~ Rapport de ZHPDiag v2014.5.19.69 - Nicolas Coolman (19/05/2014) ~ Lancé par Josie (21/05/2014 09:04:42) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Blog d'analyse software : http://nicolascoolman.byethost7.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.17107 MFIE: Mozilla Firefox 29.0.1 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel Windows ID Activation : OK ~ Windows Partial Key : WWP6M Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système avast! Free Antivirus v9.0.2018 Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v4.13 ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 13 Plugin Adobe Reader XI Java 7 Update 55 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3785 MB (36% free) System Restore: Activé (Enable) System drive C: has 349 GB (74%) free of 466 GB ---\\ Mode de connexion au système ~ Computer Name: JOSIE-PC ~ User Name: Josie ~ All Users Names: Josie, HomeGroupUser$, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Josie\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Josie\AppData\Roaming\ ~ %Desktop% : C:\Users\Josie\Desktop\ ~ %Favorites% : C:\Users\Josie\Favorites\ ~ %LocalAppData% : C:\Users\Josie\AppData\Local\ ~ %StartMenu% : C:\Users\Josie\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 349 Go of 466 Go) D: CD-ROM drive (Not Inserted) E: Hard drive, Flash drive, Thumb drive (Free 221 Go of 466 Go) F: CD-ROM drive (Not Inserted) G: Hard drive, Flash drive, Thumb drive (Free 182 Go of 373 Go) H: Hard drive, Flash drive, Thumb drive (Free 78 Go of 233 Go) I: Hard drive, Flash drive, Thumb drive (Free 50 Go of 233 Go) K: Floppy drive, Flash card reader, USB Key (Not Inserted) M: Floppy drive, Flash card reader, USB Key (Not Inserted) N: Floppy drive, Flash card reader, USB Key (Not Inserted) O: Floppy drive, Flash card reader, USB Key (Not Inserted) Q: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 49 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:32.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/03/2014 - 07:22:40.) -- C:\Windows\System32\wininet.dll [2260480] [MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.25/02/2011 - 07:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes musiques (My Musics) : 3/163 ~ Mes Favoris (My Favorites) : 1/27 ~ Mes Documents (My Documents) : 1/426 ~ Mon Bureau (My Desktop) : 2/1560 ~ Menu demarrer (Programs) : 1/77 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.4AC28B51530D3A93B3F27EB7A72F575F] - (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe [630784] [PID.1468] [MD5.1E74C3EF30DB23A730751E0068E76ED4] - (.Winstep Software Technologies - NeXuS.) -- C:\Program Files (x86)\Winstep\Nexus.exe [16957056] [PID.1492] [MD5.1A42F95615006278BC60D88118A1B696] - (.FireStarter - PrtScr.) -- C:\Program Files (x86)\PrtScr\PrtScr.exe [1700864] [PID.1456] [MD5.0916D660A63EB75166F6419689A42242] - (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Josie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224] [PID.1776] [MD5.CCCDC7B64CFF96C977B0FADC24434628] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Josie\AppData\Roaming\Dropbox\bin\Dropbox.exe [33322312] [PID.1908] [MD5.FF0281EC719FA5DF87ACBE948FD07C7E] - (.RaMMicHaeL - Unchecky Background Process.) -- C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe [320104] [PID.3744] [MD5.929D2915F04473314E55223AB17E8D65] - (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe [534160] [PID.4676] [MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.4688] [MD5.D9FAA5EFEB27DDBE99C720B9069A451E] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4780] [MD5.0DA891CB0703D912CEAFA072F54D002B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5248] [MD5.0667ED9F8E905E1F73DB60ACCEDCBCA7] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [811728] [PID.6500] [MD5.322522D6FF36A539CAD732D182FA6D18] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7878656] [PID.4296] [MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1332] [MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1920] [MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1952] [MD5.16FB3C63287DC1E0061101012844F26F] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [163608] [PID.2928] [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2996] [MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.656] [MD5.788BC2196086CC830442EC2D6D847666] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247088] [PID.1012] [MD5.97F6FFB8A305A77D25C6C0E07B71D252] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [5024576] [PID.3424] [MD5.AD4EC2140D66F0259EE018D2B759217A] - (.Pas de propriétaire - CLCapSvc Module.) -- C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [464224] [PID.3592] [MD5.6EB6FD8153210AA94E18FB66A44F6A75] - (.RaMMicHaeL - Unchecky Service.) -- C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [107624] [PID.3648] [MD5.87F79BBE778B586F0FE74C8216E40502] - (.Winstep Software Technologies - Winstep Xtreme Helper Service.) -- C:\Program Files (x86)\Winstep\WsxService.exe [377344] [PID.3736] [MD5.7EFAAD0EDFA32D9FE0CCAD24008FCAD9] - (.Pas de propriétaire - CLSched Module.) -- C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [189792] [PID.3836] [MD5.8D7E37CDE7393D59C46A3A61D30C6228] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.4188] [MD5.F8626F1D56FA417C3B4AB6114D8471D5] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.5784] ~ Processes Running: Scanned in 00mn 02s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Josie\AppData\Roaming\Mozilla\Firefox\Profiles\5uu72yaw.default-1371022581483\prefs.js M3 - MFPP: Plugins - [Josie] -- C:\Users\Josie\AppData\Roaming\Mozilla\Firefox\Profiles\5uu72yaw.default-1371022581483\searchplugins\pc-astuces.xml M2 - MFEP: prefs.js [Josie - 5uu72yaw.default-1371022581483\faviconrestorer@masserog.it] [] Favicon Restorer v1.4 (..) M2 - MFEP: prefs.js [Josie - 5uu72yaw.default-1371022581483\{0545b830-f0aa-4d7e-8820-50a4629a56fe}] [] ColorfulTabs v1.4 (..) P2 - FPN: [HKCU] [vitzo.com/VDownloader] - (.Vitzo - VDownloader browser plug-in.) -- C:\Program Files\VDownloader\Addons\npVDownloader.dll ~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 03s ~ Nombre de lignes (Lines number): 16216 ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe O4 - HKCU\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe O4 - HKCU\..\Run: [Nexus] . (.Winstep Software Technologies - NeXuS.) -- C:\Program Files (x86)\Winstep\Nexus.exe O4 - HKCU\..\Run: [Classic] . (.ZapWallPaper - ZapWallPaper-Classic.) -- C:\Program Files (x86)\ZapWallPaper\Classic\ZapWallPaper-Classic.exe O4 - HKCU\..\Run: [PrtScr by FireStarter] . (.FireStarter - PrtScr.) -- C:\Program Files (x86)\PrtScr\PrtScr.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Josie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe O4 - HKLM\..\Wow6432Node\Run: [KeyScrambler] . (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files (x86)\KeyScrambler\keyscrambler.exe O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKUS\S-1-5-21-659074836-2778573553-485348502-1000\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe O4 - HKUS\S-1-5-21-659074836-2778573553-485348502-1000\..\Run: [Nexus] . (.Winstep Software Technologies - NeXuS.) -- C:\Program Files (x86)\Winstep\Nexus.exe O4 - HKUS\S-1-5-21-659074836-2778573553-485348502-1000\..\Run: [Classic] . (.ZapWallPaper - ZapWallPaper-Classic.) -- C:\Program Files (x86)\ZapWallPaper\Classic\ZapWallPaper-Classic.exe O4 - HKUS\S-1-5-21-659074836-2778573553-485348502-1000\..\Run: [PrtScr by FireStarter] . (.FireStarter - PrtScr.) -- C:\Program Files (x86)\PrtScr\PrtScr.exe O4 - HKUS\S-1-5-21-659074836-2778573553-485348502-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-659074836-2778573553-485348502-1000\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Josie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe ~ Application: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{BC7BA4B0-A637-4CD4-8F77-B891E8BBAF39}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{BC7BA4B0-A637-4CD4-8F77-B891E8BBAF39}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{BC7BA4B0-A637-4CD4-8F77-B891E8BBAF39}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) -- ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) . (.Pas de propriétaire - CLCapSvc Module.) - C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) . (.Pas de propriétaire - CLSched Module.) - C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ~ Services: 19 Legitimates Filtered in 00mn 04s ---\\ Tâches planifiées en automatique (O39) [MD5.D41D8CD98F00B204E9800998ECF8427E] [APT] [CleanTemps] (...) -- C:\MaConfig\Process\CleanTemps.cmd" [198] [MD5.00000000000000000000000000000000] [APT] [{39B8BB2A-8FA3-4CD8-9BCD-95F72A5D176A}] (...) -- C:\Users\Josie\Desktop\U.RCeleb\U.R.Celeb251.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{41B2B32C-E14C-4A95-8E36-397351DA0247}] (...) -- C:\Program Files (x86)\Jig Swap Puzzle\Uninstall.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{676E3E49-C58A-47BC-AB60-EF8485618B1D}] (...) -- C:\Users\Josie\Desktop\DirectX9.0c.exe (.not file.) [0] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize [324] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1062] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1066] O39 - APT: - (..) -- C:\Windows\System32\Tasks\HP Photo Creations Communicator [338] ~ Scheduled Task: 21 Legitimates Filtered in 00mn 02s ---\\ Logiciels installés (O42) O42 - Logiciel: 3DRT Dominos Shareware (Désinstaller) - (...) [HKLM][64Bits] -- 3DRT Dominos Shareware O42 - Logiciel: 6MPuzzles 1.1 - (.Simboloxico.) [HKLM][64Bits] -- {79F06D68-95DC-4D64-AF74-EEBC8C8A7A20}_is1 O42 - Logiciel: Findi 1.0 - (.Alain Lecherbault.) [HKLM][64Bits] -- Findi_is1 O42 - Logiciel: FontView version 3.3 - (.Hervé Thouzard.) [HKLM][64Bits] -- FontView_is1 O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {2CF22C94-1369-4C04-9A5F-A4BC6D91B508} O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail O42 - Logiciel: Le jeu des 7 erreurs - (...) [HKLM][64Bits] -- {761615D5-0AD5-4DFA-9774-B79F98A3E4E6} O42 - Logiciel: Mahjong Legacy of Toltecs - (.FreeGamePick.com.) [HKLM][64Bits] -- Mahjong Legacy of Toltecs_is1 O42 - Logiciel: Micro Motus - (...) [HKLM][64Bits] -- Micro Motus O42 - Logiciel: U.R.Celeb 2.51 - (.Amir Galanti.) [HKLM][64Bits] -- U.R.Celeb O42 - Logiciel: Video Rotator V1.0 - (.VideoRotator.com.) [HKLM][64Bits] -- Video Rotator_is1 ~ Logic: 20 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\3DRT Dominos Shareware] [HKCU\Software\GottCode] [HKCU\Software\IncrediMail] [HKCU\Software\MovieCollection] [HKCU\Software\babidyxp] [HKCU\Software\co] [HKCU\Software\iDealshare] [HKLM\Software\Wow6432Node\iDealshare] ~ Key Software: 503 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 03/06/2013 - 21:06:22 - [] ----D C:\Program Files (x86)\6MPuzzles O43 - CFD: 02/06/2013 - 18:00:54 - [] ----D C:\Program Files (x86)\Cartes de Visite O43 - CFD: 02/06/2013 - 23:04:25 - [] ----D C:\Program Files (x86)\ChangIcon O43 - CFD: 04/11/2013 - 14:15:39 - [] ----D C:\Program Files (x86)\DateCalc O43 - CFD: 02/06/2013 - 18:16:51 - [] ----D C:\Program Files (x86)\EuroThink O43 - CFD: 03/06/2013 - 21:12:09 - [] ----D C:\Program Files (x86)\findi O43 - CFD: 07/06/2013 - 08:46:52 - [] ----D C:\Program Files (x86)\FontView O43 - CFD: 20/06/2013 - 11:36:36 - [] ----D C:\Program Files (x86)\FSL O43 - CFD: 02/06/2013 - 18:37:50 - [] ----D C:\Program Files (x86)\IncrediMail O43 - CFD: 01/04/2014 - 07:58:00 - [] ----D C:\Program Files (x86)\LucasChess O43 - CFD: 06/04/2014 - 14:29:48 - [] ----D C:\Program Files (x86)\Micranes System O43 - CFD: 03/06/2013 - 21:21:29 - [] ----D C:\Program Files (x86)\Micro Motus O43 - CFD: 12/07/2013 - 11:22:58 - [] ----D C:\Program Files (x86)\OneLoupe O43 - CFD: 07/09/2013 - 10:02:00 - [] ----D C:\Program Files (x86)\Pically O43 - CFD: 20/09/2013 - 10:18:25 - [] ----D C:\Program Files (x86)\Tanglet O43 - CFD: 06/07/2013 - 15:29:10 - [] ----D C:\Program Files (x86)\U.R.Celeb O43 - CFD: 28/11/2013 - 10:34:54 - [] ----D C:\Program Files (x86)\VideoRotator O43 - CFD: 14/08/2013 - 14:52:40 - [] ----D C:\ProgramData\20000Leagues O43 - CFD: 02/06/2013 - 18:38:34 - [] ----D C:\ProgramData\IM O43 - CFD: 02/06/2013 - 18:37:51 - [] ----D C:\ProgramData\IncrediMail O43 - CFD: 14/08/2013 - 14:52:40 - [] ----D C:\Users\Josie\AppData\Roaming\20000Leagues O43 - CFD: 23/11/2013 - 14:34:50 - [] ----D C:\Users\Josie\AppData\Roaming\6MPuzzles O43 - CFD: 06/07/2013 - 13:23:50 - [] ----D C:\Users\Josie\AppData\Roaming\Dexclock O43 - CFD: 04/02/2014 - 00:37:20 - [] ----D C:\Users\Josie\AppData\Roaming\Flo & Seb Engineering O43 - CFD: 26/02/2014 - 23:53:14 - [] ----D C:\Users\Josie\AppData\Roaming\iDealshare VideoAll O43 - CFD: 12/07/2013 - 08:18:21 - [] ----D C:\Users\Josie\AppData\Roaming\Mahjong LoT O43 - CFD: 05/07/2013 - 09:24:07 - [] ----D C:\Users\Josie\AppData\Roaming\Oniton O43 - CFD: 01/04/2014 - 08:12:16 - [] ----D C:\Users\Josie\AppData\Roaming\Shortcut O43 - CFD: 08/05/2014 - 07:55:27 - [] ----D C:\Users\Josie\AppData\Roaming\YoutubeToMp3Converter O43 - CFD: 14/10/2013 - 10:18:59 - [] ----D C:\Users\Josie\AppData\Local\Ausschneiden O43 - CFD: 29/11/2013 - 20:37:44 - [] ----D C:\Users\Josie\AppData\Local\IM O43 - CFD: 06/04/2014 - 14:31:14 - [] ----D C:\Users\Josie\AppData\Local\Micranes_System O43 - CFD: 25/09/2013 - 08:03:52 - [] ----D C:\Users\Josie\AppData\Local\MovieCollection O43 - CFD: 14/10/2013 - 10:08:51 - [] ----D C:\Users\Josie\AppData\Local\NGPR O43 - CFD: 03/06/2013 - 21:21:22 - [0] ----D C:\Users\Josie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Micro Motus O43 - CFD: 05/07/2013 - 09:40:53 - [0] ----D C:\Users\Josie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\U.R.Celeb ~ Program Folder: 386 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.6D488BD56CDBF4BBCBEE27998F6D3265] - 18/05/2014 - 13:08:37 ---A- . (...) -- C:\Windows\system32co0100.dat [1356] O44 - LFC:[MD5.340B0467E98A8C92697D73034DB4BCB7] - 19/05/2014 - 11:54:08 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] ~ Files: 53 Legitimates Filtered in 00mn 01s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{3db112be-2a5b-11e3-859f-3085a9acb5ce}\AutoRun\command. (...) -- L:\CHECKINS.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Hifito [Key] . (...) -- C:\Program Files (x86)\Hifito\Hifito.exe O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe O53 - SMSR:HKLM\...\startupreg\VDownloader [Key] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe O53 - SMSR:HKLM\...\startupreg\Zune Launcher [Key] . (...) -- C:\Program Files\Zune\ZuneLauncher.exe (.not file.) ~ SMSR Keys: 33 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1 ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:01/06/2013 - 12:56:58 ---A- . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys [31920] O58 - SDL:19/05/2014 - 11:54:08 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software O58 - SDL:19/05/2014 - 11:54:08 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software O58 - SDL:19/05/2014 - 11:54:08 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:16/07/2008 - 07:59:32 ---A- . (.Pas de propriétaire - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [35840] O58 - SDL:22/04/2009 - 12:46:06 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [3552384] O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:13/07/2009 - 00:09:20 ---A- . (...) -- C:\Windows\System32\Drivers\uxpatch.sys [30568] O58 - SDL:02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296] ~ Drivers: 81 Legitimates Filtered in 00mn 00s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 19/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID ~ Legacy: 82 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: prefs.js [Josie - 5uu72yaw.default-1371022581483] user_pref("weboftrust.search.ask.display", "Ask.com Web Search"); O69 - SBI: SearchScopes [HKCU] {52F931E5-C5BB-4834-9037-D56D24661337} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {A5C4FEFF-EB10-4330-BE56-2764C9B24333} [DefaultScope] - ((www.google.com) Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 29/01/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Auto 14/04/2014 108032 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe SS - | Auto 02/06/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 02/06/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 13/06/2013 357144 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Demand 09/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 09/10/2006 724992 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 19/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 02/02/2012 628448 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Demand 15/05/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 06/03/2012 163608 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 06/03/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 29/09/2009 247088 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe SR - | Auto 25/04/2014 5024576 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe SR - | Auto 29/09/2009 464224 | (TVECapSvc) . (...) - C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe SR - | Auto 29/09/2009 189792 | (TVESched) . (...) - C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe SR - | Auto 05/05/2014 107624 | (Unchecky) . (.RaMMicHaeL.) - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe SR - | Auto 06/03/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 13/07/2009 24168 | (UnsignedThemes) . (.The Within Network, LLC.) - C:\Windows\UnsignedThemesSvc.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 13029 - (19/05/2014) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 ~ Additionnel Scan: 377179 Items scanned in 00mn 42s ~ 1225 Legitimates filtered by white list End of the scan (452 lines in 01mn 21s)(0)