~ Rapport de ZHPDiag v2013.10.21.57 - Nicolas Coolman (21/10/2013) ~ Lancé (23/10/2013 11:07:21) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 14.0.1 GCIE: Google Chrome v30.0.1599.101 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium Edition, 64-bit (Build 7600) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 9YQTR Windows License : OK ~ Windows Remaining Initializations Number : 2 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Avira Free Antivirus v14.0.0.383 Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v4.06 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer eMule Vuze v5.1.0.0 =>P2P.Azureus ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 45 ---\\ Informations sur le système ~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 2815 MB (38% free) System Restore: Activé (Enable) System drive C: has 11 GB (9%) free of 116 GB ---\\ Mode de connexion au système ~ Computer Name: LASARRICAU-PC ~ User Name: lasarricau ~ All Users Names: lasarricau, HomeGroupUser$, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\lasarricau\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\lasarricau\AppData\Roaming\ ~ %Desktop% : C:\Users\lasarricau\Desktop\ ~ %Favorites% : C:\Users\lasarricau\Favorites\ ~ %LocalAppData% : C:\Users\lasarricau\AppData\Local\ ~ %StartMenu% : C:\Users\lasarricau\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 11 Go of 116 Go) D: Hard drive, Flash drive, Thumb drive (Free 323 Go of 335 Go) E: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 07:23:14.) -- C:\Windows\Explorer.exe [2870272] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 07:20:51.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.28/10/2009 - 07:24:40.) -- C:\Windows\System32\Winlogon.exe [389632] [MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936] [MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696] [MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072] [MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840] [MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06/09/2012 - 18:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/220 ~ Mes musiques (My Musics) : 1/43 ~ Mes Favoris (My Favorites) : 1/23 ~ Mes Documents (My Documents) : 1/2194 ~ Mon Bureau (My Desktop) : 1/32 ~ Menu demarrer (Programs) : 1/37 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.BA2B4E07561CF877F61B0EEED654BC96] - (...) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [53888] [PID.1980] [MD5.F4DCD4912B185C3AAEB92A7040832AD1] - (.Pas de propriétaire - ALU.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [51768] [PID.1992] [MD5.1971D838A88F58D59543E9B3CDA5FFC4] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [305720] [PID.1172] [MD5.97F60D16F052DA9CB619AB9A96CB2D4E] - (.Pas de propriétaire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440] [PID.1684] [MD5.78185A1C861FA7AD6BE016D54D050119] - (.IObit - ASCTray.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840] [PID.2888] [MD5.ECF45E3FC8C63E44ED45D38A8672E7F1] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [275768] [PID.2908] [MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3000] [MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016] [PID.3020] [MD5.6529C89512CE4498919BDC512572F82C] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6998656] [PID.3032] [MD5.5666955DC9FD455A003D86A21E0483A9] - (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624] [PID.3052] [MD5.ED54F07E57BB1CF7BBB5C02E5C1A4385] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032] [PID.2580] [MD5.B2387FD351A3D4780A917E4C00A83310] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2968] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3108] [MD5.37DEB76A2CF005841C4E45DE2B94D84F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3058304] [PID.3900] [MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.3916] [MD5.D0D99257DDDCDDBE998AF7CA14E85BD0] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.4536] [MD5.9843F58DF3E2908D1FED4DF4B8747E51] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.4612] [MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.4776] [MD5.A4396FDB34ECCE391705AB2BB7410801] - (.IObit - Advanced SystemCare 6.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe [4057920] [PID.2168] [MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752] [PID.2424] [MD5.82E2FA029973DF797E3609021FDFDC0B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8116224] [PID.5480] [MD5.9243229DFCCC99B5441750EBA49F1B14] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272] [PID.724] [MD5.D7F82B30ED318E591E27C9C323846DD5] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe [428600] [PID.1148] [MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1368] [MD5.7C157574A181B19B9DCF5F339E25337E] - (.Pas de propriétaire - GFNEXSrv.) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208] [PID.1392] [MD5.3478F48B23A0D9F6EADD4A2405BA70EF] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392] [PID.1508] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1652] [MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.2036] [MD5.C811032EBB2C2E9FACFC364599E91BE3] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe [174720] [PID.1428] [MD5.2957ED569A2C1EDF31E95CB15C96AC2F] - (.Yuna Software - Service - Messenger Plus! for Skype.) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [128000] [PID.2112] [MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe [2488888] [PID.2532] [MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe [113208] [PID.2624] [MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe [174648] [PID.2640] [MD5.CF7B0E597C1F34E528285495721DEEE9] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe [237960] [PID.2704] [MD5.AFFE7C21A4FCA1963371F10066911D3A] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392] [PID.3632] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\lasarricau\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] http://fr.search.yahoo.com G2 - GCE: Preference [User Data\Default] [dlnembnfbcpjnepmfjmngjenhhajpdfd] Web Assistant v.2.0.0.602, (Activé) =>Adware.IncrediBar ~ Google Browser: 17 Legitimates Filtered in 00mn 21s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\lasarricau\AppData\Roaming\Mozilla\Firefox\Profiles\qh1f9mc0.default\prefs.js ~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{F999A48B-1950-4D81-9971-79018F807B4B} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: eMule.lnk . (.http://www.emule-project.net - eMule.) -- C:\Program Files (x86)\eMule\emule.exe O4 - GS\Desktop [Public]: LifeFrame.lnk . (.ASUS - LifeFrame3.) -- C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe O4 - GS\Desktop [Public]: SmartLogon Manager.lnk . (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\logonmgr.exe O4 - GS\Desktop [Public]: Splendid Utility.Lnk . (...) -- C:\Program Files (x86)\ASUS\Splendid\Backbone.exe O4 - GS\Program [Public]: HD VDeck.lnk . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Program [Public]: Vuze.lnk . (...) -- C:\Program Files (x86)\Vuze\Azureus.exe (.not file.) =>P2P.Azureus O4 - GS\QuickLaunch [lasarricau]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [lasarricau]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [lasarricau]: Vuze.lnk . (...) -- C:\Program Files (x86)\Vuze\Azureus.exe (.not file.) =>P2P.Azureus O4 - GS\TaskBar [lasarricau]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\Program [lasarricau]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [lasarricau]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [lasarricau]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [lasarricau]: Documents.lnk . (...) -- C:\Users\lasarricau\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms ~ Global Startup: 66 Legitimates Filtered in 00mn 02s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co O4 - GS\Startup [Public]: SRS Premium Sound.lnk . (.Acresso Software Inc. - InstallShield.) -- C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe O4 - HKLM\..\Run: [ETDWare] . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe O4 - HKLM\..\Run: [ASUS WebStorage] . (...) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe O4 - HKLM\..\Run: [AmIcoSinglun64] . (.AlcorMicro Co., Ltd. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe O4 - HKCU\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Wow6432Node\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd (.not file.) O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [MessengerPlusForSkypeService] . (.Yuna Software - Service - Messenger Plus! for Skype.) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-1456260645-863107718-592216751-1001\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe ~ Application: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{080121F4-39D1-4FB2-B7D4-0C11CC9EF0C6}: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{FACDA23B-F382-416D-9662-D067608677D8}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{FACDA23B-F382-416D-9662-D067608677D8}: DhcpDomain = lan O17 - HKLM\System\CS1\Services\Tcpip\..\{080121F4-39D1-4FB2-B7D4-0C11CC9EF0C6}: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{FACDA23B-F382-416D-9662-D067608677D8}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{FACDA23B-F382-416D-9662-D067608677D8}: DhcpDomain = lan O17 - HKLM\System\CS2\Services\Tcpip\..\{080121F4-39D1-4FB2-B7D4-0C11CC9EF0C6}: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{FACDA23B-F382-416D-9662-D067608677D8}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{FACDA23B-F382-416D-9662-D067608677D8}: DhcpDomain = lan O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: QuickShare - (.Linkury Inc..) [HKLM][64Bits] -- {1C162FF5-9D64-45F0-BB96-2048E59BD366} =>PUP.QuickShare ~ Logic: 102 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\IncrediMail] [HKLM\Software\Wow6432Node\IncrediMail] [HKLM\Software\Wow6432Node\SafeCentral] ~ Key Software: 186 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 23/06/2012 - 23:12:29 - [0,157] ----D C:\Users\lasarricau\AppData\Local\APN ~ 101 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 284 Legitimates Filtered in 00mn 11s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.850C2CBC8CF90BEB611EE5EBCFF12EF2] - 11/10/2013 - 06:45:24 ---A- . (...) -- C:\Windows\SysNative\AutoRunFilter.ini [2186] O44 - LFC:[MD5.850C2CBC8CF90BEB611EE5EBCFF12EF2] - 11/10/2013 - 06:45:24 ---A- . (...) -- C:\Windows\System32\AutoRunFilter.ini [2186] O44 - LFC:[MD5.BEAEB973DE6FA8C45D9A8EFA31AF8311] - 11/10/2013 - 06:45:25 ---A- . (...) -- C:\Windows\SysNative\ServiceFilter.ini [1747] O44 - LFC:[MD5.BEAEB973DE6FA8C45D9A8EFA31AF8311] - 11/10/2013 - 06:45:25 ---A- . (...) -- C:\Windows\System32\ServiceFilter.ini [1747] ~ Files: 16 Legitimates Filtered in 00mn 49s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.43E16E4011D80D0F794B695363AF2260] - 11/05/2012 - 10:13:24 ---A- . (.Mobile Stream - EasyTether Network Driver.) -- C:\Windows\System32\Drivers\easytthr.sys [20752] ~ Drivers: 16 Legitimates Filtered in 00mn 00s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 19 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {A1F42BE3-D2BA-4A91-B543-3B53A5AA62D6} - (Yahoo) - http://fr.search.yahoo.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][24/12/2009] (...) -- C:\ProgramData\FullRemove.exe [131368] ~ Files: 1 Legitimates Filtered in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "4B2C18C6D8600744F90EF29298DEB48B" . (.EasyTether.) -- C:\Windows\Installer\{6C81C2B4-068D-4470-9FE0-2F2989ED4BB8}\easytether.ico ~ Update Products: 259 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.82B91E7CCDFDFBEAF58F381D1FA3EFDF] [WIS][08/09/2009] (.Alcor Micro Corp. - AmIcoSinglun.) -- C:\Windows\Installer\10ee3.msi [1452032] [MD5.9595EF1705524971A5BF64C92EE08265] [WIS][06/06/2012] (.Mobile Stream - EasyTether Package.) -- C:\Windows\Installer\19a49b.msi [3665920] [MD5.7AE5FF598B22E4F65558BAF73107FA7E] [WIS][14/05/2009] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\21b7f0.msi [459264] [MD5.FDCC790E0C478A6441DDA063F257B316] [WIS][24/06/2013] (.Linkury Inc. - QuickShare Widget.) -- C:\Windows\Installer\eb792a.msi [8925184] =>PUP.QuickShare ~ WIS: 263 Legitimates Filtered in 00mn 29s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 18/04/2013 574272 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe SR - | Auto 17/09/2009 359552 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe SR - | Auto 06/10/2009 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 07/10/2013 440392 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe SR - | Auto 07/10/2013 440392 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe SS - | Disabled 07/10/2013 1164360 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe SR - | Auto 08/08/2007 94208 | (ATKGFNEXSrv) . (...) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Auto 18/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 18/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Demand 17/09/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 25/11/2012 113120 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 27/06/2013 128000 | (MsgPlusService) . (.Yuna Software.) - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 32s ---\\ Scan Additionnel (O88) Database Version : 12960 - (21/10/2013) Clés trouvées (Keys found) : 5 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 2 [HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1C162FF5-9D64-45F0-BB96-2048E59BD366}] =>PUP.QuickShare^ [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio C:\Users\lasarricau\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd =>Adware.IncrediBar^ C:\Windows\Installer\eb792a.msi =>PUP.QuickShare^ ~ Additionnel Scan: 326661 Items scanned in 00mn 25s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar ~ http://nicolascoolman.webs.com/apps/blog/show/28577022-pup-quickshare =>PUP.QuickShare ~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio ~ MSI: 3 link(s) detected in 00mn 25s ~ 1329 Legitimates filtered by white list End of the scan (439 lines in 03mn 18s)(0)