cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.4.23.42 - Nicolas Coolman (23/04/2014)
~ Lancé par JMB (23/04/2014 22:56:21)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17041
MFIE: Mozilla Firefox 28.0
OPIE: Opera v12.12
OPIE: Opera vStable 20.0.1387.82

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 9YQTR
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.3.350
Malwarebytes Anti-Malware version 2.0.1.1004
ESET Online Scanner v3
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.12 =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4002 MB (53% free)
System Restore: Désactivé (Disabled)
System drive C: has 74 GB (66%) free of 112 GB

---\\ Mode de connexion au système
~ Computer Name: JMB-PC
~ User Name: JMB
~ All Users Names: UpdatusUser, JMB, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\JMB\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\JMB\AppData\Roaming\
~ %Desktop% : C:\Users\JMB\Desktop\
~ %Favorites% : C:\Users\JMB\Favorites\
~ %LocalAppData% : C:\Users\JMB\AppData\Local\
~ %StartMenu% : C:\Users\JMB\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 74 Go of 112 Go)
D: Hard drive, Flash drive, Thumb drive (Free 221 Go of 699 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/03/2014 - 07:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/12
~ Mes musiques (My Musics) : 1/18
~ Mes Favoris (My Favorites) : 1/1085
~ Mes Documents (My Documents) : 1/1193
~ Mon Bureau (My Desktop) : 1/205
~ Menu demarrer (Programs) : 1/102
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.BC3DA234CDA880578526DAB028F40268] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [305792] [PID.1140]
[MD5.F4DCD4912B185C3AAEB92A7040832AD1] - (.Pas de propriétaire - ALU.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [51768] [PID.1820]
[MD5.7D2C5F5A9DF7AE26B4E62E2D7032B96B] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [82944] [PID.2396]
[MD5.5BB1F77C8AF725A15EC9366498D275BB] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992] [PID.1796]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.3288] =>Toolbar.Google
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.3444]
[MD5.A391896CD406E6377F5CEF31FDC12019] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\SysWOW64\ACEngSvr.exe [155648] [PID.4328]
[MD5.9D4A0ECBF734E2EECDD5B473A2D705FE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016] [PID.5288]
[MD5.BDB7D97012F9B3102DB72AA76A24942A] - (.ESET - ESET Online Scanner container.) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe [546944] [PID.5804]
[MD5.CE0D0B11986FD2C0247AE88A59B36A6E] - (...) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe [579904] [PID.4484]
[MD5.D998FA33E11467D43A9BB7E9D3BAD124] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7867392] [PID.6128]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1412]
[MD5.7910158929571214A959D5A6D16DD9C0] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1584]
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400] [PID.1744]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400] [PID.1956]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.1992]
[MD5.6B669A00A431FF6CDCE67458933F5F0F] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992] [PID.2032]
[MD5.A9AFE5B0648C8D7A411A72D8222F7F6E] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1826592] [PID.2212]
[MD5.54196CDAC7E1D81D71C652E100B99E77] - (...) -- C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe [181312] [PID.2328]
[MD5.E849218177EC8F7541EC3FAA693EE21A] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [4971840] [PID.2424]
[MD5.7E6B107120108B3A15BFECE0DE3201DB] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe [228744] [PID.3996]
[MD5.563206BA66F0170735096AA74CA0F682] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [166528] [PID.2812]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe [2488888] [PID.3936]
[MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [113208] [PID.1028]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe [174648] [PID.3520]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2728]
[MD5.83FF82FE209E7997067B375DAD6CF23D] - (.Intel Corporation - Intel(R) Integrated Clock Controller Servic.) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752] [PID.2324]
[MD5.1DB7E57EB1CF16CB5CDBC76106938738] - (.Acronis - File Level CDP Manager Service.) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3898360] [PID.4176]
[MD5.20F6F19FE9E753F2780DC2FA083AD597] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664] [PID.4500]
[MD5.7281AED93FB30FDD1CBAF07591FA453A] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344] [PID.4900]
[MD5.3EA307C51069BC72DD74A4964F2A30A9] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [366552] [PID.5048]
[MD5.E4FAD21646088D79F8889B6531396ACF] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93072] [PID.4300]
~ Processes Running: Scanned in 00mn 00s



---\\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1)
B0 - SPO: operaprefs.ini [JMB] Home URL=http://www.yahoo.fr
B1 - OSP: search.ini [JMB] URL=http://dts.search-results.com/sr?src=opb&gct=ds&appid=0&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=8122439272134808&q=%s
~ Opera Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\JMB\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://fr.search.yahoo.com
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr
~ IE Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [UpdatusUser]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files (x86)\Astonsoft\DeepBurner\DeepBurner.exe
O4 - GS\QuickLaunch [UpdatusUser]: Google Chrome.lnk . (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
O4 - GS\QuickLaunch [UpdatusUser]: InfraRecorder.lnk . (.Christian Kindahl - InfraRecorder.) -- C:\Program Files (x86)\InfraRecorder\infrarecorder.exe
O4 - GS\Desktop [UpdatusUser]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files (x86)\Astonsoft\DeepBurner\DeepBurner.exe
O4 - GS\Desktop [UpdatusUser]: Free Hide Folder.lnk . (...) -- C:\Program Files (x86)\Free Hide Folder\fhide.exe (.not file.)
O4 - GS\Desktop [UpdatusUser]: LICEcap.lnk . (...) -- C:\Program Files (x86)\LICEcap\licecap.exe
O4 - GS\Desktop [UpdatusUser]: UniPDF.lnk . (.unipdf.com - unipdf.com.) -- C:\Program Files (x86)\UniPDF\UniPDF.exe
O4 - GS\Desktop [UpdatusUser]: ZNsoft Icon Maker.lnk . (...) -- C:\Program Files (x86)\ZNsoft Corporation\ZNsoft Icon Maker\ZNsoftIM.exe (.not file.)
O4 - GS\QuickLaunch [JMB]: Belarc Advisor.lnk . (.Belarc, Inc. - Belarc Advisor Computer Inventory.) -- C:\Program Files (x86)\Belarc\Advisor\BelarcAdvisor.exe
O4 - GS\QuickLaunch [JMB]: CodeStuff Starter.lnk . (.CodeStuff - Startup Manager for Windows 9x/Me/NT/2000/X.) -- C:\Program Files (x86)\CodeStuff\Starter\Starter.exe
O4 - GS\QuickLaunch [JMB]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files (x86)\Astonsoft\DeepBurner\DeepBurner.exe
O4 - GS\QuickLaunch [JMB]: DraftSight.lnk . (.Flexera Software LLC - InstallShield.) -- C:\Windows\Installer\{8EB86B18-38DB-4A2D-8559-35B6D1EC3A0A}\NewShortcut31_F8E29BF1EB70468CB0249B43C7758D35.exe
O4 - GS\QuickLaunch [JMB]: InfraRecorder.lnk . (.Christian Kindahl - InfraRecorder.) -- C:\Program Files (x86)\InfraRecorder\infrarecorder.exe
O4 - GS\QuickLaunch [JMB]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [JMB]: XnView.lnk . (.XnView, http://www.xnview.com - XnView for Windows.) -- C:\Program Files (x86)\XnView\xnview.exe
O4 - GS\TaskBar [JMB]: Fotosizer.lnk . (.Fotosizer.com - Fotosizer Batch Image Resizer.) -- C:\Program Files (x86)\Fotosizer\Fotosizer.exe
O4 - GS\TaskBar [JMB]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\JMB\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [JMB]: IE.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [JMB]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [JMB]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\launcher.exe
O4 - GS\TaskBar [JMB]: SnippingTool.exe.lnk . (.Microsoft Corporation - Outil Capture.) -- C:\Windows\System32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\TaskBar [JMB]: Total Commander.lnk . (.C. Ghisler & Co. - Total Commander 32 bit version internationa.) -- C:\totalcmd\TOTALCMD.exe
O4 - GS\TaskBar [JMB]: wlmail.lnk . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation
O4 - GS\TaskBar [JMB]: XnView.lnk . (.XnView, http://www.xnview.com - XnView for Windows.) -- C:\Program Files (x86)\XnView\xnview.exe
O4 - GS\Program [JMB]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [JMB]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [JMB]: Sites du GAM.lnk . (...) -- D:\Backups\Mes lieux Préférés\GAM\Les sites du GAM.kml
O4 - GS\Desktop [JMB]: STOP.lnk . (.Microsoft Corporation - Outil d’arrêt et d’annotation Windows.) -- C:\Windows\System32\shutdown.exe
O4 - GS\Desktop [JMB]: TOTC.lnk . (.C. Ghisler & Co. - Total Commander 32 bit version internationa.) -- C:\totalcmd\TOTALCMD.exe
O4 - GS\Desktop [JMB]: WinMail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe =>.Microsoft Corporation
O4 - GS\QuickLaunch [Administrateur]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files (x86)\Astonsoft\DeepBurner\DeepBurner.exe
O4 - GS\QuickLaunch [Administrateur]: Google Chrome.lnk . (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
O4 - GS\QuickLaunch [Administrateur]: InfraRecorder.lnk . (.Christian Kindahl - InfraRecorder.) -- C:\Program Files (x86)\InfraRecorder\infrarecorder.exe
O4 - GS\TaskBar [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrateur]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Administrateur]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Administrateur]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files (x86)\Astonsoft\DeepBurner\DeepBurner.exe
O4 - GS\Desktop [Administrateur]: Free Hide Folder.lnk . (...) -- C:\Program Files (x86)\Free Hide Folder\fhide.exe (.not file.)
O4 - GS\Desktop [Administrateur]: LICEcap.lnk . (...) -- C:\Program Files (x86)\LICEcap\licecap.exe
O4 - GS\Desktop [Administrateur]: UniPDF.lnk . (.unipdf.com - unipdf.com.) -- C:\Program Files (x86)\UniPDF\UniPDF.exe
O4 - GS\Desktop [Administrateur]: VuPassword.lnk . (...) -- C:\Program Files (x86)\VuPassword\VuPassword.exe (.not file.)
O4 - GS\Desktop [Administrateur]: ZNsoft Icon Maker.lnk . (...) -- C:\Program Files (x86)\ZNsoft Corporation\ZNsoft Icon Maker\ZNsoftIM.exe (.not file.)
~ Global Startup: 119 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\JMB\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-587214273-2759515770-1766907914-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-587214273-2759515770-1766907914-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\JMB\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{67807672-28C9-4A31-B792-D28D27D70D20}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{67807672-28C9-4A31-B792-D28D27D70D20}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{67807672-28C9-4A31-B792-D28D27D70D20}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 320.) - c:\windows\syswow64\nvinit.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service Bonjour (Bonjour Service) . (...) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (.not file.)
O23 - Service: ScsiAccess (ScsiAccess) . (...) - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
~ Services: 13 Legitimates Filtered in 00mn 04s



---\\ Tâches planifiées en automatique (O39)
[MD5.960055F63557F450EBDA9F8CC293D659] [APT] [KuaiZip_Update] (.Suzhou Shijie Software Co., LTD.) -- C:\Program Files\KuaiZip\Update.exe [441384]
[MD5.00000000000000000000000000000000] [APT] [SlimDrivers Startup] (...) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7405E059-DEFC-485F-B92F-491E97EE0777}] (...) -- C:\Program Files (x86)\WinRAR\WinRAR.exe (.not file.) [0]
[MD5.AE3D4850A309FCB046FE944B1F2DF7A9] [APT] [{E7BFB7B1-E13F-4962-8BD3-5EC4B429CF1A}] (.Suzhou Shijie Software Co., LTD.) -- C:\Program Files\KuaiZip\Uninstaller.exe [432168]
O39 - APT: SlimDrivers Startup - (...) -- C:\Windows\Tasks\SlimDrivers Startup.job [406]
~ Scheduled Task: 23 Legitimates Filtered in 00mn 02s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (hwinterface) . (. - .) - C:\Windows\System32\Drivers\hwinterface.sys (.not file.)
O41 - Driver: (UimBus) . (...) - C:\Windows\System32\DRIVERS\UimBus.sys
O41 - Driver: (Uim_DEVIM) . (...) - C:\Windows\System32\DRIVERS\uim_devim.sys
O41 - Driver: (Uim_IM) . (...) - C:\Windows\System32\DRIVERS\uim_im.sys
~ Drivers: 90 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: HD Tach version 3 - (.Simpli Software, Inc..) [HKLM][64Bits] -- HD Tach_is1
O42 - Logiciel: HFSExplorer 0.21 - (.Catacombae Software.) [HKLM][64Bits] -- HFSExplorer
O42 - Logiciel: KuaiZip - (...) [HKLM][64Bits] -- KuaiZip
~ Logic: 29 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\A9Tech]
[HKCU\Software\AI_RecycleBin]
[HKCU\Software\FWT_DLM]
[HKCU\Software\IncrediMail]
[HKCU\Software\KuaiZipSFX]
[HKCU\Software\KuaiZip]
[HKCU\Software\MP_ALL]
[HKCU\Software\MultiCommander]
[HKCU\Software\SecuredDownload]
[HKCU\Software\TinyUploader]
[HKLM\Software\Wow6432Node\LICEcap]
[HKLM\Software\Wow6432Node\LS_Duhem]
~ Key Software: 596 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/04/2012 - 16:49:27 - [] ----D C:\Program Files (x86)\ATTo 32
O43 - CFD: 11/02/2014 - 23:59:19 - [] ----D C:\Program Files (x86)\HFSExplorer
O43 - CFD: 09/02/2013 - 00:18:58 - [] ----D C:\Program Files (x86)\LICEcap
O43 - CFD: 12/02/2014 - 00:13:53 - [] ----D C:\Program Files (x86)\LS_Duhem
O43 - CFD: 13/04/2012 - 12:39:38 - [] ----D C:\Program Files (x86)\MultiCommander
O43 - CFD: 17/01/2012 - 21:59:08 - [] ----D C:\Program Files (x86)\QCad
O43 - CFD: 09/03/2014 - 23:52:33 - [] ----D C:\ProgramData\clonehdd
O43 - CFD: 16/11/2011 - 21:49:54 - [] ----D C:\ProgramData\complexbackup
O43 - CFD: 09/03/2014 - 23:54:17 - [] ----D C:\ProgramData\copypart
O43 - CFD: 20/10/2013 - 20:45:38 - [] ----D C:\ProgramData\IM
O43 - CFD: 20/10/2013 - 20:45:09 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 18/10/2013 - 14:37:00 - [] ----D C:\ProgramData\KZMount
O43 - CFD: 07/02/2012 - 09:32:15 - [] ----D C:\Users\JMB\AppData\Roaming\DVAsoft
O43 - CFD: 30/09/2013 - 20:36:09 - [0] ----D C:\Users\JMB\AppData\Roaming\KuaiZip
O43 - CFD: 18/12/2013 - 12:14:47 - [0] ----D C:\Users\JMB\AppData\Roaming\KZMount
O43 - CFD: 13/04/2012 - 12:37:06 - [] ----D C:\Users\JMB\AppData\Roaming\MultiCommander
O43 - CFD: 14/11/2011 - 12:53:34 - [] ----D C:\Users\JMB\AppData\Local\Duomart.com
O43 - CFD: 17/04/2014 - 13:30:15 - [] -SH-D C:\Users\JMB\AppData\Local\EmieSiteList
O43 - CFD: 17/04/2014 - 13:30:15 - [] -SH-D C:\Users\JMB\AppData\Local\EmieUserList
O43 - CFD: 20/10/2013 - 20:54:44 - [] ----D C:\Users\JMB\AppData\Local\IM
O43 - CFD: 30/09/2013 - 20:35:51 - [] ----D C:\Users\JMB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KuaiZip
O43 - CFD: 11/01/2012 - 17:02:15 - [] ----D C:\Users\JMB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Post in top
~ Program Folder: 362 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/04/2014 - 22:17:56 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.A0ECA459D26A9742CDD6338F2B91CBC7] - 23/04/2014 - 17:54:31 ---A- . (...) -- C:\Windows\System32\AutoRunFilter.ini [3868]
~ Files: 50 Legitimates Filtered in 00mn 20s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Akamai NetSession Interface [Key] . (...) -- C:\Users\JMB\AppData\Local\Akamai\netsession_win.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\FileZilla Server Interface [Key] . (.FileZilla Project - FileZilla Server.) -- C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
O53 - SMSR:HKLM\...\startupreg\Getting started with MacDrive 8 [Key] . (...) -- C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\HF_G_Jul [Key] . (...) -- C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe (.not file.) =>Toolbar.AVGSearch
O53 - SMSR:HKLM\...\startupreg\MacDrive 8 application [Key] . (...) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\PixelPlanet PdfPrinter-Monitor [Key] . (.PixelPlanet GmbH - PixelPlanet PdfPrinter Monitor.) -- C:\Program Files (x86)\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe
O53 - SMSR:HKLM\...\startupreg\Setwallpaper [Key] . (...) -- c:\programdata\SetWallpaper.cmd (.not file.)
O53 - SMSR:HKLM\...\startupreg\snp2uvc [Key] . (...) -- C:\Windows\vsnp2uvc.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\vProt [Key] . (...) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe (.not file.) =>Toolbar.AVGSearch
O53 - SMSR:HKLM\...\startupreg\Wondershare Helper Compact.exe [Key] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
~ SMSR Keys: 53 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoThumbnailCache"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:31/12/2010 - 11:30:10 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [138024]
O58 - SDL:02/12/2009 - 12:20:56 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - EuDisk Bus Enumerator.) -- C:\Windows\System32\Drivers\EuDisk.sys [137608]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:20/07/2009 - 10:29:40 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416]
O58 - SDL:25/08/2011 - 23:54:12 ---A- . (.KernSafe Technologies - TotalMounter Bus Driver.) -- C:\Windows\System32\Drivers\ksbus64.sys [31064]
O58 - SDL:25/08/2011 - 23:54:12 ---A- . (.KernSafe Technologies - TotalMounter Port Driver.) -- C:\Windows\System32\Drivers\KSPrt64.sys [128856]
O58 - SDL:22/02/2012 - 11:34:36 ---A- . (.ManyCam LLC - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv_x64.sys [28160]
O58 - SDL:11/01/2012 - 07:11:20 ---A- . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Windows\System32\Drivers\mcvidrv_x64.sys [34304]
O58 - SDL:17/01/2012 - 20:38:00 ---A- . (.Feitian Technologies Co., Ltd. - Rockey Device Driver.) -- C:\Windows\System32\Drivers\Rockey4.sys [36904]
O58 - SDL:17/01/2012 - 20:38:00 ---A- . (.Feitian Technologies Co., Ltd. - Rockey USB Driver.) -- C:\Windows\System32\Drivers\Rockey4USB.sys [23592]
O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [503352]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:12/12/2013 - 14:50:44 ---A- . (...) -- C:\Windows\System32\Drivers\UimBus.sys [102664]
O58 - SDL:12/12/2013 - 14:50:50 ---A- . (...) -- C:\Windows\System32\Drivers\UimFIO.sys [556296]
O58 - SDL:12/12/2013 - 14:50:50 ---A- . (...) -- C:\Windows\System32\Drivers\uim_devim.sys [25992]
O58 - SDL:12/12/2013 - 14:50:44 ---A- . (...) -- C:\Windows\System32\Drivers\uim_im.sys [700680]
O58 - SDL:07/05/2013 - 14:27:12 ---A- . (...) -- C:\Windows\System32\ambakdrv.sys [30648]
O58 - SDL:07/05/2013 - 14:27:12 ---A- . (...) -- C:\Windows\System32\ammntdrv.sys [151480]
O58 - SDL:29/11/2013 - 10:31:28 ---A- . (...) -- C:\Windows\System32\ampa.sys [17008]
O58 - SDL:06/02/2013 - 15:52:48 ---A- . (...) -- C:\Windows\System32\amwrtdrv.sys [17848]
O58 - SDL:21/12/2012 - 13:53:58 ---A- . (...) -- C:\Windows\System32\epmntdrv.sys [17480]
O58 - SDL:21/12/2012 - 13:53:58 ---A- . (...) -- C:\Windows\System32\EuGdiDrv.sys [9800]
O58 - SDL:09/04/2010 - 13:17:04 ----- . (...) -- C:\Windows\System32\pwdrvio.sys [19936]
O58 - SDL:09/04/2010 - 13:16:58 ----- . (...) -- C:\Windows\System32\pwdspio.sys [13280]
O58 - SDL:02/12/2009 - 12:20:56 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver.) -- C:\Windows\SysWOW64\drivers\eubakup.sys [30600]
O58 - SDL:02/12/2009 - 12:20:58 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver.) -- C:\Windows\SysWOW64\drivers\eudskacs.sys [17800]
O58 - SDL:02/12/2009 - 12:21:00 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - File System Filter Driver.) -- C:\Windows\SysWOW64\drivers\eufs.sys [26504]
O58 - SDL:16/01/2012 - 18:01:18 ---A- . (.Logix4u - hwinterface.sys.) -- C:\Windows\SysWOW64\drivers\hwinterface.sys [3026]
O58 - SDL:29/11/2013 - 10:31:28 ---A- . (...) -- C:\Windows\SysWOW64\ampa.sys [17008]
O58 - SDL:21/12/2012 - 13:54:00 ---A- . (...) -- C:\Windows\SysWOW64\epmntdrv.sys [14920]
O58 - SDL:21/12/2012 - 13:53:58 ---A- . (...) -- C:\Windows\SysWOW64\EuGdiDrv.sys [9160]
~ Drivers: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 25/08/2011 - C:\Windows\System32\DRIVERS\KSPrt64.sys (KScsiPrt) .(.KernSafe Technologies - TotalMounter Port Driver.) - LEGACY_KSCSIPRT
~ Legacy: 104 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\JMB\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Opera\Opera.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Opera Mail\OperaMail.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.90E1D86D979B92738A47D7072CB22DA8] [SPRF][07/07/2010] (...) -- C:\ProgramData\FullRemove.exe [131472]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "25BD30E1BC5D83343A835E62DDD4D41B" . (.Bing Bar.) -- C:\Windows\Installer\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.D24949E5C6EC59F7F8664A657066994D] [WIS][13/04/2011] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\b7fbb.msi [28160] =>Toolbar.Google
[MD5.030EF57D730EC0A96C633715399B37B9] [WIS][02/03/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\b8731.msi [4424192] =>Toolbar.Bing
~ WIS: 2 Legitimates Filtered in 00mn 02s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\CCleaner64_RASAPI32 =>.Piriform Ltd
HKLM\SOFTWARE\Microsoft\Tracing\CCleaner64_RASMANCS =>.Piriform Ltd
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
~ BTK: 372 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 4571 Legitimates Filtered in 00mn 04s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 17/03/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
SS - | Demand 02/03/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Auto 10/07/1658 0 | (Bonjour Service) . (...) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
SS - | Demand 07/11/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 23/10/2011 630784 | (FileZilla Server) . (.FileZilla Project.) - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
SS - | Demand 29/12/2011 1431888 | (FLEXnet Licensing Service 64) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Demand 01/03/2011 130976 | (Futuremark SystemInfo Service) . (.Futuremark Corporation.) - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
SS - | Auto 13/04/2011 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/04/2011 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 13/02/2013 820184 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 22/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 29/11/2010 149504 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SR - | Demand 18/07/2013 1143368 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
SR - | Demand 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 04/03/2011 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Demand 16/12/2013 3898360 | (afcdpsrv) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
SR - | Auto 17/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 17/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Demand 25/05/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 15/12/2009 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 30/08/2013 123392 | (DraftSight API Service) . (.Dassault Systèmes.) - C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
SR - | Demand 17/12/2007 163840 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.exe
SR - | Auto 11/01/2007 126464 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.exe
SR - | Demand 30/04/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Demand 13/02/2013 731648 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Demand 12/03/2013 366552 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Demand 15/05/2013 1144144 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 26/07/2013 230416 | (NitroReaderDriverReadSpool3) . (.Nitro PDF Software.) - C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
SR - | Auto 12/05/2013 884512 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/05/2013 1826592 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/11/2011 181312 | (ScsiAccess) . (...) - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
SR - | Auto 25/02/2011 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 25/03/2014 4971840 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Demand 27/08/2013 93072 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 05s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [503352]
~ Emulateurs: Scanned in 00mn 05s



---\\ Scan Additionnel (O88)
Database Version : 13045 - (23/04/2014)
Clés trouvées (Keys found) : 11
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 5

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\HF_G_Jul] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\vProt] =>Toolbar.AVGSearch^
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Classes\Installer\Features\25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
[HKLM\Software\Classes\Installer\Products\25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Classes\Installer\Features\25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Classes\Installer\Products\25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\KoyoteSRTB] =>Toolbar.CoyoteSoft
[HKCU\Software\koyotesofttoolbarnew] =>Toolbar.CoyoteSoft
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
C:\Windows\Installer\b7fbb.msi =>Toolbar.Google^
C:\Windows\Installer\b8731.msi =>Toolbar.Bing^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 323614 Items scanned in 00mn 17s



---\\ Récapitulatif des détections trouvées sur votre station
~ MSI: 0 link(s) detected in 00mn 00s



~ 1333 Legitimates filtered by white list
End of the scan (630 lines in 01mn 13s)(0)

Publicité


Signaler le contenu de ce document

Publicité