC2C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/04/2009 - 06:43:38.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.C045D1FB111C28DF0D1BE8D4BDA22C06] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:46:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [314368]
[MD5.290B6F6A0EC4FCDFC90F5CB6D7020473] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 06:42:19.) -- C:\Windows\system32\Drivers\smb.sys [88064]
[MD5.458919C8C42E398DC4802178D5FFEE27] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 06:43:00.) -- C:\Windows\system32\Drivers\tdx.sys [94720]
[MD5.582F710097B46140F5A89A19A6573D4B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:50:57.) -- C:\Windows\system32\Drivers\volsnap.sys [267648]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/1771
~ Mes musiques (My Musics) : 0/6
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 4/937
~ Mon Bureau (My Desktop) : 0/10
~ Menu demarrer (Programs) : 1/60
~ Hidden Files: Scanned in 00mn 17s
---\\ Processus lancés
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [955392] [PID.3624]
[MD5.DF105989C770C6AB43970A2CC0B9561A] - (.Pas de propriétaire - Logiciel Wallpaper.) -- C:\Program Files (x86)\Wallpaper\Wallpaper.exe [233472] [PID.3632]
[MD5.1D35A47798F2A17A3C4010DEC372839D] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904] [PID.3644]
[MD5.6EEF6C498498CF1E98422A902E0F70A1] - (.SourceForge.net - Password Safe Application.) -- C:\Program Files (x86)\Password Safe\pwsafe.exe [3825152] [PID.3680]
[MD5.26DBC63479E11D54D0C0D2A38D543E69] - (.Pas de propriétaire - OSD MFC Application.) -- C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe [2199552] [PID.3744]
[MD5.6EA567154345511AFAABA045E1B92202] - (.Hewlett-Packard - Keyboard & Mouse Battery volume Detection.) -- C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.exe [463360] [PID.3752]
[MD5.12FD7C1EADDDA10A67B1D6F905B3CC1E] - (.Sony Corporation - Content Transfer Walkman Detector.) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016] [PID.3760]
[MD5.42CD386F16D943E1F89A3D7891F8AD24] - (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816] [PID.3768]
[MD5.9B593137FBCC7C1E5D0E4A422749D9A5] - (.Google Inc. - Google Chrome.) -- C:\Users\CC\AppData\Local\Google\Chrome\Application\chrome.exe [866584] [PID.3356]
[MD5.5138013F145ED88A5AB60F67E852EC1F] - (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe [399736] [PID.3732] =>P2P.BitTorrent
[MD5.4614A8098872CB9E14FE32C89EDE9BB9] - (.Google - Hangouts Plugin.) -- C:\Users\CC\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe [64008] [PID.15284]
[MD5.8911702CC546B76FE8F9C61987C68C43] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.18124]
[MD5.D319D6875772B5ED94B6D101B8377496] - (...) -- C:\Windows\SysWOW64\OSDFORM.exe [102400] [PID.29000]
[MD5.870F2231CF74C05FCFA87964A97F83B1] - (.Adobe Systems, Incorporated - Photoshop Elements 12 Editor.) -- C:\Program Files (x86)\Adobe\Photoshop Elements 12\PhotoshopElementsEditor.exe [39413152] [PID.40920]
[MD5.36FDB8C775B1F7D2069B8C8D0CD09084] - (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [1465920] [PID.70024]
[MD5.2D821AFA5A1A9CA7F9F997A1AAD09E72] - (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe [168960] [PID.70152]
[MD5.05F2F2533E9F59B71CCA67AFF33EADA0] - (.Just Great Software - EditPad Lite.) -- C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe [2544896] [PID.69864]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.41580]
[MD5.C711ED965009BDCFF9AA62CEB6FF1AAD] - (.brother Industries Ltd - brsvc01a.) -- C:\Windows\SysWOW64\brsvc01a.exe [57344] [PID.1284]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1624]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1688]
[MD5.F01964D14C12496F5297B8C2E16CEFA1] - (.brother Industries Ltd - brss01a.exe.) -- C:\Windows\SysWOW64\brss01a.exe [45056] [PID.1948]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1976]
[MD5.AE6C778717DE2F6B0C0B5335036D3363] - (.Sony Corporation - Device Information Provider.) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [430136] [PID.1192]
[MD5.6AF12011C88C80920D0543616E107CFF] - (...) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760] [PID.2420]
[MD5.E9F2657D05ED097EAEAA329C9B0C93B7] - (...) -- C:\Program Files (x86)\Video-Saver\video-saver152.exe [165888] [PID.2468]
[MD5.BF3818B441955E4D438EC72F06F1FE61] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 11.0 (component).) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600] [PID.324]
[MD5.430C19CB511FD6E0DDCD44B42B1810DA] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 12.0 (component).) -- C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152] [PID.324]
[MD5.9B593137FBCC7C1E5D0E4A422749D9A5] - (.Google Inc. - Google Chrome.) -- C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe [866584] [PID.3356]
[MD5.465680BDE344CE4FF6646626AA3A9125] - (.Google Inc. - Google Crash Handler.) -- C:\Users\Julie\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe [223112] [PID.17312]
~ Processes Running: Scanned in 00mn 05s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\CC\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [haocganpkafanhkfldbbmhcpaelmkejg] Hedgehog in the fog v.3 (Activé)
G2 - GCE: Preference [User Data\Default] [jgoepmocgafhnchmokaimcmlojpnlkhp] Bouton +1 de Google v.1.2.0.329 (Activé)
G2 - GCE: Preference [User Data\Default] [mcceagdollnkjlogmdckgjakjapmkdjf] Download Master v.4.0.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ponjkmladgjfjgllmhnkhgbgocdigcjm] App Launcher Customizer for Google v.1.1.5, (Activé)
~ Google Browser: 29 Legitimates Filtered in 00mn 42s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\bcyxpor4.default\prefs.js
M3 - MFPP: Plugins - [CC] -- C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\bcyxpor4.default\searchplugins\wikipedia-eng.xml
M3 - MFPP: Plugins - [CC] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\acpro.xml
P2 - FPN:Firefox Plugin Navigator . (.BitTorrent, Inc. - BitTorrent Plugin 1.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npbittorrent.dll =>P2P.BitTorrent
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.1] - (.Pas de propriétaire - Provides additional functionality on Facebook. See ~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Content Transfer.lnk . (.Sony Corporation - Content Transfer.) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransfer.exe
O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe
O4 - GS\Desktop [Public]: Kipicam.lnk . (.William SANCHEZ - Kipicam.) -- C:\Program Files (x86)\Kipicam\Kipicam.exe
O4 - GS\Desktop [Public]: Menus.lnk . (.RL Vision - Pas de description.) -- C:\Program Files (x86)\DinnerWiz\DinnerWiz.exe
O4 - GS\Desktop [Public]: NWZ-W250 WALKMAN Guide.lnk . (.Sony Corporation - WALKMAN Guide.) -- C:\Program Files (x86)\Sony\WALKMAN Guide\NWZ-W250\WALKMANGuide.exe
O4 - GS\Program [Public]: SyncToy 2.1(x64).lnk . (...) -- C:\Windows\Installer\{88DAAF05-5A72-46D2-A7C5-C3759697E943}\_6FEFF9B68218417F98F549.exe
O4 - GS\Program [Public]: Windows Journal.lnk . (...) -- C:\Program Files (x86)\Windows Journal\Journal.exe (.not file.)
O4 - GS\QuickLaunch [Julie]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\CC\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Julie]: iTunes - Raccourci.lnk . (.Apple Inc. - iTunes.) -- C:\Program Files (x86)\iTunes\iTunes.exe
O4 - GS\QuickLaunch [Julie]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Julie]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Julie]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Julie]: Music - Raccourci.lnk . (...) -- C:\Users\CC\Music
O4 - GS\Desktop [Julie]: Photos - Stock.lnk . (...) -- C:\Users\CC\Google Drive\Photos
O4 - GS\Desktop [Julie]: Photos En cours classement.lnk . (...) -- C:\Users\CC\Pictures\Import
O4 - GS\QuickLaunch [CCadmin]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [CCadmin]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [CCadmin]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [CCadmin]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [CCadmin]: Handbrake.lnk . (.HandBrake - HandBrake.) -- C:\Program Files (x86)\Handbrake\Handbrake.exe
O4 - GS\QuickLaunch [CC]: Deskpins.lnk . (.Elias Fotinis - DeskPins application.) -- C:\Program Files (x86)\DeskPins\DeskPins.exe
O4 - GS\QuickLaunch [CC]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\CC\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [CC]: iTunes.exe - Raccourci.lnk . (.Apple Inc. - iTunes.) -- C:\Program Files (x86)\iTunes\iTunes.exe
O4 - GS\Program [CC]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [CC]: EditPad Lite.lnk . (.Just Great Software - EditPad Lite.) -- C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe
O4 - GS\Desktop [CC]: DSAssistant.lnk . (...) -- C:\Program Files (x86)\Synology\Assistant\DSAssistant.exe
O4 - GS\Desktop [CC]: Handbrake.lnk . (.HandBrake - HandBrake.) -- C:\Program Files (x86)\Handbrake\Handbrake.exe
O4 - GS\Desktop [CC]: Options d'alimentation - Raccourci.lnk - Clé orpheline
O4 - GS\Desktop [CC]: TubeMaster++.lnk . (.GgSofts - Multimedia Capture Tool.) -- C:\Program Files (x86)\TubeMaster++\tm++.exe
~ Global Startup: 62 Legitimates Filtered in 00mn 03s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [CC]: Password Safe.lnk . (.SourceForge.net - Password Safe Application.) -- C:\Program Files (x86)\Password Safe\pwsafe.exe
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe (.not file.)
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Wallpaper] . (.Pas de propriétaire - Logiciel Wallpaper.) -- C:\Program Files (x86)\Wallpaper\Wallpaper.exe
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CAHeadless] . (.Adobe Systems Incorporated - ElementsAutoAnalyzer.) -- C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
O4 - HKLM\..\Wow6432Node\Run: [SoundMAX] . (.Analog Devices, Inc. - SoundMAX Audio Settings (32-bit).) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
O4 - HKLM\..\Wow6432Node\Run: [Buttons & OSDs control application gen2] . (.Pas de propriétaire - OSD MFC Application.) -- C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe
O4 - HKLM\..\Wow6432Node\Run: [HP KEYBOARD] . (.Hewlett-Packard - Keyboard & Mouse Battery volume Detection.) -- C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.exe
O4 - HKLM\..\Wow6432Node\Run: [ContentTransferWMDetector.exe] . (.Sony Corporation - Content Transfer Walkman Detector.) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Wow6432Node\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-4154590487-1511992936-3810515737-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-4154590487-1511992936-3810515737-1000\..\Run: [Wallpaper] . (.Pas de propriétaire - Logiciel Wallpaper.) -- C:\Program Files (x86)\Wallpaper\Wallpaper.exe
O4 - HKUS\S-1-5-21-4154590487-1511992936-3810515737-1000\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKUS\S-1-5-21-4154590487-1511992936-3810515737-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-4154590487-1511992936-3810515737-1000\..\Run: [CAHeadless] . (.Adobe Systems Incorporated - ElementsAutoAnalyzer.) -- C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
O4 - HKUS\S-1-5-21-4154590487-1511992936-3810515737-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- c:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} ((no name)) - http://quickscan.bitdefender.com/qsax/qsax64.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9896E12-19C9-4A4F-B935-1EFA50D2DE63}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{C9896E12-19C9-4A4F-B935-1EFA50D2DE63}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{C9896E12-19C9-4A4F-B935-1EFA50D2DE63}: NameServer = 8.8.8.8,8.8.4.4
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Video-Saver (video-saver) . (...) - C:\Program Files (x86)\Video-Saver\video-saver152.exe
~ Services: 15 Legitimates Filtered in 00mn 20s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
O34 - HKLM BootExecute: (BootDefrag.exe) - File not found
~ BEX: 3 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{0A24DC49-107A-4F6E-B86C-AAAFFD9149A1}] (...) -- C:\Users\CC\Videos\Tri\OmniPage v17 Professional Cracked\AutoRun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E03EE736-92CD-4878-9035-C636FC83D62F}] (...) -- C:\Users\CC\Downloads\WallpaperSetup.exe (.not file.) [0]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 05s
---\\ Logiciels installés (O42)
O42 - Logiciel: Buttons & OSDs control application gen2 - (...) [HKLM][64Bits] -- {5A627DFB-EA4C-4FFA-B711-69E849FB40D8}
O42 - Logiciel: DinnerWiz 2.11 - (.RL Vision.) [HKLM][64Bits] -- DinnerWiz_is1
~ Logic: 22 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Jim Willsher]
[HKCU\Software\Live Downloader]
[HKCU\Software\TroegerSoft]
[HKCU\Software\WaveNotify]
[HKCU\Software\gourmet]
~ Key Software: 407 Legitimates Filtered in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/02/2012 - 11:45:53 - [1,315] ----D C:\Program Files (x86)\DinnerWiz
O43 - CFD: 02/02/2014 - 11:07:53 - [0,068] ----D C:\Program Files (x86)\EasyPhotoUploader
O43 - CFD: 06/02/2010 - 19:25:06 - [6,772] ----D C:\Program Files (x86)\PocketDixXEncoder
O43 - CFD: 14/03/2010 - 14:17:14 - [0,007] ----D C:\Program Files (x86)\RapidList
O43 - CFD: 26/02/2012 - 11:47:56 - [0,005] ----D C:\ProgramData\RL Vision
O43 - CFD: 12/03/2009 - 22:56:31 - [0,004] ----D C:\ProgramData\{CD649BED-8A0E-48BE-B3B6-0F5055BED534}
O43 - CFD: 22/12/2010 - 02:19:37 - [0,007] ----D C:\Users\CC\AppData\Roaming\fdrtools.com
O43 - CFD: 06/12/2008 - 00:49:57 - [2,753] ----D C:\Users\CC\AppData\Roaming\gourmet
O43 - CFD: 16/02/2010 - 00:05:47 - [0] ----D C:\Users\CC\AppData\Roaming\Live Downloader
O43 - CFD: 14/03/2010 - 22:28:29 - [0] ----D C:\Users\CC\AppData\Roaming\SynoSurveillance
O43 - CFD: 31/01/2014 - 07:03:40 - [1,224] ----D C:\Users\CC\AppData\Local\genienext
O43 - CFD: 15/02/2010 - 21:38:05 - [5,341] ----D C:\Users\CC\AppData\Local\WaveNotify
O43 - CFD: 30/01/2010 - 15:28:36 - [0,006] ----D C:\Users\CC\AppData\Local\Z-Systems
O43 - CFD: 17/08/2013 - 20:47:25 - [0,056] ----D C:\Users\CC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bureautique
O43 - CFD: 17/08/2013 - 20:47:38 - [0,004] ----D C:\Users\CC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Réseau
O43 - CFD: 02/02/2014 - 20:48:51 - [0,003] ----D C:\Users\CC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sécurité
~ Program Folder: 288 Legitimates Filtered in 03mn 23s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/02/2014 - 10:08:42 ---A- . (...) -- C:\Windows\System32\Drivers\lvuvc.hs [0]
O44 - LFC:[MD5.0A34066D56D57C0DA73BFFC1E4169FF2] - 02/02/2014 - 11:12:49 ---A- . (...) -- C:\Windows\wininit.ini [85]
~ Files: 12 Legitimates Filtered in 00mn 04s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro36.sys . (.Pas de propriétaire - Hitman Pro 3.5 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro36.sys
~ CSB: 14 Legitimates Filtered in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{16557550-fa24-11e2-aecb-00221533a59b}\AutoRun\command. (...) -- H:\WD SmartWare.exe (.not file.)
O51 - MPSK:{b13d5d8d-8d7d-11dd-ad89-00218663e388}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 06s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.3AD4B78ECBAB5673515F0B466D126348] - 15/02/2008 - 16:20:10 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\ADIHdAud.sys [497152]
O58 - SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] - 16/08/2013 - 19:02:02 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] - 16/08/2013 - 19:02:03 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] - 16/08/2013 - 19:02:03 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175]
O58 - SDL:[MD5.BACD4306403695374373FB43D506EB1E] - 11/06/2008 - 03:15:58 ---A- . (...) -- C:\Windows\System32\Drivers\AVerAF15DMBTH64.sys [321920]
O58 - SDL:[MD5.40014A6251A68D1EC48001B1653CCEE0] - 21/01/2008 - 03:47:30 ---A- . (...) -- C:\Windows\System32\Drivers\bdasup.sys [15616]
O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 18/09/2006 - 22:30:18 ---A- . (...) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [14976]
O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 19/09/2006 - 12:42:33 ---A- . (...) -- C:\Windows\System32\Drivers\BrUsbSer.sys [14720]
O58 - SDL:[MD5.856A52DDFD1EDED8DA13649579831C48] - 18/02/2011 - 07:20:32 ---A- . (.Windows (R) Win 7 DDK provider - Synology Virtual USB Hub.) -- C:\Windows\System32\Drivers\busenum.sys [56160]
O58 - SDL:[MD5.264CEE7B031A9D6C827F3D0CB031F2FE] - 21/01/2008 - 03:46:56 ---A- . (...) -- C:\Windows\System32\Drivers\E1G6032E.sys [146176]
O58 - SDL:[MD5.C4636D6E10469404AB5308D9FD45ED07] - 21/01/2008 - 03:46:59 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [397368]
O58 - SDL:[MD5.8E98D21EE06192492A5671A6144D092F] - 21/08/2012 - 13:01:20 ---A- . (...) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240]
O58 - SDL:[MD5.603F4C5E89B67331DDACECAA6C231CB1] - 03/07/2013 - 03:22:30 ---A- . (...) -- C:\Windows\System32\Drivers\hidparse.sys [31616]
O58 - SDL:[MD5.C6FF685E2EA55C3AC5C90B9E7D6930C0] - 21/02/2012 - 20:24:22 ---A- . (.Pas de propriétaire - Hitman Pro 3.5 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro36.sys [25160]
O58 - SDL:[MD5.63C766CDC609FF8206CB447A65ABBA4A] - 02/11/2006 - 13:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [37480]
O58 - SDL:[MD5.1281FE73B17664631D12F643CBEA3F59] - 02/11/2006 - 13:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [37480]
O58 - SDL:[MD5.1D419CF43DB29396ECD7113D129D94EB] - 21/01/2008 - 03:49:00 ---A- . (...) -- C:\Windows\System32\Drivers\ksthunk.sys [20864]
O58 - SDL:[MD5.B2085E335F2B57077B0CBADB6F1245CD] - 07/10/2009 - 09:45:36 ---A- . (...) -- C:\Windows\System32\Drivers\lvpopf64.sys [271640]
O58 - SDL:[MD5.0EA73E498F53B96D83DBFCA074AD4CF8] - 21/01/2008 - 03:49:52 ---A- . (...) -- C:\Windows\System32\Drivers\mskssrv.sys [11008]
O58 - SDL:[MD5.52E59B7E992A58E740AA63F57EDBAE8B] - 02/11/2006 - 10:37:30 ---A- . (...) -- C:\Windows\System32\Drivers\mspclock.sys [7040]
O58 - SDL:[MD5.49084A75BAE043AE02D5B44D02991BB2] - 02/11/2006 - 10:37:30 ---A- . (...) -- C:\Windows\System32\Drivers\mspqm.sys [6656]
O58 - SDL:[MD5.86D632D75D05D5B7C7C043FA3564AE86] - 21/01/2008 - 03:49:52 ---A- . (...) -- C:\Windows\System32\Drivers\mstee.sys [7936]
O58 - SDL:[MD5.093DCD56DA1B3801AA9689F0628BAB7D] - 24/06/2008 - 12:32:00 ---A- . (...) -- C:\Windows\System32\Drivers\nvlddmkm.sys [9573792]
O58 - SDL:[MD5.B5B1CE65AC15BBD11C0619E3EF7CFC28] - 11/04/2009 - 06:39:49 ---A- . (...) -- C:\Windows\System32\Drivers\ohci1394.sys [72448]
O58 - SDL:[MD5.B0C2CEA708685E8AD10F028211A2D973] - 05/05/2008 - 14:05:02 ---A- . (.Pas de propriétaire - Buttons and OSDs ACPI driver gen2.) -- C:\Windows\System32\Drivers\OSDACPI.SYS [15928]
O58 - SDL:[MD5.105373D52E71D2D1355AD3ACD18259C3] - 31/07/2012 - 11:42:48 ---A- . (...) -- C:\Windows\System32\Drivers\ssudbus.sys [102240]
O58 - SDL:[MD5.74425FFA11C133D045E1C3BE2EAD481D] - 31/07/2012 - 11:42:48 ---A- . (...) -- C:\Windows\System32\Drivers\ssudmdm.sys [203104]
O58 - SDL:[MD5.EB69069B969F4252A3BDE2BB3621811E] - 11/04/2009 - 06:39:31 ---A- . (...) -- C:\Windows\System32\Drivers\stream.sys [68224]
O58 - SDL:[MD5.697F0446134CDC8F99E69306184FBBB4] - 21/01/2008 - 03:46:56 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [284728]
O58 - SDL:[MD5.31707F09846056651EA2C37858F5DDB0] - 02/11/2006 - 12:50:54 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [148072]
O58 - SDL:[MD5.85E5E43ED5B48C8376281BAB519271B7] - 21/01/2008 - 03:46:52 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series x64 Windows Driver.) -- C:\Windows\System32\Drivers\ulsata2.sys [174696]
O58 - SDL:[MD5.43228F8EDD1B0BCDD3145AD246E63D39] - 28/09/2012 - 10:32:56 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [53760]
O58 - SDL:[MD5.D46BDF1C810138E2D3B985FA3A7AB05E] - 11/04/2009 - 06:39:40 ---A- . (...) -- C:\Windows\System32\Drivers\USBCAMD2.sys [32640]
O58 - SDL:[MD5.7BCE39EE2B61BC3A17E80BC0583F6797] - 29/06/2013 - 03:25:14 ---A- . (...) -- C:\Windows\System32\Drivers\usbd.sys [7552]
O58 - SDL:[MD5.BF7A051DCCBA57C95541135B29CE0FB4] - 12/07/2013 - 10:19:36 ---A- . (...) -- C:\Windows\System32\Drivers\usbvideo.sys [168960]
O58 - SDL:[MD5.FEF8FE5923FEAD2CEE4DFABFCE3393A7] - 02/11/2006 - 10:40:24 ---A- . (...) -- C:\Windows\System32\Drivers\wacompen.sys [26624]
O58 - SDL:[MD5.6216FD7FD227DE454238A702B218CEC7] - 23/12/2011 - 20:58:18 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys [20032]
~ Drivers: 18 Legitimates Filtered in 00mn 09s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.B295634FCF82048F3006F0E28354BCB8] [SPRF][20/01/2014] (...) -- C:\ProgramData\nvModes.dat [41855]
[MD5.E311CCF87DFF9C3D3A36F9B9FE31F4BD] [SPRF][26/10/2008] (...) -- C:\Users\CC\AppData\Local\cqdlhuc.bat [89]
[MD5.D8C56575C65AAC4A134FFA3C559FA900] [SPRF][12/09/2012] (...) -- C:\Users\CC\AppData\Local\d3d9caps.dat [680]
[MD5.D385C5D7A310925BA79F1966AB4321C0] [SPRF][09/04/2011] (...) -- C:\Users\CC\AppData\Local\d3d9caps64.dat [732]
[MD5.8B87FD758CF6C3078705B2A2FB5225C0] [SPRF][10/01/2009] (...) -- C:\Users\CC\AppData\Local\fusioncache.dat [90]
[MD5.12BCBE9765FF1A160F6C1C77AC14373C] [SPRF][01/02/2014] (...) -- C:\Users\CC\AppData\Local\Temp\~gu3-ver.dat [106]
[MD5.E538C7ED34BA783A7BAB272BE62DB1DA] [SPRF][01/02/2014] (...) -- C:\Users\CC\AppData\Local\Temp\~upgrade.dat [1094]
[MD5.E91DF7B9F568D4344819B58BB554E74C] [SPRF][08/03/2011] (...) -- C:\Windows\Downloaded Program Files\JuniperExt.exe [398704]
[MD5.167BA403FE81B5BEDCB7E8C7233B680A] [SPRF][08/03/2011] (...) -- C:\Windows\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe [42896]
~ Files: 12 Legitimates Filtered in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "7B7A08D910CDD584EA3917D055B9C565" . (.Elements 12 Organizer.) -- C:\Windows\Installer\{9D80A7B7-DC01-485D-AE93-710D559B5C56}\ARPPRODUCTICON.exe
~ Update Products: 106 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.08D4F3026EBF9139208ED7D28C32BC11] [WIS][05/01/2009] (.Synology Inc. - Synology Download Redirector.) -- C:\Windows\Installer\12ac99e.msi [133120]
[MD5.FA0DE1890E5FE5C32DFB6CAE6E1A7B28] [WIS][17/06/2009] (.Synology Inc. - Synology Data Replicator II.) -- C:\Windows\Installer\c04b58.msi [220672]
~ WIS: 112 Legitimates Filtered in 00mn 15s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 22/02/2012 3045688 | (a2AntiMalware) . (.Emsi Software GmbH.) - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
SS - | Demand 10/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 10/07/1658 0 | (aspnet_state) . (...) - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
SS - | Demand 01/11/2009 867080 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 01/11/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/11/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 10/07/1658 0 | (HP Health Check Service) . (...) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SS - | Disabled 03/05/2008 101376 | (HP Touch Screen Enhance) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.exe
SS - | Demand 12/12/2012 641504 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 10/07/1658 0 | (rpcapd) . (...) - C:\Program Files (x86)\WinPcap\rpcapd.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 06/08/2007 404480 | (SynoDrService) . (...) - C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 17/09/2012 171600 | (AdobeActiveFileMonitor11.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
SR - | Auto 25/09/2013 181152 | (AdobeActiveFileMonitor12.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 19/10/2007 89600 | (AEADIFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AEADISRV.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 13/06/2004 57344 | (Brother XP spl Service) . (.brother Industries Ltd.) - C:\Windows\SysWOW64\brsvc01a.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 24/06/2008 51200 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 24/08/2011 430136 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
SR - | Auto 18/02/2011 245760 | (UsbClientService) . (...) - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
SR - | Auto 01/02/2014 165888 | (video-saver) . (...) - C:\Program Files (x86)\Video-Saver\video-saver152.exe
SR - | Auto 21/01/2008 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 19s
---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419}] =>Adware.Bandoo^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow ^
C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 362077 Items scanned in 00mn 59s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/34077727-pua-startshow =>PUA.StartShow
~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ MSI: 3 link(s) detected in 00mn 59s
~ 1377 Legitimates filtered by white list
End of the scan (532 lines in 06mn 59s)(0)
~ Lancé par CC (02/02/2014 21:06:10)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v32.0.1700.102 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Premium, 64-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
CCleaner =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
eMule
µTorrent v2.2.1 =>P2P.µTorrent
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (15% free)
System Restore: Activé (Enable)
System drive C: has 38 GB (8%) free of 454 GB
---\\ Mode de connexion au système
~ Computer Name: PCCC
~ User Name: CC
~ All Users Names: Julie, CCadmin, CC, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\CC\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\CC\AppData\Roaming\
~ %Desktop% : C:\Users\CC\Desktop\
~ %Favorites% : C:\Users\CC\Favorites\
~ %LocalAppData% : C:\Users\CC\AppData\Local\
~ %StartMenu% : C:\Users\CC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 38 Go of 454 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 12 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowPrinters: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowNetConn: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 08:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.117EA87DF785CA1B9D821F6F213DCE07] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:50:23.) -- C:\Windows\System32\Wininit.exe [123904]
[MD5.60CA010B705660542FB33B43C3653BA0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.15/11/2013 - 02:29:03.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.6D0773A3A65D28B663F334C90441D01A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 08:11:08.) -- C:\Windows\System32\Winlogon.exe [405504]
[MD5.2BA159E1F9FD75F6A496742B20F1D9CF] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 03:31:51.) -- C:\Windows\system32\Drivers\AFD.sys [404992]
[MD5.E68D9B3A3905619732F7FE039466A623] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 08:15:00.) -- C:\Windows\system32\Drivers\atapi.sys [20952]
[MD5.B4D787DB8D30793A4D4DF9FEED18F136] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:50:39.) -- C:\Windows\system32\Drivers\Cdfs.sys [90624]
[MD5.C025AA69BE3D0D25C7A2E746EF6F94FC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 06:34:39.) -- C:\Windows\system32\Drivers\Cdrom.sys [79872]
[MD5.8B722BA35205C71E7951CDC4CDBADE19] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 16:14:19.) -- C:\Windows\system32\Drivers\DfsC.sys [97792]
[MD5.F942C5820205F2FB453243EDFEC82A3D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 06:39:41.) -- C:\Windows\system32\Drivers\HDAudBus.sys [948736]
[MD5.CBB597659A2713CE0C9CC20C88C7591F] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:47:27.) -- C:\Windows\system32\Drivers\i8042prt.sys [64000]
[MD5.B7E6212F581EA5F6AB0C3A6CEEEB89BE] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:48:45.) -- C:\Windows\system32\Drivers\IpNat.sys [115712]
[MD5.1485811B320FF8C7EDAD1CAEBB1C6C2B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:39:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [135680]
[MD5.FC2C792EBDDC8E28DF939D6A92C83D61] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 06:42:33.) -- C:\Windows\system32\Drivers\netBT.sys [248320]
[MD5.2ACCAA3C3C55370A32F17B3595E1A217] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:13:14.) -- C:\Windows\system32\Drivers\ntfs.sys [1513320]
[MD5.AECD57F94C887F58919F307C35498EA0] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 10:37:57.) -- C:\Windows\system32\Drivers\Parport.sys [96768]
[MD5.AC7BC4D42A7E558718DFDEC599BBFC2C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/04/2009 - 06:43:38.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.C045D1FB111C28DF0D1BE8D4BDA22C06] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:46:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [314368]
[MD5.290B6F6A0EC4FCDFC90F5CB6D7020473] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 06:42:19.) -- C:\Windows\system32\Drivers\smb.sys [88064]
[MD5.458919C8C42E398DC4802178D5FFEE27] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 06:43:00.) -- C:\Windows\system32\Drivers\tdx.sys [94720]
[MD5.582F710097B46140F5A89A19A6573D4B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:50:57.) -- C:\Windows\system32\Drivers\volsnap.sys [267648]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/1771
~ Mes musiques (My Musics) : 0/6
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 4/937
~ Mon Bureau (My Desktop) : 0/10
~ Menu demarrer (Programs) : 1/60
~ Hidden Files: Scanned in 00mn 17s
---\\ Processus lancés
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [955392] [PID.3624]
[MD5.DF105989C770C6AB43970A2CC0B9561A] - (.Pas de propriétaire - Logiciel Wallpaper.) -- C:\Program Files (x86)\Wallpaper\Wallpaper.exe [233472] [PID.3632]
[MD5.1D35A47798F2A17A3C4010DEC372839D] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904] [PID.3644]
[MD5.6EEF6C498498CF1E98422A902E0F70A1] - (.SourceForge.net - Password Safe Application.) -- C:\Program Files (x86)\Password Safe\pwsafe.exe [3825152] [PID.3680]
[MD5.26DBC63479E11D54D0C0D2A38D543E69] - (.Pas de propriétaire - OSD MFC Application.) -- C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe [2199552] [PID.3744]
[MD5.6EA567154345511AFAABA045E1B92202] - (.Hewlett-Packard - Keyboard & Mouse Battery volume Detection.) -- C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.exe [463360] [PID.3752]
[MD5.12FD7C1EADDDA10A67B1D6F905B3CC1E] - (.Sony Corporation - Content Transfer Walkman Detector.) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016] [PID.3760]
[MD5.42CD386F16D943E1F89A3D7891F8AD24] - (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816] [PID.3768]
[MD5.9B593137FBCC7C1E5D0E4A422749D9A5] - (.Google Inc. - Google Chrome.) -- C:\Users\CC\AppData\Local\Google\Chrome\Application\chrome.exe [866584] [PID.3356]
[MD5.5138013F145ED88A5AB60F67E852EC1F] - (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe [399736] [PID.3732] =>P2P.BitTorrent
[MD5.4614A8098872CB9E14FE32C89EDE9BB9] - (.Google - Hangouts Plugin.) -- C:\Users\CC\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe [64008] [PID.15284]
[MD5.8911702CC546B76FE8F9C61987C68C43] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222720] [PID.18124]
[MD5.D319D6875772B5ED94B6D101B8377496] - (...) -- C:\Windows\SysWOW64\OSDFORM.exe [102400] [PID.29000]
[MD5.870F2231CF74C05FCFA87964A97F83B1] - (.Adobe Systems, Incorporated - Photoshop Elements 12 Editor.) -- C:\Program Files (x86)\Adobe\Photoshop Elements 12\PhotoshopElementsEditor.exe [39413152] [PID.40920]
[MD5.36FDB8C775B1F7D2069B8C8D0CD09084] - (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [1465920] [PID.70024]
[MD5.2D821AFA5A1A9CA7F9F997A1AAD09E72] - (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe [168960] [PID.70152]
[MD5.05F2F2533E9F59B71CCA67AFF33EADA0] - (.Just Great Software - EditPad Lite.) -- C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe [2544896] [PID.69864]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.41580]
[MD5.C711ED965009BDCFF9AA62CEB6FF1AAD] - (.brother Industries Ltd - brsvc01a.) -- C:\Windows\SysWOW64\brsvc01a.exe [57344] [PID.1284]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1624]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1688]
[MD5.F01964D14C12496F5297B8C2E16CEFA1] - (.brother Industries Ltd - brss01a.exe.) -- C:\Windows\SysWOW64\brss01a.exe [45056] [PID.1948]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1976]
[MD5.AE6C778717DE2F6B0C0B5335036D3363] - (.Sony Corporation - Device Information Provider.) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [430136] [PID.1192]
[MD5.6AF12011C88C80920D0543616E107CFF] - (...) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760] [PID.2420]
[MD5.E9F2657D05ED097EAEAA329C9B0C93B7] - (...) -- C:\Program Files (x86)\Video-Saver\video-saver152.exe [165888] [PID.2468]
[MD5.BF3818B441955E4D438EC72F06F1FE61] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 11.0 (component).) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600] [PID.324]
[MD5.430C19CB511FD6E0DDCD44B42B1810DA] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 12.0 (component).) -- C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152] [PID.324]
[MD5.9B593137FBCC7C1E5D0E4A422749D9A5] - (.Google Inc. - Google Chrome.) -- C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe [866584] [PID.3356]
[MD5.465680BDE344CE4FF6646626AA3A9125] - (.Google Inc. - Google Crash Handler.) -- C:\Users\Julie\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe [223112] [PID.17312]
~ Processes Running: Scanned in 00mn 05s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\CC\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [haocganpkafanhkfldbbmhcpaelmkejg] Hedgehog in the fog v.3 (Activé)
G2 - GCE: Preference [User Data\Default] [jgoepmocgafhnchmokaimcmlojpnlkhp] Bouton +1 de Google v.1.2.0.329 (Activé)
G2 - GCE: Preference [User Data\Default] [mcceagdollnkjlogmdckgjakjapmkdjf] Download Master v.4.0.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ponjkmladgjfjgllmhnkhgbgocdigcjm] App Launcher Customizer for Google v.1.1.5, (Activé)
~ Google Browser: 29 Legitimates Filtered in 00mn 42s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\bcyxpor4.default\prefs.js
M3 - MFPP: Plugins - [CC] -- C:\Users\CC\AppData\Roaming\Mozilla\Firefox\Profiles\bcyxpor4.default\searchplugins\wikipedia-eng.xml
M3 - MFPP: Plugins - [CC] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\acpro.xml
P2 - FPN:Firefox Plugin Navigator . (.BitTorrent, Inc. - BitTorrent Plugin 1.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npbittorrent.dll =>P2P.BitTorrent
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.1] - (.Pas de propriétaire - Provides additional functionality on Facebook. See ~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Content Transfer.lnk . (.Sony Corporation - Content Transfer.) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransfer.exe
O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe
O4 - GS\Desktop [Public]: Kipicam.lnk . (.William SANCHEZ - Kipicam.) -- C:\Program Files (x86)\Kipicam\Kipicam.exe
O4 - GS\Desktop [Public]: Menus.lnk . (.RL Vision - Pas de description.) -- C:\Program Files (x86)\DinnerWiz\DinnerWiz.exe
O4 - GS\Desktop [Public]: NWZ-W250 WALKMAN Guide.lnk . (.Sony Corporation - WALKMAN Guide.) -- C:\Program Files (x86)\Sony\WALKMAN Guide\NWZ-W250\WALKMANGuide.exe
O4 - GS\Program [Public]: SyncToy 2.1(x64).lnk . (...) -- C:\Windows\Installer\{88DAAF05-5A72-46D2-A7C5-C3759697E943}\_6FEFF9B68218417F98F549.exe
O4 - GS\Program [Public]: Windows Journal.lnk . (...) -- C:\Program Files (x86)\Windows Journal\Journal.exe (.not file.)
O4 - GS\QuickLaunch [Julie]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\CC\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Julie]: iTunes - Raccourci.lnk . (.Apple Inc. - iTunes.) -- C:\Program Files (x86)\iTunes\iTunes.exe
O4 - GS\QuickLaunch [Julie]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Julie]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Julie]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Julie]: Music - Raccourci.lnk . (...) -- C:\Users\CC\Music
O4 - GS\Desktop [Julie]: Photos - Stock.lnk . (...) -- C:\Users\CC\Google Drive\Photos
O4 - GS\Desktop [Julie]: Photos En cours classement.lnk . (...) -- C:\Users\CC\Pictures\Import
O4 - GS\QuickLaunch [CCadmin]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [CCadmin]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [CCadmin]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [CCadmin]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [CCadmin]: Handbrake.lnk . (.HandBrake - HandBrake.) -- C:\Program Files (x86)\Handbrake\Handbrake.exe
O4 - GS\QuickLaunch [CC]: Deskpins.lnk . (.Elias Fotinis - DeskPins application.) -- C:\Program Files (x86)\DeskPins\DeskPins.exe
O4 - GS\QuickLaunch [CC]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\CC\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [CC]: iTunes.exe - Raccourci.lnk . (.Apple Inc. - iTunes.) -- C:\Program Files (x86)\iTunes\iTunes.exe
O4 - GS\Program [CC]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [CC]: EditPad Lite.lnk . (.Just Great Software - EditPad Lite.) -- C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe
O4 - GS\Desktop [CC]: DSAssistant.lnk . (...) -- C:\Program Files (x86)\Synology\Assistant\DSAssistant.exe
O4 - GS\Desktop [CC]: Handbrake.lnk . (.HandBrake - HandBrake.) -- C:\Program Files (x86)\Handbrake\Handbrake.exe
O4 - GS\Desktop [CC]: Options d'alimentation - Raccourci.lnk - Clé orpheline
O4 - GS\Desktop [CC]: TubeMaster++.lnk . (.GgSofts - Multimedia Capture Tool.) -- C:\Program Files (x86)\TubeMaster++\tm++.exe
~ Global Startup: 62 Legitimates Filtered in 00mn 03s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [CC]: Password Safe.lnk . (.SourceForge.net - Password Safe Application.) -- C:\Program Files (x86)\Password Safe\pwsafe.exe
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe (.not file.)
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Wallpaper] . (.Pas de propriétaire - Logiciel Wallpaper.) -- C:\Program Files (x86)\Wallpaper\Wallpaper.exe
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CAHeadless] . (.Adobe Systems Incorporated - ElementsAutoAnalyzer.) -- C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
O4 - HKLM\..\Wow6432Node\Run: [SoundMAX] . (.Analog Devices, Inc. - SoundMAX Audio Settings (32-bit).) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
O4 - HKLM\..\Wow6432Node\Run: [Buttons & OSDs control application gen2] . (.Pas de propriétaire - OSD MFC Application.) -- C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe
O4 - HKLM\..\Wow6432Node\Run: [HP KEYBOARD] . (.Hewlett-Packard - Keyboard & Mouse Battery volume Detection.) -- C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.exe
O4 - HKLM\..\Wow6432Node\Run: [ContentTransferWMDetector.exe] . (.Sony Corporation - Content Transfer Walkman Detector.) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Wow6432Node\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-4154590487-1511992936-3810515737-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-4154590487-1511992936-3810515737-1000\..\Run: [Wallpaper] . (.Pas de propriétaire - Logiciel Wallpaper.) -- C:\Program Files (x86)\Wallpaper\Wallpaper.exe
O4 - HKUS\S-1-5-21-4154590487-1511992936-3810515737-1000\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKUS\S-1-5-21-4154590487-1511992936-3810515737-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-4154590487-1511992936-3810515737-1000\..\Run: [CAHeadless] . (.Adobe Systems Incorporated - ElementsAutoAnalyzer.) -- C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
O4 - HKUS\S-1-5-21-4154590487-1511992936-3810515737-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- c:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} ((no name)) - http://quickscan.bitdefender.com/qsax/qsax64.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9896E12-19C9-4A4F-B935-1EFA50D2DE63}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{C9896E12-19C9-4A4F-B935-1EFA50D2DE63}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{C9896E12-19C9-4A4F-B935-1EFA50D2DE63}: NameServer = 8.8.8.8,8.8.4.4
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Video-Saver (video-saver) . (...) - C:\Program Files (x86)\Video-Saver\video-saver152.exe
~ Services: 15 Legitimates Filtered in 00mn 20s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
O34 - HKLM BootExecute: (BootDefrag.exe) - File not found
~ BEX: 3 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{0A24DC49-107A-4F6E-B86C-AAAFFD9149A1}] (...) -- C:\Users\CC\Videos\Tri\OmniPage v17 Professional Cracked\AutoRun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E03EE736-92CD-4878-9035-C636FC83D62F}] (...) -- C:\Users\CC\Downloads\WallpaperSetup.exe (.not file.) [0]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 05s
---\\ Logiciels installés (O42)
O42 - Logiciel: Buttons & OSDs control application gen2 - (...) [HKLM][64Bits] -- {5A627DFB-EA4C-4FFA-B711-69E849FB40D8}
O42 - Logiciel: DinnerWiz 2.11 - (.RL Vision.) [HKLM][64Bits] -- DinnerWiz_is1
~ Logic: 22 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Jim Willsher]
[HKCU\Software\Live Downloader]
[HKCU\Software\TroegerSoft]
[HKCU\Software\WaveNotify]
[HKCU\Software\gourmet]
~ Key Software: 407 Legitimates Filtered in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/02/2012 - 11:45:53 - [1,315] ----D C:\Program Files (x86)\DinnerWiz
O43 - CFD: 02/02/2014 - 11:07:53 - [0,068] ----D C:\Program Files (x86)\EasyPhotoUploader
O43 - CFD: 06/02/2010 - 19:25:06 - [6,772] ----D C:\Program Files (x86)\PocketDixXEncoder
O43 - CFD: 14/03/2010 - 14:17:14 - [0,007] ----D C:\Program Files (x86)\RapidList
O43 - CFD: 26/02/2012 - 11:47:56 - [0,005] ----D C:\ProgramData\RL Vision
O43 - CFD: 12/03/2009 - 22:56:31 - [0,004] ----D C:\ProgramData\{CD649BED-8A0E-48BE-B3B6-0F5055BED534}
O43 - CFD: 22/12/2010 - 02:19:37 - [0,007] ----D C:\Users\CC\AppData\Roaming\fdrtools.com
O43 - CFD: 06/12/2008 - 00:49:57 - [2,753] ----D C:\Users\CC\AppData\Roaming\gourmet
O43 - CFD: 16/02/2010 - 00:05:47 - [0] ----D C:\Users\CC\AppData\Roaming\Live Downloader
O43 - CFD: 14/03/2010 - 22:28:29 - [0] ----D C:\Users\CC\AppData\Roaming\SynoSurveillance
O43 - CFD: 31/01/2014 - 07:03:40 - [1,224] ----D C:\Users\CC\AppData\Local\genienext
O43 - CFD: 15/02/2010 - 21:38:05 - [5,341] ----D C:\Users\CC\AppData\Local\WaveNotify
O43 - CFD: 30/01/2010 - 15:28:36 - [0,006] ----D C:\Users\CC\AppData\Local\Z-Systems
O43 - CFD: 17/08/2013 - 20:47:25 - [0,056] ----D C:\Users\CC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bureautique
O43 - CFD: 17/08/2013 - 20:47:38 - [0,004] ----D C:\Users\CC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Réseau
O43 - CFD: 02/02/2014 - 20:48:51 - [0,003] ----D C:\Users\CC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sécurité
~ Program Folder: 288 Legitimates Filtered in 03mn 23s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/02/2014 - 10:08:42 ---A- . (...) -- C:\Windows\System32\Drivers\lvuvc.hs [0]
O44 - LFC:[MD5.0A34066D56D57C0DA73BFFC1E4169FF2] - 02/02/2014 - 11:12:49 ---A- . (...) -- C:\Windows\wininit.ini [85]
~ Files: 12 Legitimates Filtered in 00mn 04s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro36.sys . (.Pas de propriétaire - Hitman Pro 3.5 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro36.sys
~ CSB: 14 Legitimates Filtered in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{16557550-fa24-11e2-aecb-00221533a59b}\AutoRun\command. (...) -- H:\WD SmartWare.exe (.not file.)
O51 - MPSK:{b13d5d8d-8d7d-11dd-ad89-00218663e388}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 06s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.3AD4B78ECBAB5673515F0B466D126348] - 15/02/2008 - 16:20:10 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\ADIHdAud.sys [497152]
O58 - SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] - 16/08/2013 - 19:02:02 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] - 16/08/2013 - 19:02:03 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] - 16/08/2013 - 19:02:03 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175]
O58 - SDL:[MD5.BACD4306403695374373FB43D506EB1E] - 11/06/2008 - 03:15:58 ---A- . (...) -- C:\Windows\System32\Drivers\AVerAF15DMBTH64.sys [321920]
O58 - SDL:[MD5.40014A6251A68D1EC48001B1653CCEE0] - 21/01/2008 - 03:47:30 ---A- . (...) -- C:\Windows\System32\Drivers\bdasup.sys [15616]
O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 18/09/2006 - 22:30:18 ---A- . (...) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [14976]
O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 19/09/2006 - 12:42:33 ---A- . (...) -- C:\Windows\System32\Drivers\BrUsbSer.sys [14720]
O58 - SDL:[MD5.856A52DDFD1EDED8DA13649579831C48] - 18/02/2011 - 07:20:32 ---A- . (.Windows (R) Win 7 DDK provider - Synology Virtual USB Hub.) -- C:\Windows\System32\Drivers\busenum.sys [56160]
O58 - SDL:[MD5.264CEE7B031A9D6C827F3D0CB031F2FE] - 21/01/2008 - 03:46:56 ---A- . (...) -- C:\Windows\System32\Drivers\E1G6032E.sys [146176]
O58 - SDL:[MD5.C4636D6E10469404AB5308D9FD45ED07] - 21/01/2008 - 03:46:59 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [397368]
O58 - SDL:[MD5.8E98D21EE06192492A5671A6144D092F] - 21/08/2012 - 13:01:20 ---A- . (...) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240]
O58 - SDL:[MD5.603F4C5E89B67331DDACECAA6C231CB1] - 03/07/2013 - 03:22:30 ---A- . (...) -- C:\Windows\System32\Drivers\hidparse.sys [31616]
O58 - SDL:[MD5.C6FF685E2EA55C3AC5C90B9E7D6930C0] - 21/02/2012 - 20:24:22 ---A- . (.Pas de propriétaire - Hitman Pro 3.5 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro36.sys [25160]
O58 - SDL:[MD5.63C766CDC609FF8206CB447A65ABBA4A] - 02/11/2006 - 13:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [37480]
O58 - SDL:[MD5.1281FE73B17664631D12F643CBEA3F59] - 02/11/2006 - 13:02:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [37480]
O58 - SDL:[MD5.1D419CF43DB29396ECD7113D129D94EB] - 21/01/2008 - 03:49:00 ---A- . (...) -- C:\Windows\System32\Drivers\ksthunk.sys [20864]
O58 - SDL:[MD5.B2085E335F2B57077B0CBADB6F1245CD] - 07/10/2009 - 09:45:36 ---A- . (...) -- C:\Windows\System32\Drivers\lvpopf64.sys [271640]
O58 - SDL:[MD5.0EA73E498F53B96D83DBFCA074AD4CF8] - 21/01/2008 - 03:49:52 ---A- . (...) -- C:\Windows\System32\Drivers\mskssrv.sys [11008]
O58 - SDL:[MD5.52E59B7E992A58E740AA63F57EDBAE8B] - 02/11/2006 - 10:37:30 ---A- . (...) -- C:\Windows\System32\Drivers\mspclock.sys [7040]
O58 - SDL:[MD5.49084A75BAE043AE02D5B44D02991BB2] - 02/11/2006 - 10:37:30 ---A- . (...) -- C:\Windows\System32\Drivers\mspqm.sys [6656]
O58 - SDL:[MD5.86D632D75D05D5B7C7C043FA3564AE86] - 21/01/2008 - 03:49:52 ---A- . (...) -- C:\Windows\System32\Drivers\mstee.sys [7936]
O58 - SDL:[MD5.093DCD56DA1B3801AA9689F0628BAB7D] - 24/06/2008 - 12:32:00 ---A- . (...) -- C:\Windows\System32\Drivers\nvlddmkm.sys [9573792]
O58 - SDL:[MD5.B5B1CE65AC15BBD11C0619E3EF7CFC28] - 11/04/2009 - 06:39:49 ---A- . (...) -- C:\Windows\System32\Drivers\ohci1394.sys [72448]
O58 - SDL:[MD5.B0C2CEA708685E8AD10F028211A2D973] - 05/05/2008 - 14:05:02 ---A- . (.Pas de propriétaire - Buttons and OSDs ACPI driver gen2.) -- C:\Windows\System32\Drivers\OSDACPI.SYS [15928]
O58 - SDL:[MD5.105373D52E71D2D1355AD3ACD18259C3] - 31/07/2012 - 11:42:48 ---A- . (...) -- C:\Windows\System32\Drivers\ssudbus.sys [102240]
O58 - SDL:[MD5.74425FFA11C133D045E1C3BE2EAD481D] - 31/07/2012 - 11:42:48 ---A- . (...) -- C:\Windows\System32\Drivers\ssudmdm.sys [203104]
O58 - SDL:[MD5.EB69069B969F4252A3BDE2BB3621811E] - 11/04/2009 - 06:39:31 ---A- . (...) -- C:\Windows\System32\Drivers\stream.sys [68224]
O58 - SDL:[MD5.697F0446134CDC8F99E69306184FBBB4] - 21/01/2008 - 03:46:56 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [284728]
O58 - SDL:[MD5.31707F09846056651EA2C37858F5DDB0] - 02/11/2006 - 12:50:54 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [148072]
O58 - SDL:[MD5.85E5E43ED5B48C8376281BAB519271B7] - 21/01/2008 - 03:46:52 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series x64 Windows Driver.) -- C:\Windows\System32\Drivers\ulsata2.sys [174696]
O58 - SDL:[MD5.43228F8EDD1B0BCDD3145AD246E63D39] - 28/09/2012 - 10:32:56 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [53760]
O58 - SDL:[MD5.D46BDF1C810138E2D3B985FA3A7AB05E] - 11/04/2009 - 06:39:40 ---A- . (...) -- C:\Windows\System32\Drivers\USBCAMD2.sys [32640]
O58 - SDL:[MD5.7BCE39EE2B61BC3A17E80BC0583F6797] - 29/06/2013 - 03:25:14 ---A- . (...) -- C:\Windows\System32\Drivers\usbd.sys [7552]
O58 - SDL:[MD5.BF7A051DCCBA57C95541135B29CE0FB4] - 12/07/2013 - 10:19:36 ---A- . (...) -- C:\Windows\System32\Drivers\usbvideo.sys [168960]
O58 - SDL:[MD5.FEF8FE5923FEAD2CEE4DFABFCE3393A7] - 02/11/2006 - 10:40:24 ---A- . (...) -- C:\Windows\System32\Drivers\wacompen.sys [26624]
O58 - SDL:[MD5.6216FD7FD227DE454238A702B218CEC7] - 23/12/2011 - 20:58:18 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys [20032]
~ Drivers: 18 Legitimates Filtered in 00mn 09s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.B295634FCF82048F3006F0E28354BCB8] [SPRF][20/01/2014] (...) -- C:\ProgramData\nvModes.dat [41855]
[MD5.E311CCF87DFF9C3D3A36F9B9FE31F4BD] [SPRF][26/10/2008] (...) -- C:\Users\CC\AppData\Local\cqdlhuc.bat [89]
[MD5.D8C56575C65AAC4A134FFA3C559FA900] [SPRF][12/09/2012] (...) -- C:\Users\CC\AppData\Local\d3d9caps.dat [680]
[MD5.D385C5D7A310925BA79F1966AB4321C0] [SPRF][09/04/2011] (...) -- C:\Users\CC\AppData\Local\d3d9caps64.dat [732]
[MD5.8B87FD758CF6C3078705B2A2FB5225C0] [SPRF][10/01/2009] (...) -- C:\Users\CC\AppData\Local\fusioncache.dat [90]
[MD5.12BCBE9765FF1A160F6C1C77AC14373C] [SPRF][01/02/2014] (...) -- C:\Users\CC\AppData\Local\Temp\~gu3-ver.dat [106]
[MD5.E538C7ED34BA783A7BAB272BE62DB1DA] [SPRF][01/02/2014] (...) -- C:\Users\CC\AppData\Local\Temp\~upgrade.dat [1094]
[MD5.E91DF7B9F568D4344819B58BB554E74C] [SPRF][08/03/2011] (...) -- C:\Windows\Downloaded Program Files\JuniperExt.exe [398704]
[MD5.167BA403FE81B5BEDCB7E8C7233B680A] [SPRF][08/03/2011] (...) -- C:\Windows\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe [42896]
~ Files: 12 Legitimates Filtered in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "7B7A08D910CDD584EA3917D055B9C565" . (.Elements 12 Organizer.) -- C:\Windows\Installer\{9D80A7B7-DC01-485D-AE93-710D559B5C56}\ARPPRODUCTICON.exe
~ Update Products: 106 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.08D4F3026EBF9139208ED7D28C32BC11] [WIS][05/01/2009] (.Synology Inc. - Synology Download Redirector.) -- C:\Windows\Installer\12ac99e.msi [133120]
[MD5.FA0DE1890E5FE5C32DFB6CAE6E1A7B28] [WIS][17/06/2009] (.Synology Inc. - Synology Data Replicator II.) -- C:\Windows\Installer\c04b58.msi [220672]
~ WIS: 112 Legitimates Filtered in 00mn 15s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 22/02/2012 3045688 | (a2AntiMalware) . (.Emsi Software GmbH.) - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
SS - | Demand 10/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 10/07/1658 0 | (aspnet_state) . (...) - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
SS - | Demand 01/11/2009 867080 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 01/11/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/11/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 10/07/1658 0 | (HP Health Check Service) . (...) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SS - | Disabled 03/05/2008 101376 | (HP Touch Screen Enhance) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.exe
SS - | Demand 12/12/2012 641504 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 10/07/1658 0 | (rpcapd) . (...) - C:\Program Files (x86)\WinPcap\rpcapd.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 06/08/2007 404480 | (SynoDrService) . (...) - C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 17/09/2012 171600 | (AdobeActiveFileMonitor11.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
SR - | Auto 25/09/2013 181152 | (AdobeActiveFileMonitor12.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 19/10/2007 89600 | (AEADIFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AEADISRV.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 13/06/2004 57344 | (Brother XP spl Service) . (.brother Industries Ltd.) - C:\Windows\SysWOW64\brsvc01a.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 24/06/2008 51200 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 24/08/2011 430136 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
SR - | Auto 18/02/2011 245760 | (UsbClientService) . (...) - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
SR - | Auto 01/02/2014 165888 | (video-saver) . (...) - C:\Program Files (x86)\Video-Saver\video-saver152.exe
SR - | Auto 21/01/2008 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 19s
---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419}] =>Adware.Bandoo^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow ^
C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 362077 Items scanned in 00mn 59s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/34077727-pua-startshow =>PUA.StartShow
~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ MSI: 3 link(s) detected in 00mn 59s
~ 1377 Legitimates filtered by white list
End of the scan (532 lines in 06mn 59s)(0)