Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.4.17.28 - Nicolas Coolman (17/04/2014)
~ Lancé par Thib (17/04/2014 19:16:11)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17031
GCIE: Google Chrome v32.0.1700.107 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 92C43
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2016
Malwarebytes Anti-Malware version 2.0.1.1004
Windows Defender W8
---\\ Logiciels d'optimisation du système
CCleaner v4.12 =>.Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
---\\ Informations sur le système
~ Processor: AMD64 Family 22 Model 0 Stepping 1, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1475 MB (12% free)
System Restore: Activé (Enable)
System drive C: has 17 GB (27%) free of 60 GB
---\\ Mode de connexion au système
~ Computer Name: THIBAULT
~ User Name: Thib
~ All Users Names: Thib, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Thib\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Thib\AppData\Roaming\
~ %Desktop% : C:\Users\Thib\Desktop\
~ %Favorites% : C:\Users\Thib\Favorites\
~ %LocalAppData% : C:\Users\Thib\AppData\Local\
~ %StartMenu% : C:\Users\Thib\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 17 Go of 60 Go)
D: Hard drive, Flash drive, Thumb drive (Free 394 Go of 395 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Explorateur Windows.) (.04/03/2014 - 13:25:49.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2014 - 10:11:56.) -- C:\Windows\System32\wininet.dll [2262016]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/02/2014 - 10:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 10:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.06/03/2014 - 10:20:23.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.20/03/2014 - 04:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.22/08/2013 - 20:11:06.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/02/2014 - 16:44:13.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/9
~ Mon Bureau (My Desktop) : 1/38
~ Menu demarrer (Programs) : 1/20
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.9C1BDB837A2DA4FFC60CB61CEEA3E334] - (.TOSHIBA - readLM.) -- C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800] [PID.4024]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.1312]
[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632] [PID.4348]
[MD5.738CB65FF16ED1F23C585EFFDE41AE5C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8215040] [PID.4384]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Thib\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.bing.com
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 04s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Additional Information.lnk . (.TOSHIBA - Toshiba Regensburg EXternal file Launcher.) -- C:\Program Files (x86)\TOSHIBA\Addendum\TREXLauncher.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Manual.lnk . (.TOSHIBA - Toshiba Regensburg EXternal file Launcher.) -- C:\Program Files (x86)\TOSHIBA\Manuals\TREXLauncher.exe
O4 - GS\Desktop [Public]: MiniTool Partition Wizard Home Edition.lnk . (...) -- C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1\loader.exe
O4 - GS\Desktop [Public]: True Image 2013.lnk . (.Acronis - Acronis True Image.) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe
O4 - GS\Desktop [Public]: WD Security.lnk . (.Western Digital - WD Security.) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveSecurity.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\QuickLaunch [Thib]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Thib]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Thib]: Desktop Assist.lnk . (...) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Desktop Assist\TosDesktopAssist.exe (.not file.)
O4 - GS\TaskBar [Thib]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Thib]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Thib]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Thib]: Auslogics Disk Defrag Professional.lnk . (.Auslogics - Disk Defrag Professional.) -- C:\Program Files (x86)\Auslogics\Disk Defrag Professional\DiskDefragPro.exe
~ Global Startup: 54 Legitimates Filtered in 00mn 07s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TCrdMain] . (.TOSHIBA Corporation - TOSHIBA Function Key Main Module.) -- C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
O4 - HKLM\..\Run: [TecoResident] . (.TOSHIBA Corporation - Resident module of eco Utility.) -- C:\Program Files\TOSHIBA\Teco\TecoResident.exe
O4 - HKLM\..\Run: [TSSSrv] . (.TOSHIBA Corporation - TOSHIBA System Settings Service.) -- C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe
O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.)
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] . (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [AmIcoSinglun64] . (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - HKLM\..\Wow6432Node\Run: [1.TPUReg] . (.TOSHIBA - readLM.) -- C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
O4 - HKLM\..\Wow6432Node\Run: [TSVU] . (.TOSHIBA - TOSHIBA Display Setup Launcher.) -- c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [TrueImageMonitor.exe] . (.Acronis - Acronis True Image Monitor.) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [AcronisTibMounterMonitor] . (.Acronis - Acronis TIB Monitor.) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [WD Drive Unlocker] . (.Western Digital - WD Drive Auto Unlock.) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe =>.Western Digital Technologies
O4 - HKLM\..\Wow6432Node\Run: [WD Quick View] . (.Western Digital Technologies, Inc. - WD Quick View.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe =>.Western Digital Technologies
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-392877870-2953951230-1412515938-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-392877870-2953951230-1412515938-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 01s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{11AF8087-AC9C-4350-8400-5B473A87B85C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB2F77D3-A0EA-47BA-AB11-DCECAA9D86A8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{11AF8087-AC9C-4350-8400-5B473A87B85C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{CB2F77D3-A0EA-47BA-AB11-DCECAA9D86A8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: AdaptiveSleepService (AdaptiveSleepService) . (...) - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service: AtherosSvc (AtherosSvc) . (.Windows (R) Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: DTS APO Service (dts_apo_service) . (.Pas de propriétaire - dts_apo_service.) - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
~ Services: 12 Legitimates Filtered in 00mn 25s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (aswBoot.exe /M:101e756c /wow /dir:"C:\Program Files\AVAST Software\Avast") - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/03/2014 - 14:58:39 - [0,001] ----D C:\ProgramData\9ec9c0493be11564
O43 - CFD: 11/01/2014 - 19:52:48 - [0] ----D C:\ProgramData\APN
O43 - CFD: 26/03/2014 - 15:07:10 - [0,007] ----D C:\ProgramData\topDeal
O43 - CFD: 11/02/2014 - 18:06:14 - [1,689] ----D C:\ProgramData\Updater =>PUP.CrossRider
O43 - CFD: 16/04/2014 - 00:20:55 - [0] -SH-D C:\Users\Thib\AppData\Local\EmieSiteList
O43 - CFD: 16/04/2014 - 00:20:55 - [0] -SH-D C:\Users\Thib\AppData\Local\EmieUserList
~ Program Folder: 124 Legitimates Filtered in 00mn 27s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.12B0701B1CEC1A7BB0E4C71D97661E23] - 15/04/2014 - 13:14:55 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [387210]
O44 - LFC:[MD5.385AF1C48CE3E86B37B9E66749FFEC1B] - 15/04/2014 - 13:33:59 ---A- . (...) -- C:\Windows\System32\srms.dat [50053]
O44 - LFC:[MD5.E7B53AF004BEE5112F787A6E5B04D737] - 15/04/2014 - 13:34:09 ---A- . (...) -- C:\Windows\System32\connectedsearch-results.searchconnector-ms [11109]
O44 - LFC:[MD5.F1DB86EA935C13CDFF27AB957297136A] - 15/04/2014 - 13:34:49 ---A- . (...) -- C:\Windows\System32\connectedsearch-suggestions.searchconnector-ms [7762]
O44 - LFC:[MD5.1FDF29F970E2E843B4DC5D0626D0EDD5] - 15/04/2014 - 13:34:49 ---A- . (...) -- C:\Windows\System32\connectedsearch-zeroinput.searchconnector-ms [7130]
O44 - LFC:[MD5.DE461B86C05946D10E519F512D09E389] - 15/04/2014 - 13:34:51 ---A- . (...) -- C:\Windows\System32\RacRules.xml [100197]
O44 - LFC:[MD5.119E0F7A71775A5CFB208B036ECE35E1] - 15/04/2014 - 13:36:12 ---A- . (...) -- C:\Windows\System32\WimBootCompress.ini [2255]
O44 - LFC:[MD5.DCF2510E0745720E543E84F5E921FCC0] - 15/04/2014 - 13:39:32 ---A- . (...) -- C:\Windows\System32\dfpinc.dat [262335]
O44 - LFC:[MD5.FFFCC3C3ED6886A95D3C0E1B49C652BA] - 15/04/2014 - 13:44:14 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [139600]
O44 - LFC:[MD5.08750A50CF027F93070C8BB78E27C3B7] - 15/04/2014 - 15:26:40 -SH-- . (...) -- C:\Windows\System32\desktop.ini [75]
O44 - LFC:[MD5.4AA7852BD80E94539012D434C9D7E062] - 17/04/2014 - 12:00:17 ---A- . (...) -- C:\Windows\System32\spu_storage.bin [65536]
~ Files: 567 Legitimates Filtered in 02mn 01s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.87230FC16DC1DA25B00A203C53571E27] - 12/04/2014 - 18:32:22 ---A- - C:\Windows\Prefetch\CHROMERECOVERY.EXE-0A140A5C.pf
O45 - LFCP:[MD5.CBDFB2D3F9CC681EBFB5CDF87C7AB489] - 15/04/2014 - 11:52:15 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.FD2411ABD27754F383AA7A2EBFCB2CAD] - 15/04/2014 - 14:01:24 ---A- - C:\Windows\Prefetch\INSTUP.EXE-25E24300.pf
O45 - LFCP:[MD5.E605E40110929D704ECAD482F7E338DB] - 15/04/2014 - 16:04:19 ---A- - C:\Windows\Prefetch\ONEDRIVEREBRAND.EXE-B469944A.pf
O45 - LFCP:[MD5.8B67FD841CDA0238A4D3C5B61C822C31] - 15/04/2014 - 16:07:06 ---A- - C:\Windows\Prefetch\TSSSRV.EXE-E86A7BE1.pf
O45 - LFCP:[MD5.D020F1BE5280B84F2E9CA15D0803BDDC] - 15/04/2014 - 16:07:27 ---A- - C:\Windows\Prefetch\READLM.EXE-DD0A7195.pf
O45 - LFCP:[MD5.0A7016288C5A1655BED65FAC8667381C] - 15/04/2014 - 16:20:52 ---A- - C:\Windows\Prefetch\PRESENTATION.EXE-4649D937.pf
O45 - LFCP:[MD5.14E298740C602BB53A3795581D770482] - 15/04/2014 - 16:29:12 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.203DC172CDCD0BCCBCD9AA091FD5D22B] - 16/04/2014 - 19:13:48 ---A- - C:\Windows\Prefetch\ASWWRCIELOADER32.EXE-4D6768AE.pf
O45 - LFCP:[MD5.1226FA4C62359B722B8860D2547F662E] - 16/04/2014 - 19:13:48 ---A- - C:\Windows\Prefetch\ASWWRCIELOADER64.EXE-A46A316F.pf
O45 - LFCP:[MD5.28BFF3AD1C125022406181EC20120099] - 17/04/2014 - 05:10:51 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf
O45 - LFCP:[MD5.2DA989EC40BFBC156D8F4A0C5EC79DA8] - 17/04/2014 - 08:29:25 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3AF05CB9.pf
O45 - LFCP:[MD5.B31E5C7FDDEB9FDA023E43B373FE732A] - 17/04/2014 - 17:35:22 ---A- - C:\Windows\Prefetch\PfPre_967ce262.db
~ Prefetcher: 13 Legitimates Filtered in 00mn 03s
---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 15/04/2014 - 14:04:38 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 15/04/2014 - 14:04:39 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.73BDD44A6088916964945886F9025409] - 22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:[MD5.5252D7BC56E5E0ED715AEA8FE173A455] - 22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:[MD5.71CB3BB20F08BB724769DAAAFD5AB26E] - 16/08/2013 - 14:21:10 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [551936]
O58 - SDL:[MD5.77CF0ECC1C2B5E616B650AB5D4931114] - 19/08/2013 - 21:32:10 ---A- . (.Windows (R) Win 7 DDK provider - Toshiba Hotkey Driver.) -- C:\Windows\System32\Drivers\Thotkey.sys [32624]
O58 - SDL:[MD5.C32ECB99AD25E9A04F01C8665DF29EF8] - 01/10/2013 - 01:26:50 ----- . (...) -- C:\Windows\System32\pwdrvio.sys [19152]
O58 - SDL:[MD5.D619356B955EEFA642F5FF72755E8B3C] - 01/10/2013 - 01:26:48 ----- . (...) -- C:\Windows\System32\pwdspio.sys [12504]
~ Drivers: 18 Legitimates Filtered in 00mn 10s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 14/04/2014 - 19:21:23 ---A- . (...) -- C:\Users\Thib\Downloads\adwcleaner.exe [1426178]
O61 - LFC: 15/04/2014 - 19:20:47 -SHA- . (...) -- C:\Users\Thib\AppData\Local\EmieSiteList\container.dat [0]
O61 - LFC: 15/04/2014 - 19:20:47 -SHA- . (...) -- C:\Users\Thib\AppData\Local\EmieUserList\container.dat [0]
O61 - LFC: 15/04/2014 - 19:21:21 ---A- . (...) -- C:\Users\Thib\AppData\Roaming\Microsoft\MMC\eventvwr [139640]
O61 - LFC: 15/04/2014 - 19:21:24 ---A- . (...) -- C:\Users\Thib\Links\Desktop.lnk [443]
O61 - LFC: 15/04/2014 - 19:21:24 ---A- . (...) -- C:\Users\Thib\Links\Downloads.lnk [888]
O61 - LFC: 15/04/2014 - 19:21:24 ---A- . (...) -- C:\Users\Thib\Links\RecentPlaces.lnk [383]
O61 - LFC: 16/04/2014 - 19:21:21 ---A- . (...) -- C:\Users\Thib\AppData\Roaming\Microsoft\MMC\services [93558]
O61 - LFC: 17/04/2014 - 19:20:47 ---A- . (...) -- C:\Users\Thib\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [299896]
O61 - LFC: 17/04/2014 - 19:20:50 ---A- . (...) -- C:\Users\Thib\AppData\Local\Google\Chrome\User Data\Local State [65540]
O61 - LFC: 17/04/2014 - 19:21:23 ---A- . (...) -- C:\Users\Thib\Downloads\extension_1_7_4.crx [488141]
~ Files: 52 Legitimates Filtered in 00mn 38s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] 558112A1AE484F9185709D1B08D07D4D - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] C823A48BE0FA44D0A8C06E795A6B6E06 [DefaultScope] - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "E747A8856FFC3B642970DC57F44937FA" . (.IDT Audio Driver.) -- C:\Windows\Installer\{588A747E-CFF6-46B3-9207-CD754F9473AF}\IDTIcon.exe
~ Update Products: 84 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.0B92A91C44CB8CF7FD956D8179AFA299] [WIS][26/08/2013] (.IDT - IDT High Definition Audio Installer.) -- C:\Windows\Installer\2f3df.msi [16072704]
~ WIS: 84 Legitimates Filtered in 01mn 21s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 15/02/2013 1143720 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
SS - | Demand 11/01/2014 3808248 | (afcdpsrv) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 13/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 20/01/2014 2818896 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Demand 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 27/03/2013 7093272 | (syncagentsrv) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
SS - | Demand 19/07/2013 116088 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation
SS - | Demand 20/09/2012 1157056 | (WDBackup) . (.Western Digital.) - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
SS - | Demand 06/09/2012 248248 | (WDDriveService) . (.Western Digital.) - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
SS - | Demand 20/09/2012 1177536 | (WDRulesService) . (.Western Digital.) - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 31/08/2013 99328 | (AdaptiveSleepService) . (...) - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
SR - | Auto 30/08/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 22/08/2013 312448 | (AtherosSvc) . (.Windows (R) Win 7 DDK provider.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 15/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 10/09/2013 19792 | (dts_apo_service) . (...) - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
SR - | Auto 27/03/2013 163168 | (GFNEXSrv) . (...) - C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
SR - | Auto 07/08/2013 219272 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 07/08/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 16/08/2013 339456 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Demand 31/07/2013 53864 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 28/07/2009 140632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 10/08/2013 328544 | (TOSHIBA eco Utility Service) . (.Toshiba Corporation.) - C:\Program Files\TOSHIBA\Teco\TecoService.exe =>.Toshiba Corporation
SR - | Demand 04/09/2013 466504 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 43s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Thib at 17/04/2014 19:25:14
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : 13044 - (17/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0
C:\ProgramData\Updater =>PUP.CrossRider^
~ Additionnel Scan: 212512 Items scanned in 02mn 14s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ MSI: 1 link(s) detected in 00mn 00s
~ 1439 Legitimates filtered by white list
End of the scan (437 lines in 11mn 22s)(0)
~ Lancé par Thib (17/04/2014 19:16:11)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17031
GCIE: Google Chrome v32.0.1700.107 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 92C43
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2016
Malwarebytes Anti-Malware version 2.0.1.1004
Windows Defender W8
---\\ Logiciels d'optimisation du système
CCleaner v4.12 =>.Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
---\\ Informations sur le système
~ Processor: AMD64 Family 22 Model 0 Stepping 1, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1475 MB (12% free)
System Restore: Activé (Enable)
System drive C: has 17 GB (27%) free of 60 GB
---\\ Mode de connexion au système
~ Computer Name: THIBAULT
~ User Name: Thib
~ All Users Names: Thib, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Thib\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Thib\AppData\Roaming\
~ %Desktop% : C:\Users\Thib\Desktop\
~ %Favorites% : C:\Users\Thib\Favorites\
~ %LocalAppData% : C:\Users\Thib\AppData\Local\
~ %StartMenu% : C:\Users\Thib\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 17 Go of 60 Go)
D: Hard drive, Flash drive, Thumb drive (Free 394 Go of 395 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Explorateur Windows.) (.04/03/2014 - 13:25:49.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2014 - 10:11:56.) -- C:\Windows\System32\wininet.dll [2262016]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/02/2014 - 10:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 10:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.06/03/2014 - 10:20:23.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.20/03/2014 - 04:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.22/08/2013 - 20:11:06.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/02/2014 - 16:44:13.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/9
~ Mon Bureau (My Desktop) : 1/38
~ Menu demarrer (Programs) : 1/20
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.9C1BDB837A2DA4FFC60CB61CEEA3E334] - (.TOSHIBA - readLM.) -- C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800] [PID.4024]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.1312]
[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632] [PID.4348]
[MD5.738CB65FF16ED1F23C585EFFDE41AE5C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8215040] [PID.4384]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Thib\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.bing.com
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 04s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Additional Information.lnk . (.TOSHIBA - Toshiba Regensburg EXternal file Launcher.) -- C:\Program Files (x86)\TOSHIBA\Addendum\TREXLauncher.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Manual.lnk . (.TOSHIBA - Toshiba Regensburg EXternal file Launcher.) -- C:\Program Files (x86)\TOSHIBA\Manuals\TREXLauncher.exe
O4 - GS\Desktop [Public]: MiniTool Partition Wizard Home Edition.lnk . (...) -- C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1\loader.exe
O4 - GS\Desktop [Public]: True Image 2013.lnk . (.Acronis - Acronis True Image.) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe
O4 - GS\Desktop [Public]: WD Security.lnk . (.Western Digital - WD Security.) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveSecurity.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\QuickLaunch [Thib]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Thib]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Thib]: Desktop Assist.lnk . (...) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Desktop Assist\TosDesktopAssist.exe (.not file.)
O4 - GS\TaskBar [Thib]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Thib]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Thib]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Thib]: Auslogics Disk Defrag Professional.lnk . (.Auslogics - Disk Defrag Professional.) -- C:\Program Files (x86)\Auslogics\Disk Defrag Professional\DiskDefragPro.exe
~ Global Startup: 54 Legitimates Filtered in 00mn 07s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TCrdMain] . (.TOSHIBA Corporation - TOSHIBA Function Key Main Module.) -- C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
O4 - HKLM\..\Run: [TecoResident] . (.TOSHIBA Corporation - Resident module of eco Utility.) -- C:\Program Files\TOSHIBA\Teco\TecoResident.exe
O4 - HKLM\..\Run: [TSSSrv] . (.TOSHIBA Corporation - TOSHIBA System Settings Service.) -- C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe
O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.)
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] . (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [AmIcoSinglun64] . (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - HKLM\..\Wow6432Node\Run: [1.TPUReg] . (.TOSHIBA - readLM.) -- C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
O4 - HKLM\..\Wow6432Node\Run: [TSVU] . (.TOSHIBA - TOSHIBA Display Setup Launcher.) -- c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [TrueImageMonitor.exe] . (.Acronis - Acronis True Image Monitor.) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [AcronisTibMounterMonitor] . (.Acronis - Acronis TIB Monitor.) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [WD Drive Unlocker] . (.Western Digital - WD Drive Auto Unlock.) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe =>.Western Digital Technologies
O4 - HKLM\..\Wow6432Node\Run: [WD Quick View] . (.Western Digital Technologies, Inc. - WD Quick View.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe =>.Western Digital Technologies
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-392877870-2953951230-1412515938-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-392877870-2953951230-1412515938-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 01s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{11AF8087-AC9C-4350-8400-5B473A87B85C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB2F77D3-A0EA-47BA-AB11-DCECAA9D86A8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{11AF8087-AC9C-4350-8400-5B473A87B85C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{CB2F77D3-A0EA-47BA-AB11-DCECAA9D86A8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: AdaptiveSleepService (AdaptiveSleepService) . (...) - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service: AtherosSvc (AtherosSvc) . (.Windows (R) Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: DTS APO Service (dts_apo_service) . (.Pas de propriétaire - dts_apo_service.) - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
~ Services: 12 Legitimates Filtered in 00mn 25s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (aswBoot.exe /M:101e756c /wow /dir:"C:\Program Files\AVAST Software\Avast") - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/03/2014 - 14:58:39 - [0,001] ----D C:\ProgramData\9ec9c0493be11564
O43 - CFD: 11/01/2014 - 19:52:48 - [0] ----D C:\ProgramData\APN
O43 - CFD: 26/03/2014 - 15:07:10 - [0,007] ----D C:\ProgramData\topDeal
O43 - CFD: 11/02/2014 - 18:06:14 - [1,689] ----D C:\ProgramData\Updater =>PUP.CrossRider
O43 - CFD: 16/04/2014 - 00:20:55 - [0] -SH-D C:\Users\Thib\AppData\Local\EmieSiteList
O43 - CFD: 16/04/2014 - 00:20:55 - [0] -SH-D C:\Users\Thib\AppData\Local\EmieUserList
~ Program Folder: 124 Legitimates Filtered in 00mn 27s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.12B0701B1CEC1A7BB0E4C71D97661E23] - 15/04/2014 - 13:14:55 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [387210]
O44 - LFC:[MD5.385AF1C48CE3E86B37B9E66749FFEC1B] - 15/04/2014 - 13:33:59 ---A- . (...) -- C:\Windows\System32\srms.dat [50053]
O44 - LFC:[MD5.E7B53AF004BEE5112F787A6E5B04D737] - 15/04/2014 - 13:34:09 ---A- . (...) -- C:\Windows\System32\connectedsearch-results.searchconnector-ms [11109]
O44 - LFC:[MD5.F1DB86EA935C13CDFF27AB957297136A] - 15/04/2014 - 13:34:49 ---A- . (...) -- C:\Windows\System32\connectedsearch-suggestions.searchconnector-ms [7762]
O44 - LFC:[MD5.1FDF29F970E2E843B4DC5D0626D0EDD5] - 15/04/2014 - 13:34:49 ---A- . (...) -- C:\Windows\System32\connectedsearch-zeroinput.searchconnector-ms [7130]
O44 - LFC:[MD5.DE461B86C05946D10E519F512D09E389] - 15/04/2014 - 13:34:51 ---A- . (...) -- C:\Windows\System32\RacRules.xml [100197]
O44 - LFC:[MD5.119E0F7A71775A5CFB208B036ECE35E1] - 15/04/2014 - 13:36:12 ---A- . (...) -- C:\Windows\System32\WimBootCompress.ini [2255]
O44 - LFC:[MD5.DCF2510E0745720E543E84F5E921FCC0] - 15/04/2014 - 13:39:32 ---A- . (...) -- C:\Windows\System32\dfpinc.dat [262335]
O44 - LFC:[MD5.FFFCC3C3ED6886A95D3C0E1B49C652BA] - 15/04/2014 - 13:44:14 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [139600]
O44 - LFC:[MD5.08750A50CF027F93070C8BB78E27C3B7] - 15/04/2014 - 15:26:40 -SH-- . (...) -- C:\Windows\System32\desktop.ini [75]
O44 - LFC:[MD5.4AA7852BD80E94539012D434C9D7E062] - 17/04/2014 - 12:00:17 ---A- . (...) -- C:\Windows\System32\spu_storage.bin [65536]
~ Files: 567 Legitimates Filtered in 02mn 01s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.87230FC16DC1DA25B00A203C53571E27] - 12/04/2014 - 18:32:22 ---A- - C:\Windows\Prefetch\CHROMERECOVERY.EXE-0A140A5C.pf
O45 - LFCP:[MD5.CBDFB2D3F9CC681EBFB5CDF87C7AB489] - 15/04/2014 - 11:52:15 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.FD2411ABD27754F383AA7A2EBFCB2CAD] - 15/04/2014 - 14:01:24 ---A- - C:\Windows\Prefetch\INSTUP.EXE-25E24300.pf
O45 - LFCP:[MD5.E605E40110929D704ECAD482F7E338DB] - 15/04/2014 - 16:04:19 ---A- - C:\Windows\Prefetch\ONEDRIVEREBRAND.EXE-B469944A.pf
O45 - LFCP:[MD5.8B67FD841CDA0238A4D3C5B61C822C31] - 15/04/2014 - 16:07:06 ---A- - C:\Windows\Prefetch\TSSSRV.EXE-E86A7BE1.pf
O45 - LFCP:[MD5.D020F1BE5280B84F2E9CA15D0803BDDC] - 15/04/2014 - 16:07:27 ---A- - C:\Windows\Prefetch\READLM.EXE-DD0A7195.pf
O45 - LFCP:[MD5.0A7016288C5A1655BED65FAC8667381C] - 15/04/2014 - 16:20:52 ---A- - C:\Windows\Prefetch\PRESENTATION.EXE-4649D937.pf
O45 - LFCP:[MD5.14E298740C602BB53A3795581D770482] - 15/04/2014 - 16:29:12 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.203DC172CDCD0BCCBCD9AA091FD5D22B] - 16/04/2014 - 19:13:48 ---A- - C:\Windows\Prefetch\ASWWRCIELOADER32.EXE-4D6768AE.pf
O45 - LFCP:[MD5.1226FA4C62359B722B8860D2547F662E] - 16/04/2014 - 19:13:48 ---A- - C:\Windows\Prefetch\ASWWRCIELOADER64.EXE-A46A316F.pf
O45 - LFCP:[MD5.28BFF3AD1C125022406181EC20120099] - 17/04/2014 - 05:10:51 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf
O45 - LFCP:[MD5.2DA989EC40BFBC156D8F4A0C5EC79DA8] - 17/04/2014 - 08:29:25 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3AF05CB9.pf
O45 - LFCP:[MD5.B31E5C7FDDEB9FDA023E43B373FE732A] - 17/04/2014 - 17:35:22 ---A- - C:\Windows\Prefetch\PfPre_967ce262.db
~ Prefetcher: 13 Legitimates Filtered in 00mn 03s
---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 15/04/2014 - 14:04:38 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 15/04/2014 - 14:04:39 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.73BDD44A6088916964945886F9025409] - 22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:[MD5.5252D7BC56E5E0ED715AEA8FE173A455] - 22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:[MD5.71CB3BB20F08BB724769DAAAFD5AB26E] - 16/08/2013 - 14:21:10 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [551936]
O58 - SDL:[MD5.77CF0ECC1C2B5E616B650AB5D4931114] - 19/08/2013 - 21:32:10 ---A- . (.Windows (R) Win 7 DDK provider - Toshiba Hotkey Driver.) -- C:\Windows\System32\Drivers\Thotkey.sys [32624]
O58 - SDL:[MD5.C32ECB99AD25E9A04F01C8665DF29EF8] - 01/10/2013 - 01:26:50 ----- . (...) -- C:\Windows\System32\pwdrvio.sys [19152]
O58 - SDL:[MD5.D619356B955EEFA642F5FF72755E8B3C] - 01/10/2013 - 01:26:48 ----- . (...) -- C:\Windows\System32\pwdspio.sys [12504]
~ Drivers: 18 Legitimates Filtered in 00mn 10s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 14/04/2014 - 19:21:23 ---A- . (...) -- C:\Users\Thib\Downloads\adwcleaner.exe [1426178]
O61 - LFC: 15/04/2014 - 19:20:47 -SHA- . (...) -- C:\Users\Thib\AppData\Local\EmieSiteList\container.dat [0]
O61 - LFC: 15/04/2014 - 19:20:47 -SHA- . (...) -- C:\Users\Thib\AppData\Local\EmieUserList\container.dat [0]
O61 - LFC: 15/04/2014 - 19:21:21 ---A- . (...) -- C:\Users\Thib\AppData\Roaming\Microsoft\MMC\eventvwr [139640]
O61 - LFC: 15/04/2014 - 19:21:24 ---A- . (...) -- C:\Users\Thib\Links\Desktop.lnk [443]
O61 - LFC: 15/04/2014 - 19:21:24 ---A- . (...) -- C:\Users\Thib\Links\Downloads.lnk [888]
O61 - LFC: 15/04/2014 - 19:21:24 ---A- . (...) -- C:\Users\Thib\Links\RecentPlaces.lnk [383]
O61 - LFC: 16/04/2014 - 19:21:21 ---A- . (...) -- C:\Users\Thib\AppData\Roaming\Microsoft\MMC\services [93558]
O61 - LFC: 17/04/2014 - 19:20:47 ---A- . (...) -- C:\Users\Thib\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [299896]
O61 - LFC: 17/04/2014 - 19:20:50 ---A- . (...) -- C:\Users\Thib\AppData\Local\Google\Chrome\User Data\Local State [65540]
O61 - LFC: 17/04/2014 - 19:21:23 ---A- . (...) -- C:\Users\Thib\Downloads\extension_1_7_4.crx [488141]
~ Files: 52 Legitimates Filtered in 00mn 38s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] 558112A1AE484F9185709D1B08D07D4D - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] C823A48BE0FA44D0A8C06E795A6B6E06 [DefaultScope] - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "E747A8856FFC3B642970DC57F44937FA" . (.IDT Audio Driver.) -- C:\Windows\Installer\{588A747E-CFF6-46B3-9207-CD754F9473AF}\IDTIcon.exe
~ Update Products: 84 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.0B92A91C44CB8CF7FD956D8179AFA299] [WIS][26/08/2013] (.IDT - IDT High Definition Audio Installer.) -- C:\Windows\Installer\2f3df.msi [16072704]
~ WIS: 84 Legitimates Filtered in 01mn 21s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 15/02/2013 1143720 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
SS - | Demand 11/01/2014 3808248 | (afcdpsrv) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 13/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 20/01/2014 2818896 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Demand 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 27/03/2013 7093272 | (syncagentsrv) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
SS - | Demand 19/07/2013 116088 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation
SS - | Demand 20/09/2012 1157056 | (WDBackup) . (.Western Digital.) - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
SS - | Demand 06/09/2012 248248 | (WDDriveService) . (.Western Digital.) - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
SS - | Demand 20/09/2012 1177536 | (WDRulesService) . (.Western Digital.) - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 31/08/2013 99328 | (AdaptiveSleepService) . (...) - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
SR - | Auto 30/08/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 22/08/2013 312448 | (AtherosSvc) . (.Windows (R) Win 7 DDK provider.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 15/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 10/09/2013 19792 | (dts_apo_service) . (...) - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
SR - | Auto 27/03/2013 163168 | (GFNEXSrv) . (...) - C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
SR - | Auto 07/08/2013 219272 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 07/08/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 16/08/2013 339456 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Demand 31/07/2013 53864 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 28/07/2009 140632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 10/08/2013 328544 | (TOSHIBA eco Utility Service) . (.Toshiba Corporation.) - C:\Program Files\TOSHIBA\Teco\TecoService.exe =>.Toshiba Corporation
SR - | Demand 04/09/2013 466504 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 43s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Thib at 17/04/2014 19:25:14
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : 13044 - (17/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0
C:\ProgramData\Updater =>PUP.CrossRider^
~ Additionnel Scan: 212512 Items scanned in 02mn 14s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ MSI: 1 link(s) detected in 00mn 00s
~ 1439 Legitimates filtered by white list
End of the scan (437 lines in 11mn 22s)(0)