Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2013.8.15.23 - Nicolas Coolman (15/08/2013)
~ Lancé par Jacques (16/08/2013 18:41:52)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16660 (Defaut)
MFIE: Mozilla Firefox 23.0
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 8TFF7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Avira Free Antivirus v13.0.0.3885
Malwarebytes Anti-Malware version 1.75.0.1300
Spybot - Search & Destroy v2.1.19
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v4.04 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 25
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3975 MB (61% free)
System Restore: Activé (Enable)
System drive C: has 369 GB (88%) free of 415 GB
---\\ Mode de connexion au système
~ Computer Name: JACQUES-PC
~ User Name: Jacques
~ All Users Names: Jacques, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\Jacques\AppData\Roaming\
~ %Desktop% : C:\Users\Jacques\Desktop\
~ %Favorites% : C:\Users\Jacques\Favorites\
~ %LocalAppData% : C:\Users\Jacques\AppData\Local\
~ %StartMenu% : C:\Users\Jacques\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 369 Go of 415 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 29 Go of 50 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AC155DD9BD1E6D3B740826A4D1C68AAE] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/07/2013 - 06:13:37.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application douverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/240
~ Mes musiques (My Musics) : 65/292
~ Mes Videos (My Videos) : 1/8
~ Mes Favoris (My Favorites) : 1/129
~ Mes Documents (My Documents) : 1/79
~ Mon Bureau (My Desktop) : 1/29
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés au démarrage su système
[MD5.5AFBECFB77B2D7850B4D6D0D4ABE4FA0] - (.SundryTools - PasteCopy.NET.) -- C:\Program Files (x86)\PasteCopy.NET\PasteCopy.exe [803328] [PID.2044]
[MD5.4631FF0EE2964CCDC646AF807CB778F5] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144] [PID.2148]
[MD5.6A88DA10D061B2CF91818EF953574594] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [92024] [PID.4712]
[MD5.C5C520B24CADC7A4BF0113EB5F170004] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7822336] [PID.4232]
[MD5.99387251353598C939592FAF40DF8AA9] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024] [PID.1376]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1876]
[MD5.8491FDA93507F2F27FFBA11372764086] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088] [PID.1912]
[MD5.7F5CD87CA5BDB4D83F992D8C77201483] - (.CyberLink - CyberLink Spark Media Server Monitor Servic.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952] [PID.1056]
[MD5.9FAF58E876A3B1DB3030A0A5805F2D86] - (.CyberLink - CyberLink Spark Media Server Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616] [PID.1300]
[MD5.95AA9E165C7DE1B64A11E8B18E91E499] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560] [PID.2172]
[MD5.D31398D4BB4907B517B6E784C2100C4A] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688] [PID.3040]
[MD5.6AE8E702D1027A9627DDE2B77BB9992B] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928] [PID.2880]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.2792]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.3360]
[MD5.1584DEEAE5AA0E3FB045F3D0EAC585EA] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.3640]
[MD5.FC43877B4625F6EB773C98233EB625C5] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.2980]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Jacques\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Jacques\AppData\Roaming\Mozilla\Firefox\Profiles\fo0sk2n1.default\prefs.js
C:\Users\Jacques\AppData\Roaming\Mozilla\Firefox\Profiles\fo0sk2n1.default\user.js
M3 - MFPP: Plugins - [Jacques] -- C:\Users\Jacques\AppData\Roaming\Mozilla\Firefox\Profiles\fo0sk2n1.default\searchplugins\aide-de-firefox.xml
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com
R3 - URLSearchHook: Flip - Connect with Friends [64Bits] - {4DA729A4-684A-4034-A45B-6D56CEAAE92B} . (.Pas de propriétaire - Flip - Connect with friends.) (2.0.0.1) -- C:\Program Files (x86)\Discovery Tools\ietb.dll
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 02s
~ Nombre de lignes (Lines number): 15476
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: QFX Software KeyScrambler [64Bits] - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} . (.QFX Software Corporation - KeyScrambler Program DLL.) -- C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Flipora [64Bits] - {63E60077-EDE9-427a-BAD0-2ED15FADA0A8} . (.Pas de propriétaire - Flip - Connect with friends.) -- C:\Program Files (x86)\Discovery Tools\ietb.dll
~ BHO: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKCU\..\Run: [PasteCopy.NET] . (.SundryTools - PasteCopy.NET.) -- C:\Program Files (x86)\PasteCopy.NET\PasteCopy.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-4009439382-4184187174-2618772190-1000\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKUS\S-1-5-21-4009439382-4184187174-2618772190-1000\..\Run: [PasteCopy.NET] . (.SundryTools - PasteCopy.NET.) -- C:\Program Files (x86)\PasteCopy.NET\PasteCopy.exe
O4 - HKUS\S-1-5-21-4009439382-4184187174-2618772190-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-21-4009439382-4184187174-2618772190-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd
O4 - GS\TaskBar: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files (x86)\Glary Utilities\Integrator.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\TaskBar: Sticky Notes.lnk . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\system32\StikyNot.exe
O4 - GS\TaskBar: TuneUp Utilities - Startoberfläche.lnk . (.TuneUp Software - TuneUp Utilities - Startoberfläche.) -- C:\Program Files (x86)\TuneUp Utilities 2013\Integrator.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
O4 - GS\TaskBar: Windows Live Photo Gallery.lnk . (.Microsoft Corporation - Windows Live Photo Gallery.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files (x86)\Glary Utilities\Integrator.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\QuickLaunch: PasteCopy.NET.lnk . (.SundryTools - PasteCopy.NET.) -- C:\Program Files (x86)\PasteCopy.NET\PasteCopy.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Notepad.lnk . (.Microsoft Corporation - Bloc-notes.) -- C:\Windows\system32\notepad.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\Desktop: Billard 3 bandes - Raccourci.lnk . (...) -- C:\Users\Jacques\Downloads\Billard 3 bandes
O4 - GS\Desktop: Favoris - Raccourci.lnk . (...) -- C:\Users\Jacques\Favorites
O4 - Global Startup: C:\Users\Jacques\Desktop\Forum de Billard Français Carambole - Kozoom.url . (...) -- C:\Users\Jacques\Desktop\Forum de Billard Français Carambole - Kozoom.url
O4 - Global Startup: C:\Users\Jacques\Desktop\Forum Sécurité.url . (...) -- C:\Users\Jacques\Desktop\Forum Sécurité.url
O4 - Global Startup: C:\Users\Jacques\Desktop\Loterie.url . (...) -- C:\Users\Jacques\Desktop\Loterie.url
O4 - Global Startup: C:\Users\Jacques\Desktop\MEDIONshop Belgique Tablette.url . (...) -- C:\Users\Jacques\Desktop\MEDIONshop Belgique Tablette.url
O4 - GS\Desktop: Mes documents Favoris.lnk . (...) -- C:\Users\Jacques\Documents
O4 - Global Startup: C:\Users\Jacques\Desktop\TELECHARGEMENT - Stage de billard.url . (...) -- C:\Users\Jacques\Desktop\TELECHARGEMENT - Stage de billard.url
O4 - GS\Programs: TéléchargementProgrammes.lnk . (...) -- C:\Users\Jacques\Downloads
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: eBay.be [64Bits] - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} . (...) -- C:\Program Files\Internet Explorer\Custom\eBay.ico
O9 - Extra button: &KeyScrambler Options [64Bits] - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3ADA3DC0-BE34-4B18-871D-8FE08990555F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3ADA3DC0-BE34-4B18-871D-8FE08990555F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3ADA3DC0-BE34-4B18-871D-8FE08990555F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Intel(R) Management and Security Applica (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: 14 Legitimates Filtered in 00mn 02s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{08C61B01-601B-440F-ADA3-E2341D522A53}] (...) -- C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DFD2E7BB-2B63-44C6-AE47-23D39327D525}] (...) -- J:\backup1\easycleaner_easycleaner_2.0.6.381_francais_11170.exe (.not file.) [0]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\Infoaxe]
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\IncrediMail]
[HKCU\Software\Markement]
[HKCU\Software\infoaxe]
[HKLM\Software\Wow6432Node\ImInstaller]
[HKLM\Software\Wow6432Node\Markement]
~ Key Software: 175 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 6/01/2013 - 12:47:57 - [22,288] ----D C:\Program Files (x86)\MARKEMENT
O43 - CFD: 14/08/2013 - 17:17:14 - [0,047] ----D C:\Program Files (x86)\SearchSettings =>Adware.SearchSettings
O43 - CFD: 30/06/2013 - 18:37:57 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 30/06/2013 - 18:37:27 - [0,012] ----D C:\ProgramData\IncrediMail
O43 - CFD: 1/08/2013 - 15:45:02 - [0,001] ----D C:\ProgramData\Partner
O43 - CFD: 23/02/2013 - 12:34:14 - [0] -SH-D C:\Users\Jacques\AppData\Roaming\4C3CC0
O43 - CFD: 1/06/2013 - 23:34:19 - [1,397] ----D C:\Users\Jacques\AppData\Roaming\torrent
O43 - CFD: 30/06/2013 - 18:52:45 - [19,691] ----D C:\Users\Jacques\AppData\Local\IM
~ 187 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 403 Legitimates Filtered in 00mn 02s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.888DFE4137F626CEA9CCE3BD47941B64] - 7/01/2013 - 10:39:28 ---A- . (.Advanced Card Systems Ltd - PCSC/CCID IFD Handler.) -- C:\Windows\System32\Drivers\a38usb.sys [44672]
O58 - SDL:[MD5.E74DC2F3F9675A6025A4AA020EDD4341] - 29/11/2010 - 16:42:18 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys [38224]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] infoaxe_google [DefaultScope] - (Web Search) - http://static.flipora.com
O69 - SBI: SearchScopes [HKCU] {4728F0CD-1C31-4217-AFF0-0781341BD48B} - (Chercher avec Pagesdor.be (Visual Search)) - http://truvo.reference.be
O69 - SBI: SearchScopes [HKCU] {61E182E1-86E0-4904-933B-6306CB6733DC} - (Google) - http://www.google.be
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6F842865-D360-489B-95D3-3806845E9B54} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {819C7C8F-2D60-49BB-9953-F71174A55B3D} - (PC Astuces) - http://www.pcastuces.com
O69 - SBI: SearchScopes [HKCU] {A282D6AC-DE61-4CF9-80A1-65BA9343F5B9} - (eBay Belgique / Belgium) - http://rover.ebay.com
O69 - SBI: SearchScopes [HKCU] {c1d89ae7-449d-4929-b24b-fded04adbe06} - (Glary Search) - http://isearch.glarysoft.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.7B0C2FBC82CFD78C90B7279F623F0495] [SPRF][14/12/2010] (.Microsoft Corp - Microsoft Support Diagnostic Tool Control.) -- C:\Windows\Downloaded Program Files\MSDcode.dll [562512]
~ Files: Scanned in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{72480F3B-61C8-460D-A849-8612A16B3CC7}C:\program files (x86)\libreoffice 4\program\soffice.bin" | In - Private - P6 - TRUE | .(.The Document Foundation.) -- C:\program files (x86)\libreoffice 4\program\soffice.bin
O87 - FAEL: "UDP Query User{0C2E9594-53DB-4B9A-8105-1B52AF2224A2}C:\program files (x86)\libreoffice 4\program\soffice.bin" | In - Private - P17 - TRUE | .(.The Document Foundation.) -- C:\program files (x86)\libreoffice 4\program\soffice.bin
~ Firewall: 199 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.19DC7F8A3078711805394592A9F16BF1] [WIS][30/06/2013] (.Nom de votre société - Photo Notifier and Animation Creator.) -- C:\Windows\Installer\11b9991.msi [2850816]
[MD5.E84D017EB84A28C639FFE51393D6AB12] [WIS][5/08/2013] (.Google Inc. - Indique au fichier Javascript Google Analytics (ga.js) de ne pa.) -- C:\Windows\Installer\13913fd.msi [118272]
[MD5.F473FF0EEF338C723E46EF6021A775DD] [WIS][6/08/2013] (.The Document Foundation - LibreOffice 4.1.) -- C:\Windows\Installer\1b55221.msi [7446528]
[MD5.0D98A559FE40FAC70EEBC1F3C93FA74C] [WIS][6/08/2013] (.The Document Foundation - LibreOffice 4.1.) -- C:\Windows\Installer\1b55226.msi [214945792]
[MD5.C93102D26CC671373241FD363AC7B924] [WIS][10/06/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\6b6489.msi [20627456]
[MD5.DAC8C46C8E5A5C76E77EC3D80D1AD792] [WIS][8/09/2011] (.Kaspersky Lab - Kaspersky Internet Security 2012.) -- C:\Windows\Installer\kavkis.msi [12348416]
~ WIS: 250 Legitimates Filtered in 00mn 14s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 10/07/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 1/07/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 1/07/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SS - | Demand 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 14/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Auto 13/04/2011 70952 | (CyberLink PowerDVD 10 MS Monitor Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
SR - | Auto 13/04/2011 312616 | (CyberLink PowerDVD 10 MS Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
SS - | Auto 6/01/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 6/01/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 2/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 11/03/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 7/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 16/05/2013 1817560 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 16/05/2013 1033688 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 15/05/2013 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SS - | Auto 19/04/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 31/01/2013 2402080 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
SR - | Auto 11/03/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 14s
---\\ Scan Additionnel (O88)
Database Version : v2.12855 - (15/08/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 0
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.TuneUp
C:\Program Files (x86)\SearchSettings =>Adware.SearchSettings^
C:\ProgramData\Partner =>Spyware.Partner
C:\Users\Jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci =>PUP.DealPly
~ Additionnel Scan: 246641 Items scanned in 00mn 12s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27529295-adware-searchsettings =>Adware.SearchSettings
~ http://nicolascoolman.webs.com/apps/blog/show/28193283-spyware-partner =>Spyware.Partner
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ MSI: 3 link(s) detected in 00mn 12s
~ 1451 Legitimates filtered by white list
End of the scan (450 lines in 00mn 47s)(0)
~ Lancé par Jacques (16/08/2013 18:41:52)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16660 (Defaut)
MFIE: Mozilla Firefox 23.0
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 8TFF7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Avira Free Antivirus v13.0.0.3885
Malwarebytes Anti-Malware version 1.75.0.1300
Spybot - Search & Destroy v2.1.19
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v4.04 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 25
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3975 MB (61% free)
System Restore: Activé (Enable)
System drive C: has 369 GB (88%) free of 415 GB
---\\ Mode de connexion au système
~ Computer Name: JACQUES-PC
~ User Name: Jacques
~ All Users Names: Jacques, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\Jacques\AppData\Roaming\
~ %Desktop% : C:\Users\Jacques\Desktop\
~ %Favorites% : C:\Users\Jacques\Favorites\
~ %LocalAppData% : C:\Users\Jacques\AppData\Local\
~ %StartMenu% : C:\Users\Jacques\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 369 Go of 415 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 29 Go of 50 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AC155DD9BD1E6D3B740826A4D1C68AAE] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/07/2013 - 06:13:37.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application douverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/240
~ Mes musiques (My Musics) : 65/292
~ Mes Videos (My Videos) : 1/8
~ Mes Favoris (My Favorites) : 1/129
~ Mes Documents (My Documents) : 1/79
~ Mon Bureau (My Desktop) : 1/29
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés au démarrage su système
[MD5.5AFBECFB77B2D7850B4D6D0D4ABE4FA0] - (.SundryTools - PasteCopy.NET.) -- C:\Program Files (x86)\PasteCopy.NET\PasteCopy.exe [803328] [PID.2044]
[MD5.4631FF0EE2964CCDC646AF807CB778F5] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144] [PID.2148]
[MD5.6A88DA10D061B2CF91818EF953574594] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [92024] [PID.4712]
[MD5.C5C520B24CADC7A4BF0113EB5F170004] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7822336] [PID.4232]
[MD5.99387251353598C939592FAF40DF8AA9] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024] [PID.1376]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1876]
[MD5.8491FDA93507F2F27FFBA11372764086] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088] [PID.1912]
[MD5.7F5CD87CA5BDB4D83F992D8C77201483] - (.CyberLink - CyberLink Spark Media Server Monitor Servic.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952] [PID.1056]
[MD5.9FAF58E876A3B1DB3030A0A5805F2D86] - (.CyberLink - CyberLink Spark Media Server Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616] [PID.1300]
[MD5.95AA9E165C7DE1B64A11E8B18E91E499] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560] [PID.2172]
[MD5.D31398D4BB4907B517B6E784C2100C4A] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688] [PID.3040]
[MD5.6AE8E702D1027A9627DDE2B77BB9992B] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928] [PID.2880]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.2792]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.3360]
[MD5.1584DEEAE5AA0E3FB045F3D0EAC585EA] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.3640]
[MD5.FC43877B4625F6EB773C98233EB625C5] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.2980]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Jacques\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Jacques\AppData\Roaming\Mozilla\Firefox\Profiles\fo0sk2n1.default\prefs.js
C:\Users\Jacques\AppData\Roaming\Mozilla\Firefox\Profiles\fo0sk2n1.default\user.js
M3 - MFPP: Plugins - [Jacques] -- C:\Users\Jacques\AppData\Roaming\Mozilla\Firefox\Profiles\fo0sk2n1.default\searchplugins\aide-de-firefox.xml
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com
R3 - URLSearchHook: Flip - Connect with Friends [64Bits] - {4DA729A4-684A-4034-A45B-6D56CEAAE92B} . (.Pas de propriétaire - Flip - Connect with friends.) (2.0.0.1) -- C:\Program Files (x86)\Discovery Tools\ietb.dll
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 02s
~ Nombre de lignes (Lines number): 15476
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: QFX Software KeyScrambler [64Bits] - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} . (.QFX Software Corporation - KeyScrambler Program DLL.) -- C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Flipora [64Bits] - {63E60077-EDE9-427a-BAD0-2ED15FADA0A8} . (.Pas de propriétaire - Flip - Connect with friends.) -- C:\Program Files (x86)\Discovery Tools\ietb.dll
~ BHO: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKCU\..\Run: [PasteCopy.NET] . (.SundryTools - PasteCopy.NET.) -- C:\Program Files (x86)\PasteCopy.NET\PasteCopy.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-4009439382-4184187174-2618772190-1000\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKUS\S-1-5-21-4009439382-4184187174-2618772190-1000\..\Run: [PasteCopy.NET] . (.SundryTools - PasteCopy.NET.) -- C:\Program Files (x86)\PasteCopy.NET\PasteCopy.exe
O4 - HKUS\S-1-5-21-4009439382-4184187174-2618772190-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-21-4009439382-4184187174-2618772190-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd
O4 - GS\TaskBar: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files (x86)\Glary Utilities\Integrator.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\TaskBar: Sticky Notes.lnk . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\system32\StikyNot.exe
O4 - GS\TaskBar: TuneUp Utilities - Startoberfläche.lnk . (.TuneUp Software - TuneUp Utilities - Startoberfläche.) -- C:\Program Files (x86)\TuneUp Utilities 2013\Integrator.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
O4 - GS\TaskBar: Windows Live Photo Gallery.lnk . (.Microsoft Corporation - Windows Live Photo Gallery.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files (x86)\Glary Utilities\Integrator.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\QuickLaunch: PasteCopy.NET.lnk . (.SundryTools - PasteCopy.NET.) -- C:\Program Files (x86)\PasteCopy.NET\PasteCopy.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Notepad.lnk . (.Microsoft Corporation - Bloc-notes.) -- C:\Windows\system32\notepad.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\Desktop: Billard 3 bandes - Raccourci.lnk . (...) -- C:\Users\Jacques\Downloads\Billard 3 bandes
O4 - GS\Desktop: Favoris - Raccourci.lnk . (...) -- C:\Users\Jacques\Favorites
O4 - Global Startup: C:\Users\Jacques\Desktop\Forum de Billard Français Carambole - Kozoom.url . (...) -- C:\Users\Jacques\Desktop\Forum de Billard Français Carambole - Kozoom.url
O4 - Global Startup: C:\Users\Jacques\Desktop\Forum Sécurité.url . (...) -- C:\Users\Jacques\Desktop\Forum Sécurité.url
O4 - Global Startup: C:\Users\Jacques\Desktop\Loterie.url . (...) -- C:\Users\Jacques\Desktop\Loterie.url
O4 - Global Startup: C:\Users\Jacques\Desktop\MEDIONshop Belgique Tablette.url . (...) -- C:\Users\Jacques\Desktop\MEDIONshop Belgique Tablette.url
O4 - GS\Desktop: Mes documents Favoris.lnk . (...) -- C:\Users\Jacques\Documents
O4 - Global Startup: C:\Users\Jacques\Desktop\TELECHARGEMENT - Stage de billard.url . (...) -- C:\Users\Jacques\Desktop\TELECHARGEMENT - Stage de billard.url
O4 - GS\Programs: TéléchargementProgrammes.lnk . (...) -- C:\Users\Jacques\Downloads
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: eBay.be [64Bits] - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} . (...) -- C:\Program Files\Internet Explorer\Custom\eBay.ico
O9 - Extra button: &KeyScrambler Options [64Bits] - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3ADA3DC0-BE34-4B18-871D-8FE08990555F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3ADA3DC0-BE34-4B18-871D-8FE08990555F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3ADA3DC0-BE34-4B18-871D-8FE08990555F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Intel(R) Management and Security Applica (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: 14 Legitimates Filtered in 00mn 02s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{08C61B01-601B-440F-ADA3-E2341D522A53}] (...) -- C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DFD2E7BB-2B63-44C6-AE47-23D39327D525}] (...) -- J:\backup1\easycleaner_easycleaner_2.0.6.381_francais_11170.exe (.not file.) [0]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\Infoaxe]
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\IncrediMail]
[HKCU\Software\Markement]
[HKCU\Software\infoaxe]
[HKLM\Software\Wow6432Node\ImInstaller]
[HKLM\Software\Wow6432Node\Markement]
~ Key Software: 175 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 6/01/2013 - 12:47:57 - [22,288] ----D C:\Program Files (x86)\MARKEMENT
O43 - CFD: 14/08/2013 - 17:17:14 - [0,047] ----D C:\Program Files (x86)\SearchSettings =>Adware.SearchSettings
O43 - CFD: 30/06/2013 - 18:37:57 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 30/06/2013 - 18:37:27 - [0,012] ----D C:\ProgramData\IncrediMail
O43 - CFD: 1/08/2013 - 15:45:02 - [0,001] ----D C:\ProgramData\Partner
O43 - CFD: 23/02/2013 - 12:34:14 - [0] -SH-D C:\Users\Jacques\AppData\Roaming\4C3CC0
O43 - CFD: 1/06/2013 - 23:34:19 - [1,397] ----D C:\Users\Jacques\AppData\Roaming\torrent
O43 - CFD: 30/06/2013 - 18:52:45 - [19,691] ----D C:\Users\Jacques\AppData\Local\IM
~ 187 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 403 Legitimates Filtered in 00mn 02s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.888DFE4137F626CEA9CCE3BD47941B64] - 7/01/2013 - 10:39:28 ---A- . (.Advanced Card Systems Ltd - PCSC/CCID IFD Handler.) -- C:\Windows\System32\Drivers\a38usb.sys [44672]
O58 - SDL:[MD5.E74DC2F3F9675A6025A4AA020EDD4341] - 29/11/2010 - 16:42:18 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys [38224]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] infoaxe_google [DefaultScope] - (Web Search) - http://static.flipora.com
O69 - SBI: SearchScopes [HKCU] {4728F0CD-1C31-4217-AFF0-0781341BD48B} - (Chercher avec Pagesdor.be (Visual Search)) - http://truvo.reference.be
O69 - SBI: SearchScopes [HKCU] {61E182E1-86E0-4904-933B-6306CB6733DC} - (Google) - http://www.google.be
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6F842865-D360-489B-95D3-3806845E9B54} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {819C7C8F-2D60-49BB-9953-F71174A55B3D} - (PC Astuces) - http://www.pcastuces.com
O69 - SBI: SearchScopes [HKCU] {A282D6AC-DE61-4CF9-80A1-65BA9343F5B9} - (eBay Belgique / Belgium) - http://rover.ebay.com
O69 - SBI: SearchScopes [HKCU] {c1d89ae7-449d-4929-b24b-fded04adbe06} - (Glary Search) - http://isearch.glarysoft.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.7B0C2FBC82CFD78C90B7279F623F0495] [SPRF][14/12/2010] (.Microsoft Corp - Microsoft Support Diagnostic Tool Control.) -- C:\Windows\Downloaded Program Files\MSDcode.dll [562512]
~ Files: Scanned in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{72480F3B-61C8-460D-A849-8612A16B3CC7}C:\program files (x86)\libreoffice 4\program\soffice.bin" | In - Private - P6 - TRUE | .(.The Document Foundation.) -- C:\program files (x86)\libreoffice 4\program\soffice.bin
O87 - FAEL: "UDP Query User{0C2E9594-53DB-4B9A-8105-1B52AF2224A2}C:\program files (x86)\libreoffice 4\program\soffice.bin" | In - Private - P17 - TRUE | .(.The Document Foundation.) -- C:\program files (x86)\libreoffice 4\program\soffice.bin
~ Firewall: 199 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.19DC7F8A3078711805394592A9F16BF1] [WIS][30/06/2013] (.Nom de votre société - Photo Notifier and Animation Creator.) -- C:\Windows\Installer\11b9991.msi [2850816]
[MD5.E84D017EB84A28C639FFE51393D6AB12] [WIS][5/08/2013] (.Google Inc. - Indique au fichier Javascript Google Analytics (ga.js) de ne pa.) -- C:\Windows\Installer\13913fd.msi [118272]
[MD5.F473FF0EEF338C723E46EF6021A775DD] [WIS][6/08/2013] (.The Document Foundation - LibreOffice 4.1.) -- C:\Windows\Installer\1b55221.msi [7446528]
[MD5.0D98A559FE40FAC70EEBC1F3C93FA74C] [WIS][6/08/2013] (.The Document Foundation - LibreOffice 4.1.) -- C:\Windows\Installer\1b55226.msi [214945792]
[MD5.C93102D26CC671373241FD363AC7B924] [WIS][10/06/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\6b6489.msi [20627456]
[MD5.DAC8C46C8E5A5C76E77EC3D80D1AD792] [WIS][8/09/2011] (.Kaspersky Lab - Kaspersky Internet Security 2012.) -- C:\Windows\Installer\kavkis.msi [12348416]
~ WIS: 250 Legitimates Filtered in 00mn 14s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 10/07/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 1/07/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 1/07/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SS - | Demand 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 14/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Auto 13/04/2011 70952 | (CyberLink PowerDVD 10 MS Monitor Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
SR - | Auto 13/04/2011 312616 | (CyberLink PowerDVD 10 MS Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
SS - | Auto 6/01/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 6/01/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 2/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 11/03/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 7/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 16/05/2013 1817560 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 16/05/2013 1033688 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 15/05/2013 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SS - | Auto 19/04/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 31/01/2013 2402080 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
SR - | Auto 11/03/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 14s
---\\ Scan Additionnel (O88)
Database Version : v2.12855 - (15/08/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 0
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.TuneUp
C:\Program Files (x86)\SearchSettings =>Adware.SearchSettings^
C:\ProgramData\Partner =>Spyware.Partner
C:\Users\Jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci =>PUP.DealPly
~ Additionnel Scan: 246641 Items scanned in 00mn 12s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27529295-adware-searchsettings =>Adware.SearchSettings
~ http://nicolascoolman.webs.com/apps/blog/show/28193283-spyware-partner =>Spyware.Partner
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ MSI: 3 link(s) detected in 00mn 12s
~ 1451 Legitimates filtered by white list
End of the scan (450 lines in 00mn 47s)(0)