~ Rapport de ZHPDiag v2013.9.11.193 - Nicolas Coolman  (11/09/2013)
~ Lancé par Manzai (11/09/2013 21:14:05)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16660
MFIE: Mozilla Firefox 23.0.1 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Home Premium Edition, 64-bit  (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 9WXVT
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Internet Security v8.0.1497.0
Windows Defender W8

---\\ Logiciels d'optimisation du système
CCleaner v4.04  =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer
FrostWire 5.6.3 v5.6.3.5

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Java 7 Update 25

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3911 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 365 GB (81%) free of 446 GB

---\\ Mode de connexion au système
~ Computer Name: MANZAI
~ User Name: Manzai
~ All Users Names: Manzai, HomeGroupUser$, Administrateur, 
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\Manzai\AppData\Roaming\
~ %Desktop% : C:\Users\Manzai\Desktop\
~ %Favorites% : C:\Users\Manzai\Favorites\
~ %LocalAppData% : C:\Users\Manzai\AppData\Local\
~ %StartMenu% : C:\Users\Manzai\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 365 Go of 446 Go)
D:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.AC155DD9BD1E6D3B740826A4D1C68AAE] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/07/2013 - 06:13:37.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/49
~ Mes musiques (My Musics) : 1/22
~ Mes Videos (My Videos) : 2/1440
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 2/160
~ Mon Bureau (My Desktop) : 2/13
~ Menu demarrer (Programs) : 1/37
~ Hidden Files:  Scanned in 00mn 02s



---\\ Processus lancés
[MD5.0EFF23C3D910380746D4F56BA5C746C4] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe   [1192784] [PID.4048]
[MD5.E659E38D2D51DF5817C91D7386920C7E] - (.CyberLink - MediaEspresso DeviceDetector.) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe   [995856] [PID.2388]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [4858968] [PID.4696]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [253816] [PID.4784]
[MD5.6582A15F11F722FEBE603004A73CBD77] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe   [2255184] [PID.7564]
[MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [276376] [PID.10096]
[MD5.72EF708552059546B1AAA82E7AA59439] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe   [17304] [PID.2848]
[MD5.18F20138A715E0677A24A0986BC9AEA2] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe   [1862024] [PID.7828]
[MD5.F7128E5772F9312F0D111A5FA5D41773] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   [20684656] [PID.4592]
[MD5.475950AA624AD3813490BC01864184CC] - (.http://www.dreamule.org - Dreamule.) -- C:\Program Files (x86)\DreaMule\emule.exe   [6696960] [PID.8376]
[MD5.0CED501E811F5C4745415FCC000CE043] - (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe   [164864] [PID.9116]
[MD5.28E623E4595B41896BAAE560CABDBF2A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7935488] [PID.7972]
~ Processes Running:  Scanned in 00mn 01s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 10030



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Camtasia Studio 8.lnk . (.TechSmith Corporation - Camtasia Studio.)  -- C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe 
O4 - GS\Desktop [Public]: CyberGhost VPN.lnk . (.CyberGhost SRL - CyberGhost VPN Client.)  -- C:\Program Files\CyberGhost VPN\CyberGhost.exe 
O4 - GS\Desktop [Public]: Deluge.lnk . (...)  -- C:\Program Files (x86)\Deluge\deluge.exe
O4 - GS\Desktop [Public]: FarCry 3.lnk . (.Ubisoft Entertainment - Far Cry 3.)  -- C:\Program Files (x86)\FarCry 3\bin\farcry3.exe 
O4 - GS\Desktop [Public]: Livestream Procaster.lnk . (...)  -- C:\Program Files (x86)\Livestream Procaster\Procaster.exe
O4 - GS\Desktop [Public]: LogMeIn Hamachi.lnk . (.LogMeIn Inc. - Hamachi Client Application.)  -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe 
O4 - GS\Desktop [Public]: Oracle VM VirtualBox.lnk . (...)  -- C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe (.not file.)
O4 - GS\Program [Public]: SumatraPDF.lnk . (.Krzysztof Kowalczyk - SumatraPDF.)  -- C:\Program Files (x86)\SumatraPDF\SumatraPDF.exe 
O4 - GS\QuickLaunch [Manzai]: CyberGhost VPN.lnk . (.CyberGhost SRL - CyberGhost VPN Client.)  -- C:\Program Files\CyberGhost VPN\CyberGhost.exe 
O4 - GS\QuickLaunch [Manzai]: Droppix Recorder.lnk . (.Droppix - Droppix Recorder.)  -- C:\Program Files (x86)\Droppix\Droppix Recorder 2\Droppix Recorder\DxRecord.exe 
O4 - GS\QuickLaunch [Manzai]: FrostWire 5.6.3.lnk . (.FrostWire - FrostWire Launcher.)  -- C:\Program Files (x86)\FrostWire 5\FrostWire.exe 
O4 - GS\QuickLaunch [Manzai]: Oracle VM VirtualBox.lnk . (...)  -- C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe (.not file.)
O4 - GS\QuickLaunch [Manzai]: Winamp.lnk . (.Nullsoft, Inc. - Winamp.)  -- C:\Program Files (x86)\Winamp\winamp.exe 
O4 - GS\TaskBar [Manzai]: Task Manager.lnk . (.Microsoft Corporation - Gestionnaire des tâches.)  -- C:\Windows\system32\taskmgr.exe 
O4 - GS\Program [Manzai]: Songr.lnk . (.Xamasoft - Songr.)  -- C:\Users\Manzai\AppData\Local\Songr\Songr.exe 
O4 - GS\Desktop [Manzai]: DreaMule.lnk . (.http://www.dreamule.org - Dreamule.)  -- C:\Program Files (x86)\DreaMule\emule.exe 
O4 - GS\Desktop [Manzai]: FrostWire 5.6.3.lnk . (.FrostWire - FrostWire Launcher.)  -- C:\Program Files (x86)\FrostWire 5\FrostWire.exe 
O4 - GS\Desktop [Manzai]: Nero Express.lnk . (.Acresso Software Inc. - InstallShield.)  -- C:\Windows\Installer\{E10AAE4A-98B8-420A-BD93-E0520C23D624}\NeroExpress.exe_81A8FD91A6494AD5B4998149EAAC7E7C.exe 
O4 - GS\Desktop [Manzai]: Windows 7 USB DVD Download Tool.lnk . (.Microsoft Corporation - Microsoft Store ISO Backup Tool.)  -- C:\Users\Manzai\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe 
O4 - GS\Desktop [Manzai]: Wondershare Streaming Audio Recorder.lnk . (.WonderShare Software Co.,Ltd. - Wondershare Streaming Audio Recorder.)  -- C:\Program Files (x86)\Wondershare\Streaming Audio Recorder\StreamingAudioRecorder.exe 
~ Global Startup: 41 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe 
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe 
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.) 
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 
O4 - HKLM\..\Run: [InstallerLauncher] C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe (.not file.) 
O4 - HKLM\..\RunOnce: [ThreatdictionRemov] C:\Users\Manzai\Desktop\Threatdiction AntiVirus Beta\Threatdiction.exe (.not file.) 
O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] . (.Disc Soft Ltd - DAEMON Tools Ultra Agent.) -- C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe 
O4 - HKLM\..\Wow6432Node\Run: [LManager] Clé orpheline 
O4 - HKLM\..\Wow6432Node\Run: [RadioController] . (.Dritek System Inc. - RF Button Helper.) -- C:\Program Files (x86)\RadioController\RfBtnHelper.exe 
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe 
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe 
O4 - HKLM\..\Wow6432Node\Run: [Wondershare Helper Compact.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe 
O4 - HKLM\..\Wow6432Node\RunOnce: [aswAhAScr.dll] . (.AVAST Software - avast! RegSvr.) -- C:\Program Files\AVAST Software\Avast\aswRegSvr.exe 
O4 - HKLM\..\Wow6432Node\RunOnce: [aswasOutExt.dll] . (.AVAST Software - avast! RegSvr.) -- C:\Program Files\AVAST Software\Avast\aswRegSvr.exe 
O4 - HKLM\..\Wow6432Node\RunOnce: [aswasOutExt64.dll] . (.AVAST Software - avast! RegSvr.) -- C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe 
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (.not file.) 
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (.not file.) 
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Agent de l'application Wallet] C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (.not file.) 
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe 
O4 - HKUS\S-1-5-21-761035849-3168717432-3512893582-1001\..\Run: [DAEMON Tools Ultra Agent] . (.Disc Soft Ltd - DAEMON Tools Ultra Agent.) -- C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe 
~ Application:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FF5C19B-90B0-4663-B719-2E0C34E76340}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B1EBCD0-F775-45D5-A685-7720C9F3A8D7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FF5C19B-90B0-4663-B719-2E0C34E76340}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B1EBCD0-F775-45D5-A685-7720C9F3A8D7}: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Elan Service (ETDService) . (.ELAN Microelectronics Corp. - Elan Service.) - C:\Program Files\Elantech\ETDService.exe
O23 - Service: McAfee Boot Delay Start Service (mcbootdelaystartsvc) . (...) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (.not file.)
O23 - Service: ZAtheros Wlan Agent (ZAtheros Wlan Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
~ Services: 14 Legitimates Filtered in 00mn 07s



---\\ Logiciels installés (O42)
O42 - Logiciel: Audio Record Expert 2.0 - (.Guangming Software, Inc..) [HKLM][64Bits] -- Audio Record Expert_is1
O42 - Logiciel: Cyberfox Web Browser - (.8pecxstudios.) [HKLM][64Bits] -- {5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1
O42 - Logiciel: Droppix Recorder 2 - (.Droppix.) [HKLM][64Bits] -- DxStd2_is1
O42 - Logiciel: oggcodecs - (.illiminable.) [HKLM][64Bits] -- {D65F0073-A820-4085-B997-A061171595A7}
~ Logic: 96 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Shareaza]
[HKCU\Software\SimpleCast]
[HKLM\Software\Wow6432Node\Conduit]  =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\DCoder]
[HKLM\Software\Wow6432Node\Droppix]
~ Key Software: 198 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/09/2013 - 12:06:03 - [4,796] ----D C:\Program Files (x86)\Audio Record Expert
O43 - CFD: 07/09/2013 - 00:32:23 - [25,109] ----D C:\Program Files (x86)\DreaMule
O43 - CFD: 21/08/2013 - 20:19:43 - [26,009] ----D C:\Program Files (x86)\Droppix
O43 - CFD: 03/09/2013 - 11:37:14 - [-162,800] ----D C:\Program Files (x86)\FarCry 3
O43 - CFD: 11/03/2013 - 04:53:27 - [0,407] ----D C:\Program Files (x86)\RadioController
O43 - CFD: 01/09/2013 - 12:32:08 - [0] ----D C:\Program Files (x86)\SpacialAudio
O43 - CFD: 21/08/2013 - 20:19:59 - [5,209] ----D C:\Program Files (x86)\Common Files\Droppix
O43 - CFD: 11/03/2013 - 05:13:55 - [0,040] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 21/08/2013 - 20:31:07 - [0,539] ----D C:\ProgramData\Droppix
O43 - CFD: 21/08/2013 - 20:19:58 - [0] ----D C:\Users\Manzai\AppData\Roaming\Droppix
O43 - CFD: 21/08/2013 - 15:01:07 - [0,014] ----D C:\Users\Manzai\AppData\Roaming\lm
O43 - CFD: 02/09/2013 - 01:37:50 - [0,001] ----D C:\Users\Manzai\AppData\Local\Seven_Alien_Technologies_
O43 - CFD: 01/09/2013 - 12:32:06 - [0,000] ----D C:\Users\Manzai\AppData\Local\SpacialAudio
O43 - CFD: 21/08/2013 - 20:20:01 - [0,010] ----D C:\Users\Manzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Droppix Recorder 2
~ Program Folder: 179 Legitimates Filtered in 00mn 20s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.ADD2FE1A9F4EE41A6D724819550D4E1F] - 08/09/2013 - 11:09:32 RSHAD . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\Windows\System32\Drivers\VirtualAudio.sys   [31080]
O44 - LFC:[MD5.F9BE29D5E097F03F81D3CD12B794CB66] - 04/09/2013 - 00:50:48 RSHAD . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys   [31232]
~ Files: 36 Legitimates Filtered in 00mn 13s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{a58755dc-0a91-11e3-be70-20898465ee14}\AutoRun\command. (...) -- E:\OriginInstaller.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.286193DC28CFB4CEB8D378E20A0850A9] - 30/08/2013 - 08:48:10  . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [65336]
~ Drivers: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Manzai - r5mxbbkd.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.71E91FBB2F2FEE8638B5832EC8CC1590] [SPRF][21/08/2013] (...) -- C:\ProgramData\1377105773.bdinstall.bin   [529344]
[MD5.6FE38BB7342692F12A33DDEA72334603] [SPRF][23/08/2013] (...) -- C:\ProgramData\1377278151.bdinstall.bin   [235530]
[MD5.11D751D299B9ABDC77BFF4156C75C4CF] [SPRF][01/09/2013] (...) -- C:\Users\Manzai\AppData\Local\Temp\bitool.dll   [38480]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][25/08/2013] (...) -- C:\Users\Manzai\AppData\Local\Temp\{FF27A1A2-3DDD-470A-B354-6CC0BBEEA011}.bat   [0]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{96C2283B-8374-437E-97F5-5050E9B84A97}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe (.not file.)
O87 - FAEL: "{54EF1D26-1E67-4317-862F-5309CF19152C}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (.not file.)
O87 - FAEL: "{B59D6F63-526A-43F7-AC5A-68F2144DCFEA}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe (.not file.)
O87 - FAEL: "{EBF92FEE-2176-467C-85EC-124426A59397}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe (.not file.)
O87 - FAEL: "{1722FECA-FF02-483A-9BFD-D2E20DDD71CB}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe (.not file.)
O87 - FAEL: "TCP Query User{E2C1322B-00A5-4688-937F-CD06B855A974}C:\program files (x86)\deluge\deluge.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\deluge\deluge.exe
O87 - FAEL: "UDP Query User{C723D1C5-6FBC-46FC-BCBD-B78688964713}C:\program files (x86)\deluge\deluge.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\deluge\deluge.exe
O87 - FAEL: "TCP Query User{ED2FC78C-8474-4828-851C-68BBF65DD5F9}C:\program files (x86)\deluge\deluge.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\deluge\deluge.exe
O87 - FAEL: "UDP Query User{9625BC31-F8A8-4947-978A-F58635692053}C:\program files (x86)\deluge\deluge.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\deluge\deluge.exe
O87 - FAEL: "{262EA9EC-D82C-4ADC-82E3-6001674F06B6}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe (.not file.)
O87 - FAEL: "TCP Query User{8D9563AE-2C4B-4A5B-A3EF-38E49215E584}C:\program files (x86)\dreamule\emule.exe" | In - Public - P6 - TRUE | .(.http://www.dreamule.org - Dreamule.) -- C:\program files (x86)\dreamule\emule.exe
O87 - FAEL: "UDP Query User{CAEC88BF-F4E8-4843-8B2A-074C172CD882}C:\program files (x86)\dreamule\emule.exe" | In - Public - P17 - TRUE | .(.http://www.dreamule.org - Dreamule.) -- C:\program files (x86)\dreamule\emule.exe
~ Firewall: 281 Legitimates Filtered in 00mn 01s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.2AE0FCE620FC5A536649FA42D5A14345] [WIS][09/11/2005] (.Zentaro Kavanagh - Directshow Codecs for Speex, Vorbis, Theora and Flac..) -- C:\Windows\Installer\128b3f1.msi   [1028096]
~ WIS: 39 Legitimates Filtered in 00mn 10s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Demand 10/09/2013 257416 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 09/05/2013 46808 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 09/05/2013 137960 |  (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 20/08/2012 176640 |  (BrcmCardReader) . (.Broadcom Corp..) - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
SR - | Demand 26/04/2012 2438696 |  (CGVPNCliSrvc) . (.mobile concepts GmbH.) - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
SR - | Demand 23/10/2012 277024 |  (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Demand 16/11/2012 469648 |  (DeviceFastLaneService) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
SR - | Demand 25/06/2013 632352 |  (Disc Soft Bus Service) . (.Disc Soft Ltd.) - C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
SR - | Demand 22/11/2007 147456 |  (Droppix Service) . (.Droppix.) - C:\Program Files (x86)\Common Files\Droppix\DxService.exe
SR - | Auto 10/12/2012 350544 |  (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Demand 23/10/2012 658064 |  (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
SR - | Auto 20/11/2012 100752 |  (ETDService) . (.ELAN Microelectronics Corp..) - C:\Program Files\Elantech\ETDService.exe
SR - | Demand 11/03/2013 655624 |  (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 28/06/2013 2470736 |  (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 20/04/2012 635104 |  (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 18/07/2012 165760 |  (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 18/07/2012 276864 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/07/1658 0 |  (McAfee SiteAdvisor Service) . (...) - C:\Program Files (x86)\mcafee\SITEAD~1\mcsacore.exe
SR - | Auto 10/07/1658 0 |  (mcbootdelaystartsvc) . (...) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SR - | Demand 21/08/2013 117656 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 11/03/2013 96880 |  (RfButtonDriverService) . (.Dritek System INC..) - C:\Windows\RfBtnSvc64.exe
SR - | Auto 25/07/2013 162672 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 07/08/2013 4308320 |  (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 18/07/2012 364416 |  (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 09/11/2012 81536 |  (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
~ Services:  Scanned in 00mn 12s



---\\ Scan Additionnel (O88)
Database Version : 12902 - (11/09/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 1

[HKLM\Software\Wow6432Node\Conduit]   =>Toolbar.Conduit^
~ Additionnel Scan: 188229 Items scanned in 00mn 35s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit   =>Toolbar.Conduit
~ MSI: 1 link(s) detected in 00mn 35s



~ 960 Legitimates filtered by white list
End of the scan (420 lines in 01mn 56s)(0)