Rapport de ZHPDiag v2013.6.23.33 par Nicolas Coolman, Update du 23/06/2013 Run by Alexandre at 23/06/2013 16:55:48 WebSite: http://nicolascoolman.webs.com State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Deactivate by program ---\\ Web Browser MSIE: Internet Explorer v10.0.9200.16599 GCIE: Google Chrome v27.0.1453.116 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 8 Home Premium Edition, 64-bit (Build 9200) Windows Server License Manager Script : OK ~ ion : Windows(R) Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : MPWYG Windows License : OK ~ Windows Remaining Initializations Number : 999 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection avast! Free Antivirus v8.0.1489.0 Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W8 ---\\ System Optimizer CCleaner v4.02 =>Piriform Ltd ---\\ Peer To Peer (P2P) ---\\ Software Update Adobe Reader XI ---\\ System Information ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 8077 MB (16% free) System Restore: Activé (Enable) System drive C: has 753 GB (82%) free of 909 GB ---\\ Logged in mode ~ Computer Name: ALEXANDRE ~ User Name: Alexandre ~ All Users Names: Alexandre, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Alexandre\AppData\Roaming\ ~ %Desktop% : C:\Users\Alexandre\Desktop\ ~ %Favorites% : C:\Users\Alexandre\Favorites\ ~ %LocalAppData% : C:\Users\Alexandre\AppData\Local\ ~ %StartMenu% : C:\Users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 753 Go of 909 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 29 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.E13A31D5254C25406A7946BDD9B06364] - (.Microsoft Corporation - Explorateur Windows.) (.11/10/2012 - 08:35:16.) -- C:\Windows\Explorer.exe [2380944] [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608] [MD5.36050B1CDF2DAE0B44286C7C46E4883E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/04/2013 - 23:28:33.) -- C:\Windows\System32\wininet.dll [2241024] [MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120] [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408] [MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640] [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840] [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544] [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080] [MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784] [MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168] [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640] [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920] [MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688] [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776] [MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544] [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984] [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712] [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248] [MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.26/07/2012 - 05:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/21 ~ Mes musiques (My Musics) : 1/2543 ~ Mes Videos (My Videos) : 1/34 ~ Mes Favoris (My Favorites) : 1/3 ~ Mes Documents (My Documents) : 1/1413 ~ Mon Bureau (My Desktop) : 1/1387 ~ Menu demarrer (Programs) : 1/44 ~ Hidden Files: Scanned in 00mn 03s ---\\ Processus lancés [MD5.5E734DBA04A51E54352B6AF821CA8B86] - (.Samsung Electronics CO., LTD. - Settings.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2624048] [PID.2740] [MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [10376704] [PID.5440] [MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [10368512] [PID.5520] [MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.5632] [MD5.5521928AA79079565B7CB8FCE6806131] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [825808] [PID.5912] [MD5.581D8AD206E0DE14DB6B76884E144AF5] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704] [PID.720] [MD5.577E442842376B526541E4EE0C364361] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7537664] [PID.6860] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Alexandre\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [gffjhibehnempbkeheiccaincokdjbfe] Mail Checker Plus for Google Mail v. () ~ Google Browser: 16 Legitimates Filtered in 00mn 09s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 09s ~ Nombre de lignes (Lines number): 15423 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe O4 - HKLM\..\Run: [RtHDVBg_SRSSA] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.) O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline O4 - HKCU\..\Run: [Quick Starter] . (.Samsung Electronics CO., LTD. - Quick Starter.) -- C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(SM) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe O4 - HKUS\S-1-5-21-2027014631-3366834958-3693072843-1001\..\Run: [AdobeBridge] Clé orpheline O4 - HKUS\S-1-5-21-2027014631-3366834958-3693072843-1001\..\Run: [Quick Starter] . (.Samsung Electronics CO., LTD. - Quick Starter.) -- C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop: Alexandre Hazzan.lnk . (...) -- C:\Users\Alexandre O4 - GS\Desktop: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Alexandre\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - GS\Desktop: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe O4 - GS\Desktop: HiJackThis.lnk . (.Trend Micro Inc. - HijackThis.) -- C:\Users\Alexandre\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe O4 - GS\Desktop: Ordinateur.lnk - Clé orpheline ~ Global Startup: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{1DB31DE6-9CE8-45EB-BE47-742430D7153F}: DhcpNameServer = 89.2.0.1 89.2.0.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{1DB31DE6-9CE8-45EB-BE47-742430D7153F}: DhcpNameServer = 89.2.0.1 89.2.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\windows\system32\CbFsMntNtf3.dll ~ SSODL: 2 Legitimates Filtered in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) [64Bits] - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\windows\SysWow64\CbFsMntNtf3.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: AllShare Framework DMS (AllShare Framework DMS) . (.Samsung - AllShareFrameworkManagerDMS Monitoring DMS.) - C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe O23 - Service: (Easy Launcher) . (.Samsung Electronics CO., LTD. - EasyLauncher.) - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe O23 - Service: Elan Service (ETDService) . (.ELAN Microelectronics Corp. - Elan Service.) - C:\Program Files\Elantech\ETDService.exe O23 - Service: IntelliMemory (IntelliMemory) . (.Condusiv Technologies - IntelliMemory Service.) - C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe O23 - Service: Intel(R) Management and Security Applica (LMS) . (.Intel Corporation - Intel(R) Local Management Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: SW Update Service (SWUpdateService) . (.Samsung Electronics CO., LTD. - SW Update Agent.) - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe O23 - Service: Intel(R) PROSet/Wireless Zero Configurat (ZeroConfigService) . (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Servi.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe ~ Services: 28 Legitimates Filtered in 00mn 07s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (intmfs) . (.Condusiv Technologies - IntelliMemory Filesystem Filter Driver.) - C:\Windows\System32\DRIVERS\intmfs.sys ~ Drivers: 40 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: IntelliMemory - (.Condusiv Technologies.) [HKLM][64Bits] -- {40320F22-7D70-49DB-9D66-B6FAE5F36B47} O42 - Logiciel: SRS Premium Sound - (.DTS, Inc..) [HKLM][64Bits] -- {E44F8A34-529E-4318-A0E1-1893C337A47F} ~ Logic: 107 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\APN PIP] [HKCU\Software\Softonic] [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKLM\Software\ATI Technology] [HKLM\Software\Airplane] ~ Key Software: 198 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 17/01/2013 - 09:46:37 - [0,040] ----D C:\ProgramData\boost_interprocess O43 - CFD: 08/06/2013 - 10:57:45 - [4,884] ----D C:\Users\Alexandre\AppData\Roaming\cacaoweb =>PUP.CacaoWeb O43 - CFD: 15/06/2013 - 18:34:35 - [0,001] --H-D C:\Users\Alexandre\AppData\Local\DUbyH2upAOnp3E O43 - CFD: 11/05/2013 - 19:30:15 - [0,004] ----D C:\Users\Alexandre\AppData\Local\Intel_Corporation O43 - CFD: 22/05/2013 - 19:41:47 - [0] -SH-D C:\Users\Alexandre\AppData\Local\ms-drivers O43 - CFD: 15/06/2013 - 18:34:36 - [0] --HAD C:\Users\Alexandre\AppData\Local\S9CPbynDyHu6 O43 - CFD: 15/06/2013 - 18:34:35 - [0] --HAD C:\Users\Alexandre\AppData\Local\WcO51MKphgY35C ~ Program Folder: 176 Legitimates Filtered in 00mn 18s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.B69EC82B90E970B11A59D6049E55DFBA] - 23/06/2013 - 15:51:01 ---A- . (...) -- C:\Windows\SysNative\rpcnetp.exe [17408] O44 - LFC:[MD5.B69EC82B90E970B11A59D6049E55DFBA] - 23/06/2013 - 15:51:01 ---A- . (...) -- C:\Windows\System32\rpcnetp.exe [17408] O44 - LFC:[MD5.27D43434E73A2DF74D1D89B00821BE4C] - 23/06/2013 - 15:48:10 ---A- . (...) -- C:\Windows\SysNative\wpbbin.exe [29304] O44 - LFC:[MD5.27D43434E73A2DF74D1D89B00821BE4C] - 23/06/2013 - 15:48:10 RSHAD . (...) -- C:\Windows\System32\wpbbin.exe [29304] O44 - LFC:[MD5.0A34066D56D57C0DA73BFFC1E4169FF2] - 23/06/2013 - 15:46:10 ---A- . (...) -- C:\Windows\wininit.ini [85] O44 - LFC:[MD5.351EF211FC5DA078A02376D24E6829AF] - 15/06/2013 - 11:14:13 ---A- . (...) -- C:\Windows\SysNative\ApnDatabase.xml [386646] O44 - LFC:[MD5.351EF211FC5DA078A02376D24E6829AF] - 15/06/2013 - 11:14:13 RSHAD . (...) -- C:\Windows\System32\ApnDatabase.xml [386646] O44 - LFC:[MD5.78B4EAAF839066040EABDFF5086FF9E3] - 15/06/2013 - 11:05:03 ---A- . (...) -- C:\Windows\SysNative\results.xml [18854] O44 - LFC:[MD5.78B4EAAF839066040EABDFF5086FF9E3] - 15/06/2013 - 11:05:03 RSHAD . (...) -- C:\Windows\System32\results.xml [18854] ~ Files: 157 Legitimates Filtered in 00mn 53s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.4F18D4C7EA14F11A7211F60D553C03DB] - 26/07/2012 - 06:00:49 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [106736] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7} ~ ADS: Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 19 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.6EBA4DF7D38DA6FCD75D8FCF8F0FA99B] [SPRF][21/02/2013] (.Samsung Electronics - Samsung Marker.) -- C:\ProgramData\MakeMarkerFile.exe [2063240] [MD5.F54D4C0990E7C398D39908D13E380EE9] [SPRF][07/06/2013] (.Ask.com - Offercast - APN Install Manager.) -- C:\Users\Alexandre\AppData\Local\Temp\AskPIP_FF_.exe [1028232] [MD5.A33CB36B55D31F102CF8F6366714BD8E] [SPRF][11/05/2013] (.Absolute Software Corp. - Computrace(R) LoJack for Laptops(R) Installer.) -- C:\Users\Alexandre\AppData\Roaming\LoJackSetup.exe [6469064] ~ Files: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{522A4DF7-089D-436F-A785-A4D1A1A5CA43}" | In - Public - P6 - TRUE | .(.Condusiv Technologies - IntelliMemory Service.) -- C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe O87 - FAEL: "{48D3790B-7B48-4B65-BBFC-617876CE3E98}" | In - Public - P17 - TRUE | .(.Condusiv Technologies - IntelliMemory Service.) -- C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe O87 - FAEL: "TCP Query User{2AA994BA-FC79-48D9-9168-9124F241C7EF}C:\users\alexandre\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Public - P6 - TRUE | .(...) -- C:\users\alexandre\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb O87 - FAEL: "UDP Query User{9F40B4A9-6940-4637-B99F-66A389EB4423}C:\users\alexandre\appdata\roaming\cacaoweb\cacaoweb.exe" | In - Public - P17 - TRUE | .(...) -- C:\users\alexandre\appdata\roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb ~ Firewall: 240 Legitimates Filtered in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.12552 - (23/06/2013) Clés trouvées (Keys found) : 3 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 0 [HKCU\Software\APN PIP] =>Toolbar.Ask [HKCU\Software\cacaoweb] =>PUP.CacaoWeb [HKCU\Software\Softonic] =>Toolbar.Conduit C:\Users\Alexandre\AppData\Roaming\cacaoweb =>PUP.CacaoWeb ~ Additionnel Scan: 271309 Items scanned in 00mn 39s ---\\ Product Upgrade Codes (O90) O90 - PUC: "B3E07220DB9060695F78D9E3691F7A59" . (.AMD Wireless Display v3.0.) -- C:\windows\Installer\{02270E3B-09BD-9606-F587-9D3E96F1A795}\ARPPRODUCTICON.exe ~ Update Products: 121 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 03/05/2013 405896 | (AllShare Framework DMS) . (.Samsung.) - C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe SR - | Auto 04/06/2013 241152 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 11/04/2013 772064 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 30/09/2012 1112000 | (Bluetooth Device Monitor) . (.Motorola Solutions, Inc..) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe SR - | Auto 30/09/2012 1132480 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 12/09/2012 135984 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe SS - | Demand 08/11/2012 277048 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SR - | Auto 14/01/2013 1594416 | (Easy Launcher) . (.Samsung Electronics CO., LTD..) - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe SR - | Auto 25/03/2013 99184 | (ETDService) . (.ELAN Microelectronics Corp..) - C:\Program Files\Elantech\ETDService.exe SR - | Auto 08/05/2013 621296 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe SS - | Auto 10/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 10/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SR - | Auto 30/04/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe SR - | Auto 13/09/2012 2466448 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB Card Reader\RIconMan.exe SR - | Auto 13/02/2013 731648 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SS - | Demand 13/02/2013 820184 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe SR - | Auto 12/03/2013 131544 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe SR - | Auto 21/12/2012 55720 | (IntelliMemory) . (.Condusiv Technologies.) - C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe SR - | Auto 12/03/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 12/03/2013 366552 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 09/06/2013 2635600 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SS - | Demand 273136 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe SR - | Auto 0 | (PnkBstrA) . (...) - C:\windows\system32\PnkBstrA.exe SR - | Auto 08/05/2013 149744 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe SR - | Auto 23/06/2013 69792 | (rpcnet) . (.Absolute Software Corp..) - C:\Windows\SysWOW64\rpcnet.exe SS - | Auto 19/04/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 04/05/2013 543656 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SR - | Auto 15/05/2013 2956336 | (SWUpdateService) . (.Samsung Electronics CO., LTD..) - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 08/05/2013 3385584 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe ~ Services: Scanned in 00mn 01s ~ 1148 Legitimates filtered by white list End of the scan (411 lines in 02mn 52s)(0)