Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.4.23.42 - Nicolas Coolman (23/04/2014)
~ Lancé par pc (23/04/2014 19:27:44)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17041 (Defaut)
GCIE: Google Chrome v34.0.1847.116
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Ultimate, 32-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
---\\ Informations sur le système
~ Processor: x86 Family 15 Model 4 Stepping 9, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 959 MB (4% free)
System Restore: Activé (Enable)
System drive C: has 13 GB (10%) free of 124 GB
---\\ Mode de connexion au système
~ Computer Name: PC-PC
~ User Name: pc
~ All Users Names: pc, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\pc\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\pc\AppData\Roaming\
~ %Desktop% : C:\Users\pc\Desktop\
~ %Favorites% : C:\Users\pc\Favorites\
~ %LocalAppData% : C:\Users\pc\AppData\Local\
~ %StartMenu% : C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 13 Go of 124 Go)
D: Hard drive, Flash drive, Thumb drive (Free 113 Go of 293 Go)
E: Hard drive, Flash drive, Thumb drive (Free 72 Go of 342 Go)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 01s
---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/03/2014 - 06:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 02s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/7
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 2/1033
~ Mon Bureau (My Desktop) : 1/830
~ Menu demarrer (Programs) : 1/2
~ Hidden Files: Scanned in 00mn 18s
---\\ Processus lancés
[MD5.B70BCC55743C5A5BD7C7C6D6A02BB6F9] - (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\Windows\SOUNDMAN.exe [604704] [PID.1992]
[MD5.90DBFCC0826ACA3E4B58CF37794BA6CF] - (.LeapFrog Enterprises, Inc. - Monitor Application.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [103936] [PID.2024]
[MD5.3B01B800A43CF3FAF5AAA78315BC2148] - (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files\Winamp\winampa.exe [74752] [PID.2032]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [136176] [PID.248]
[MD5.6B87742F27B087AF7FD4ADC2DB685DE0] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [49152] [PID.320]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.208]
[MD5.4C08FB7ACB28689B586D986D3F5826CF] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [49152] [PID.2088]
[MD5.D998FA33E11467D43A9BB7E9D3BAD124] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7867392] [PID.7668]
[MD5.1EE3643D1AA747222427F63353611AD7] - (.Microsoft Corporation - Antimalware Service Executable.) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216] [PID.784]
[MD5.86ACB6A60C50E99EB8E68710D5A12654] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\Windows\system32\Ati2evxx.exe [733184] [PID.896]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1516]
[MD5.2E4746D0C265E1233FA47062C9666F7F] - (.LeapFrog Enterprises, Inc. - CommandService Application.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [7391232] [PID.1948]
[MD5.E4AA07F8BCBCB66EF115C443CD45C7A2] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Servi.) -- C:\Program Files\Microsoft Security Client\NisSrv.exe [279776] [PID.3744]
[MD5.2C49B175AEE1D4364B91B531417FE583] - (.Microsoft Corporation - Programme d’installation pour les modules W.) -- C:\Windows\servicing\TrustedInstaller.exe [204800] [PID.8096]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.7484]
~ Processes Running: Scanned in 00mn 28s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 45s
~ Nombre de lignes (Lines number): 11453
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: EverestPoker.fr.lnk . (.Playtech - Playtech Client Engine Application.) -- C:\Poker\EverestPoker.fr\casino.exe
O4 - GS\Desktop [Public]: LeapFrog Connect.lnk . (.LeapFrog Enterprises, Inc. - LeapFrog Connect Application.) -- C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe
O4 - GS\Desktop [Public]: Shareaza.lnk . (.Shareaza Development Team - Shareaza Ultimate File Sharing.) -- C:\Program Files\Shareaza\Shareaza.exe
O4 - GS\Desktop [Public]: Turbopoker.fr.lnk . (.Playtech - Playtech Client Engine Application.) -- C:\Poker\Turbopoker.fr\casino.exe
O4 - GS\Desktop [Public]: Vuze.lnk . (...) -- C:\Program Files\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
O4 - GS\Program [Public]: EverestPoker.fr.lnk . (.Playtech - Playtech Client Engine Application.) -- C:\Poker\EverestPoker.fr\casino.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Turbopoker.fr.lnk . (.Playtech - Playtech Client Engine Application.) -- C:\Poker\Turbopoker.fr\casino.exe
O4 - GS\Program [Public]: Vuze.lnk . (...) -- C:\Program Files\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
O4 - GS\QuickLaunch [pc]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [pc]: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
O4 - GS\QuickLaunch [pc]: Shareaza.lnk . (.Shareaza Development Team - Shareaza Ultimate File Sharing.) -- C:\Program Files\Shareaza\Shareaza.exe
O4 - GS\QuickLaunch [pc]: Vuze.lnk . (...) -- C:\Program Files\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
O4 - GS\TaskBar [pc]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [pc]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [pc]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [pc]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [pc]: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
O4 - GS\Desktop [pc]: PokerStars.fr.lnk . (.PokerStars - PokerStars Update.) -- C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe
O4 - GS\Desktop [pc]: USB Reader - Raccourci.lnk - Clé orpheline
~ Global Startup: 65 Legitimates Filtered in 00mn 18s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\Windows\SOUNDMAN.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [Monitor] . (.LeapFrog Enterprises, Inc. - Monitor Application.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
O4 - HKLM\..\Run: [WinampAgent] . (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fst_fr_156] Clé orpheline =>Adware.FreeSoftToday
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-929327520-2643527368-530078590-1000\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd
O4 - HKUS\S-1-5-21-929327520-2643527368-530078590-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
~ Application: Scanned in 00mn 02s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\Windows\Tasks\5b17ddc9-1405-4cea-b8a0-5d3171d2130b-1.job [1370] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5b17ddc9-1405-4cea-b8a0-5d3171d2130b-2.job [1356] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5b17ddc9-1405-4cea-b8a0-5d3171d2130b-3.job [2760] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5b17ddc9-1405-4cea-b8a0-5d3171d2130b-4.job [2364] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\5b17ddc9-1405-4cea-b8a0-5d3171d2130b-5.job [1444] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-1.job [1454] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-2.job [1432] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-3.job [3108] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-4.job [2200] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-5.job [1528] =>PUP.CrossRider
~ Scheduled Task: 13 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\PMU]
[HKCU\Software\Shareaza]
[HKLM\Software\HQ-Vid-Pro-1.9] =>PUP.CrossRider
[HKLM\Software\Shareaza]
[HKLM\Software\anset]
[HKLM\Software\free_soft_today] =>Adware.FreeSoftToday
~ Key Software: 100 Legitimates Filtered in 00mn 03s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/02/2014 - 21:32:42 - [] ----D C:\Program Files\PokerStars.FR
O43 - CFD: 22/12/2013 - 11:25:18 - [] ----D C:\Program Files\Shareaza
O43 - CFD: 26/07/2013 - 21:06:43 - [] ----D C:\Users\pc\AppData\Roaming\fr.barrierepoker.air
O43 - CFD: 25/10/2012 - 20:27:32 - [] ----D C:\Users\pc\AppData\Roaming\fr.barrierepoker.air.D043989C8F5E91300BF71855036B28F854BB8613.1
O43 - CFD: 06/10/2013 - 16:04:29 - [] ----D C:\Users\pc\AppData\Roaming\PMU
O43 - CFD: 22/12/2013 - 11:25:43 - [] ----D C:\Users\pc\AppData\Roaming\Shareaza
O43 - CFD: 07/08/2013 - 15:02:26 - [] ----D C:\Users\pc\AppData\Roaming\wam
O43 - CFD: 07/07/2013 - 15:47:53 - [] ----D C:\Users\pc\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 23/04/2014 - 15:38:29 - [] -SH-D C:\Users\pc\AppData\Local\EmieSiteList
O43 - CFD: 23/04/2014 - 15:38:29 - [] -SH-D C:\Users\pc\AppData\Local\EmieUserList
O43 - CFD: 25/02/2014 - 01:01:01 - [] ----D C:\Users\pc\AppData\Local\PokerStars.FR
O43 - CFD: 22/12/2013 - 11:25:42 - [] ----D C:\Users\pc\AppData\Local\Shareaza
~ 526 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 661 Legitimates Filtered in 01mn 14s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/04/2014 - 17:35:16 ---A- . (...) -- C:\Windows\System32\FAPBCB2.tmp [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/04/2014 - 17:55:25 ---A- . (...) -- C:\Windows\System32\FAP2DF5.tmp [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/04/2014 - 17:55:28 ---A- . (...) -- C:\Windows\System32\FAP3991.tmp [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/04/2014 - 17:55:39 ---A- . (...) -- C:\Windows\System32\FAP6670.tmp [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/04/2014 - 17:56:12 ---A- . (...) -- C:\Windows\System32\FAPE7B9.tmp [0]
O44 - LFC:[MD5.42BE2D8C55372A81A9AB43EF8ACB6BCE] - 23/04/2014 - 18:33:38 ---A- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [22464]
O44 - LFC:[MD5.42BE2D8C55372A81A9AB43EF8ACB6BCE] - 23/04/2014 - 18:33:38 ---A- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [22464]
~ Files: 51 Legitimates Filtered in 01mn 13s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.36D55E168DEF98C473CA0F455CBC9030] - 23/04/2014 - 11:47:28 ---A- - C:\Windows\Prefetch\CCLEANER.EXE-E5FE256A.pf =>.Piriform Ltd
O45 - LFCP:[MD5.31FD903ED75C040E3531DC8D84FCA7AF] - 23/04/2014 - 16:14:08 ---A- - C:\Windows\Prefetch\HQ-VID-PRO-1.9-BG.EXE-8369B526.pf =>PUP.CrossRider
O45 - LFCP:[MD5.980C2BA3CE16CCA8885E7D4D100FDC31] - 23/04/2014 - 15:51:09 ---A- - C:\Windows\Prefetch\HQ-VID-PRO-1.9-CODEDOWNLOADER-9D59D50B.pf =>PUP.CrossRider
O45 - LFCP:[MD5.ACB9FAA50C0ADF45E5BFAE3C6033C55E] - 23/04/2014 - 16:14:09 ---A- - C:\Windows\Prefetch\MEDIAPLAYERPLUS-BG.EXE-39588C38.pf =>PUP.CrossRider
O45 - LFCP:[MD5.15431C69BA2C79089756531EEA2CE94E] - 23/04/2014 - 15:52:15 ---A- - C:\Windows\Prefetch\MEDIAPLAYERPLUS-CODEDOWNLOADE-412E5F5D.pf =>PUP.CrossRider
O45 - LFCP:[MD5.0FF6AC0CEACC00B49DE5F65619E9E132] - 22/04/2014 - 21:33:09 ---A- - C:\Windows\Prefetch\RE-MARKITFQL.EXE-3C5AE4AC.pf =>PUP.ReMarkIt
~ Prefetcher: 6 Legitimates Filtered in 00mn 01s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 17 Legitimates Filtered in 00mn 11s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 20/04/2014 - 19:37:19 ---A- . (...) -- C:\Users\pc\Downloads\Java.exe [448912]
O61 - LFC: 23/04/2014 - 19:36:49 ---A- . (...) -- C:\Users\pc\Desktop\adwcleaner.exe [1345299]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 4 Legitimates Filtered in 21mn 33s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 01s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [pc - jouebsz8.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 01s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.58FF3BA4A5A34A20D6E0E095F05D1939] [SPRF][23/04/2014] (...) -- C:\Users\pc\Desktop\adwcleaner.exe [1345299]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\Azureus_RASAPI32 =>P2P.Azureus
HKLM\SOFTWARE\Microsoft\Tracing\Azureus_RASMANCS =>P2P.Azureus
HKLM\SOFTWARE\Microsoft\Tracing\Everest Pokerfr_RASAPI32 =>PUP.Casino
HKLM\SOFTWARE\Microsoft\Tracing\Everest Pokerfr_RASMANCS =>PUP.Casino
HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerApp_RASAPI32 =>PUP.Manager
HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerApp_RASMANCS =>PUP.Manager
~ BTK: 136 Legitimates Filtered in 00mn 02s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 30/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 11/02/2010 733184 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SR - | Auto 27/09/2013 7391232 | (LeapFrog Connect Device Service) . (.LeapFrog Enterprises, Inc..) - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
SR - | Auto 11/03/2014 22216 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 01mn 34s
---\\ Scan Additionnel (O88)
Database Version : 13045 - (23/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 12
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_156 =>Adware.FreeSoftToday^
C:\Windows\Tasks\5b17ddc9-1405-4cea-b8a0-5d3171d2130b-1.job =>PUP.CrossRider^
C:\Windows\Tasks\5b17ddc9-1405-4cea-b8a0-5d3171d2130b-2.job =>PUP.CrossRider^
C:\Windows\Tasks\5b17ddc9-1405-4cea-b8a0-5d3171d2130b-3.job =>PUP.CrossRider^
C:\Windows\Tasks\5b17ddc9-1405-4cea-b8a0-5d3171d2130b-4.job =>PUP.CrossRider^
C:\Windows\Tasks\5b17ddc9-1405-4cea-b8a0-5d3171d2130b-5.job =>PUP.CrossRider^
C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-1.job =>PUP.CrossRider^
C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-2.job =>PUP.CrossRider^
C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-3.job =>PUP.CrossRider^
C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-4.job =>PUP.CrossRider^
C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-5.job =>PUP.CrossRider^
[HKLM\Software\HQ-Vid-Pro-1.9] =>PUP.CrossRider ^
[HKLM\Software\free_soft_today] =>Adware.FreeSoftToday^
~ Additionnel Scan: 189755 Items scanned in 05mn 11s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/33340107-adware-freesofttoday =>Adware.FreeSoftToday
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
http://nicolascoolman.webs.com/apps/blog/show/36657231-pup-remarkit =>PUP.ReMarkIt
http://nicolascoolman.webs.com/apps/blog/show/34213529-pup-manager =>PUP.Manager
~ MSI: 4 link(s) detected in 00mn 00s
~ 1308 Legitimates filtered by white list
End of the scan (410 lines in 58mn 05s)(0)