- jeu. 26 sept. 2013 07:24
#8842
~ Rapport de ZHPDiag v2013.9.24.46 - Nicolas Coolman (24/09/2013)
~ Lancé par Patrick (26/09/2013 07:08:02)
~ Adresse du Site Web https://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16686
MFIE: Mozilla Firefox 23.0.1 (Defaut)
GCIE: Google Chrome v29.0.1547.76
OBIE: Wacom WebTabletPlugin for Internet Explorer and Netscape v2.0.0.1
OBIE: Wacom WebTabletPlugin for Netscape v1.1.0.10
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : RMQMR
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Internet Security v8.0.1497.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v4.05 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
µTorrent v3.3.0.29333 =>P2P.µTorrent
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 40
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8123 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 39 GB (23%) free of 168 GB
---\\ Mode de connexion au système
~ Computer Name: PATRICK-PC
~ User Name: Patrick
~ All Users Names: Patrick, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\Patrick\AppData\Roaming\
~ %Desktop% : C:\Users\Patrick\Desktop\
~ %Favorites% : C:\Users\Patrick\Favorites\
~ %LocalAppData% : C:\Users\Patrick\AppData\Local\
~ %StartMenu% : C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 39 Go of 168 Go)
D: Hard drive, Flash drive, Thumb drive (Free 255 Go of 466 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 328 Go of 932 Go)
H: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
S: Hard drive, Flash drive, Thumb drive (Free 235 Go of 1863 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 35 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AAFA952E774DDDB0956D3BDFAE5B5B99] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2013 - 06:22:18.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/43898
~ Mes musiques (My Musics) : 67/2376
~ Mes Videos (My Videos) : 2/36
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 2/1961
~ Mon Bureau (My Desktop) : 0/193
~ Menu demarrer (Programs) : 1/43
~ Hidden Files: Scanned in 00mn 27s
---\\ Processus lancés
[MD5.2DC64A3446C8C6E020E781456B46573D] - (.Microsoft Corporation - Tablet PC Input Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [10240] [PID.3984]
[MD5.D875E6FFE3A6FB08EB9E59D72EC230D3] - (...) -- C:\Program Files\EIZO\EIZO EasyPIX Core\ep_eacore.exe [74240] [PID.3916]
[MD5.72334F906C2E2B002CDD2FF9022FD957] - (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\PixArt\Pac207\Monitor.exe [319488] [PID.3100]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4858968] [PID.2280]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.3760]
[MD5.FDF0BF19E9360E437B02323B9FF81B18] - (.Pas de propriétaire - SpyderUtility 1.2.3.) -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe [8241767] [PID.3604]
[MD5.A86097EE61A9945970BFA5A74A157352] - (...) -- C:\Program Files (x86)\EIZO\EIZO EasyPIX\EIZO EasyPIX.exe [142848] [PID.4348]
[MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [276376] [PID.4588]
[MD5.2ABFC3BC2EBA7E6E446ABE55B67DBCC2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8012288] [PID.3248]
[MD5.F0359F7CE712D69ACEF0886BDB4792ED] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382824] [PID.912]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808] [PID.1452]
[MD5.68E3356BC848124F56BDAC3C70C2E54B] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe [137960] [PID.1684]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1992]
[MD5.07AF7870ABF051EBBAE8A8A92FF34ABE] - (.Seagate Technology LLC - Sync Windows Services.) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [181544] [PID.504]
[MD5.CE1EE31FFF730CA975A5535D8A71AF61] - (.Pas de propriétaire - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe [138192] [PID.1500]
[MD5.71C6A95A5F0CCC87298C4DD0F2C3635A] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1060]
[MD5.B1EF4686961986DFFB7FE8F18E6FCB5B] - (.Nalpeiron Ltd. - This service enables products that use the.) -- C:\Windows\SysWOW64\nlssrv32.exe [66560] [PID.2084]
[MD5.0407143F2BBC1A5DD5B518AC0704FCBF] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92632] [PID.2316]
[MD5.C245E08EC469A52A622EFDC9787A0DCC] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 10.0 (component).) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624] [PID.3584]
[MD5.73A1F958FCAC3438046DBB829DC92FE6] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.3188]
[MD5.F51C224B79D338BDE125FD8035D2418B] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2533400] [PID.5232]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 13 Legitimates Filtered in 00mn 10s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\fqvycs8f.default\prefs.js
M2 - MFEP: prefs.js [Patrick - fqvycs8f.default\2020Player_IKEA@2020Technologies.com] [] Visualisateur 3D de 20-20 v5.0.94.0 (..)
M2 - MFEP: prefs.js [Patrick - fqvycs8f.default\keefox@chris.tomlinson] [] KeeFox v1.2.3 (..)
~ Firefox Browser: 28 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Bamboo Dock.lnk . (...) -- C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
O4 - GS\Desktop [Public]: Canon MG5300 series Manuel en ligne.lnk . (.CANON INC. - Easy Guide Viewer.) -- C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe
O4 - GS\Desktop [Public]: DeNoise QuickStart.pdf.lnk . (...) -- C:\Windows\Installer\{0A6C24B8-F519-4A1B-B3A1-0D4FA1078824}\_BE1D357FFF8FF6096DCACD.exe
O4 - GS\Desktop [Public]: DeNoise UsersGuide.pdf.lnk . (...) -- C:\Windows\Installer\{0A6C24B8-F519-4A1B-B3A1-0D4FA1078824}\_8404151857E2A9CAEE5696.exe
O4 - GS\Desktop [Public]: Detail QuickStart.pdf.lnk . (...) -- C:\Windows\Installer\{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}\_8DF156B6024A411E633782.exe
O4 - GS\Desktop [Public]: Detail UsersGuide.pdf.lnk . (...) -- C:\Windows\Installer\{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}\_60B6A752AD1AB9EB471741.exe
O4 - GS\Desktop [Public]: EIZO EasyPIX.lnk . (...) -- C:\Program Files (x86)\EIZO\EIZO EasyPIX\EIZO EasyPIX.exe
O4 - GS\Desktop [Public]: Elephorm.lnk . (...) -- C:\Program Files (x86)\Elephorm applications\Elephorm\Elephorm.exe
O4 - GS\Desktop [Public]: Lightroom 5.2 RC 64-bit.lnk . (...) -- C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 5.2 RC\lightroom.exe (.not file.)
O4 - GS\Desktop [Public]: LightScribe.lnk . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe
O4 - GS\Desktop [Public]: Photo d'identité.lnk . (.Emjysoft - Pas de description.) -- C:\Program Files (x86)\Emjysoft\Photo\photo.exe
O4 - GS\Desktop [Public]: PicturesToExe 7.0.lnk . (...) -- C:\Program Files (x86)\WnSoft PicturesToexe\7.0\Main\PicturesToexe.exe
O4 - GS\Desktop [Public]: Seagate Manager.lnk . (.Seagate Technology LLC - Seagate Manager.) -- C:\Program Files (x86)\Seagate\SeagateManager\ManagerApp\stxmanager.exe
O4 - GS\Desktop [Public]: Wise PC Engineer.lnk . (.WiseCleaner.com - Wise PC Engineer - Taking care of your PC E.) -- C:\Program Files (x86)\Wise PC Engineer\WisePCEngineer.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: Elephorm.lnk . (...) -- C:\Program Files (x86)\Elephorm applications\Elephorm\Elephorm.exe
O4 - GS\Program [Public]: KeePass 2.lnk . (.Dominik Reichl - KeePass.) -- C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
O4 - GS\Program [Public]: KeePass.lnk . (...) -- C:\Program Files (x86)\KeePass Password Safe\KeePass.exe (.not file.)
O4 - GS\TaskBar [Patrick]: Lightroom 5.2 RC 64-bit.lnk . (...) -- C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 5.2 RC\lightroom.exe (.not file.)
O4 - GS\Program [Patrick]: Lecteur VTC.lnk . (...) -- C:\Users\Patrick\AppData\Roaming\VTC Content\Lecteur-VTC.exe
O4 - GS\SendTo [Patrick]: Réduire les photographies....lnk . (...) -- C:\Program Files (x86)\Emjysoft\Photo Réducteur\photo.exe (.not file.)
O4 - GS\Desktop [Patrick]: Bibliothèques - Raccourci.lnk . (...) -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Libraries
O4 - GS\Desktop [Patrick]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - GS\Desktop [Patrick]: ImageMagick Display.lnk . (...) -- C:\Program Files (x86)\ImageMagick-6.7.9-Q16\imdisplay.exe (.not file.)
O4 - GS\Desktop [Patrick]: KeePass 2.lnk . (.Dominik Reichl - KeePass.) -- C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
O4 - GS\Desktop [Patrick]: Lecteur VTC.lnk . (...) -- C:\Users\Patrick\AppData\Roaming\VTC Content\Lecteur-VTC.exe
O4 - GS\Desktop [Patrick]: Photomatix Pro 3.lnk . (.HDRsoft - Photomatix Pro.) -- C:\Program Files (x86)\PhotomatixPro3\PhotomatixPro.exe
O4 - GS\Desktop [Patrick]: SosVirus Forum.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe https://www.sosvirus.net =>Hijacker.Agent
O4 - GS\Desktop [Patrick]: Spyder4Pro 4.5.4.lnk . (...) -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Spyder4Pro.exe
O4 - GS\Desktop [Patrick]: TreeSize Free.lnk . (.JAM Software - TreeSize Free hard disk space manager.) -- C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe
O4 - GS\Desktop [Patrick]: Tutoriel photoshop cs5 detourage dun personnage et de ces cheveux.lnk . (...) -- D:\applic compressées\photos\tutoriel\Tutoriel photoshop cs5 detourage dun personnage et de ces cheveux.mp4
O4 - GS\Desktop [Patrick]: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
O4 - GS\Desktop [Patrick]: vidéo juke-box.lnk - Clé orpheline
O4 - GS\Desktop [Administrateur]: DVD Shrink 3.2.lnk . (.DVD Shrink - DVD Shrink 3.2.) -- C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe
O4 - GS\Desktop [Administrateur]: PicturesToExe.lnk . (...) -- C:\Program Files (x86)\PicturesToexe\apr.exe (.not file.)
O4 - GS\Desktop [Administrateur]: Spyder4Pro 4.5.4.lnk . (...) -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Spyder4Pro.exe
O4 - GS\Desktop [Administrateur]: wlmail.lnk . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation
~ Global Startup: 155 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: SpyderUtility.lnk . (...) -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
O4 - GS\Startup [Patrick]: EIZO EasyPIX.lnk . (...) -- C:\Program Files (x86)\EIZO\EIZO EasyPIX\EIZO EasyPIX.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [EasyPIXCore] . (...) -- C:\Program Files\EIZO\EIZO EasyPIX Core\ep_eacore.exe
O4 - HKLM\..\Run: [Monitor] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Patrick\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Patrick\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [KeePass 2 PreLoad] . (.Dominik Reichl - KeePass.) -- C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3415070418-487983937-4007549341-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-3415070418-487983937-4007549341-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-3415070418-487983937-4007549341-1000\..\RunOnce: [Uninstall C:\Users\Patrick\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3415070418-487983937-4007549341-1000\..\RunOnce: [Uninstall C:\Users\Patrick\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{424D7F1E-C584-413A-9B06-323866CE2FD6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpDomain = pace
O17 - HKLM\System\CS1\Services\Tcpip\..\{424D7F1E-C584-413A-9B06-323866CE2FD6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpDomain = pace
O17 - HKLM\System\CS2\Services\Tcpip\..\{424D7F1E-C584-413A-9B06-323866CE2FD6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpDomain = pace
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tàches planifiées en automatique (O39)
[MD5.29B81898034EF7692A242E49310E0411] [APT] [Trigger KMS Activation] (...) -- C:\Program Files\KMSnano\TriggerKMS.exe [54784]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: KMSnano 24 - (...) [HKLM][64Bits] -- KMSnano 24_is1
O42 - Logiciel: Spyder4Pro - (...) [HKLM][64Bits] -- Spyder4Pro
~ Logic: 157 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Black]
[HKCU\Software\Filesystems]
[HKCU\Software\Flags]
[HKCU\Software\Flowers]
[HKCU\Software\Logic Développement Claude Ingrain]
[HKCU\Software\RMFJudgingSystems100]
[HKLM\Software\Chorus]
[HKLM\Software\Wow6432Node\685D6D1C-D73A-4F37-B7E5E53660311DDB]
[HKLM\Software\Wow6432Node\Fruit]
~ Key Software: 310 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/09/2011 - 14:59:38 - [2,296] ----D C:\Program Files (x86)\EIZO
O43 - CFD: 23/03/2010 - 21:13:15 - [0,000] ----D C:\ProgramData\Applause and Laugher
O43 - CFD: 18/01/2013 - 10:26:28 - [0] ----D C:\ProgramData\boost_interprocess_Patrick
O43 - CFD: 30/09/2011 - 09:45:49 - [0] ----D C:\ProgramData\EIZO
O43 - CFD: 05/03/2012 - 23:06:23 - [0,000] ----D C:\ProgramData\Limiter
O43 - CFD: 05/03/2012 - 23:05:31 - [0,000] ----D C:\ProgramData\MIDI Patch Names
O43 - CFD: 10/02/2011 - 19:21:07 - [0,002] ----D C:\ProgramData\PhotoLogic_2011
O43 - CFD: 21/01/2013 - 15:59:29 - [0,001] ----D C:\ProgramData\PhotoLogic_2013
O43 - CFD: 15/08/2013 - 08:29:34 - [0] ----D C:\Users\Patrick\AppData\Roaming\com.eizo.EasyPIX
O43 - CFD: 30/09/2011 - 09:45:49 - [0,006] ----D C:\Users\Patrick\AppData\Roaming\EIZO
O43 - CFD: 27/04/2012 - 20:23:47 - [0] ----D C:\Users\Patrick\AppData\Roaming\vtcmovies
O43 - CFD: 23/12/2012 - 08:34:06 - [0,123] ----D C:\Users\Patrick\AppData\Roaming\vtc_demo_setup
O43 - CFD: 30/04/2012 - 12:43:56 - [0] ----D C:\Users\Patrick\AppData\Roaming\vtc_language
O43 - CFD: 03/12/2011 - 09:04:22 - [0] ----D C:\Users\Patrick\AppData\Local\7MPL
O43 - CFD: 30/09/2011 - 09:45:49 - [0] ----D C:\Users\Patrick\AppData\Local\EIZO
O43 - CFD: 30/04/2011 - 13:46:43 - [0,000] ----D C:\Users\Patrick\AppData\Local\_NkvMail@
O43 - CFD: 15/11/2010 - 13:54:45 - [0,000] ----D C:\Users\Patrick\AppData\Local\_NkvPrint@
~ 1 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 314 Legitimates Filtered in 00mn 04s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.546A767DDE54AA3CD9069C4153FF41B6] - 25/09/2013 - 07:14:10 ---A- . (...) -- C:\Windows\DirectX.log [764]
O44 - LFC:[MD5.D76F03D887233EE847D2D2D4D8E70AE3] - 23/09/2013 - 12:11:19 ---A- . (...) -- C:\DelFix.txt [1671]
~ Files: 154 Legitimates Filtered in 00mn 02s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{523b417a-3964-11df-bd6d-6cf049080b2c}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.)
O51 - MPSK:{d5cf00ef-26b5-11e0-81dd-6cf049080b2c}\AutoRun\command. (...) -- I:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 01mn 31s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BambooCore [Key] . (.Pas de propriétaire - BambooDock back-end application.) -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
~ SMSR Keys: 15 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.518B8D447A1975AB46DA093A2E743256] - 09/01/2010 - 21:22:06 . (.ALWIL Software - avast! Filtering NDIS driver.) -- C:\Windows\System32\Drivers\aswNdis.sys [12368]
O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 23/09/2013 - 04:33:32 ---A- . (...) -- C:\Users\Patrick\AppData\Local\Google\Toolbar Cache\7.5.4209.2358\fr\translate_element.js.content [2377]
O61 - LFC: 23/09/2013 - 05:05:59 ---A- . (.PC9.) -- C:\Users\Patrick\Documents\appart Loigny\Regerat 2ème\CONTRAT LOCATION studio 2ème étage Loigny Mr Regérat .doc [89600]
O61 - LFC: 23/09/2013 - 05:27:04 ---A- . (...) -- C:\Users\Patrick\Documents\appart Loigny\jacquet 2ème\EtatDesLieux.xlsx [21634]
O61 - LFC: 23/09/2013 - 05:27:07 ---A- . (...) -- C:\Users\Patrick\Documents\appart Loigny\Regerat 2ème\EtatDesLieux départ mlleJacquet.xlsx [21675]
O61 - LFC: 23/09/2013 - 09:58:51 ---A- . (...) -- C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [260138]
O61 - LFC: 23/09/2013 - 10:17:51 ---A- . (...) -- C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Local State [53214]
O61 - LFC: 23/09/2013 - 12:35:52 ---A- . (...) -- C:\Users\Patrick\Documents\Pc Patrick\Recherche de virus.docx [58700]
O61 - LFC: 23/09/2013 - 12:36:31 ---A- . (...) -- C:\Users\Patrick\AppData\Local\Google\Toolbar\broker_metrics.xml [8778]
O61 - LFC: 23/09/2013 - 15:09:14 ---A- . (...) -- C:\Users\Patrick\Documents\voiture\pneus polo.xlsx [9043]
O61 - LFC: 23/09/2013 - 16:28:33 ---A- . (...) -- C:\Users\Patrick\Links\SkyDrive.lnk [617]
O61 - LFC: 23/09/2013 - 18:37:45 ---A- . (...) -- C:\Users\Patrick\Documents\club photo gien\dde de subvention 2014\liste noms.xlsx [15533]
O61 - LFC: 23/09/2013 - 18:53:10 ---A- . (...) -- C:\Users\Patrick\AppData\Local\resmon.resmoncfg [7617]
O61 - LFC: 24/09/2013 - 05:03:38 ---A- . (...) -- C:\Users\Patrick\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 24/09/2013 - 05:09:03 ---A- . (...) -- C:\Users\Patrick\AppData\Roaming\ZHP\ZHPDiag.txt [44489] =>.Nicolas Coolman
O61 - LFC: 24/09/2013 - 12:14:20 ---A- . (...) -- C:\Users\Patrick\Documents\budget échéance\échéance budget.xlsx [32381]
O61 - LFC: 24/09/2013 - 19:00:12 ---A- . (...) -- C:\Users\Patrick\AppData\Roaming\Microsoft\IdentityCRL\production\MetaConfig.xml [163]
O61 - LFC: 25/09/2013 - 07:08:35 ---A- . (...) -- C:\Users\Patrick\Documents\connexion web\répertoire.xlsx [12122]
O61 - LFC: 25/09/2013 - 07:30:08 ---A- . (...) -- C:\Users\Patrick\Documents\club photo gien\invitation GIEN PHOTO.docx [11315]
O61 - LFC: 25/09/2013 - 10:09:03 ---A- . (...) -- C:\Users\Patrick\AppData\Roaming\Overdrive [0]
O61 - LFC: 26/09/2013 - 05:43:50 ---A- . (...) -- C:\Users\Patrick\Documents\romain\0720414R0241380170612150.tsv [6251]
O61 - LFC: 26/09/2013 - 05:49:40 ---A- . (...) -- C:\Users\Patrick\AppData\Local\Datacolor\SpyderUtility\Preferences.xml [521]
O61 - LFC: 26/09/2013 - 06:10:44 ---A- . (...) -- C:\Users\Patrick\AppData\Roaming\ZHP\Log.txt [40795] =>.Nicolas Coolman
~ 19 Fichiers temporaires (Temporary files)
~ Files: 350 Legitimates Filtered in 01mn 50s
---\\ Fichiers Alternate Data Stream (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\SpoonUninstall.exe:Zone.Identifier
~ ADS: Scanned in 00mn 02s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (MtxVxd) .(...) - LEGACY_MTXVXD
~ Legacy: 79 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com
O69 - SBI: SearchScopes [HKCU] {135589C2-E5EB-4c02-B8BD-F2762F96B8BB} - (Bing) - https://www.bing.com
O69 - SBI: SearchScopes [HKCU] {414A5328-1F37-4c14-BA72-CE9DF4DD0FF3} - (Google) - https://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
D:\applic compressées\photos\Adobe\Plug in Photoshop CS5\Plug-ins for Adobe Photoshop CS5\OnOne Software Mask Pro 4.1.8\KEYGEN.EXE =>.Adobe Systems Incorporated
D:\applic compressées\photos\Adobe\Plug in Photoshop CS5\Plug-ins for Adobe Photoshop CS5\OnOne.PhotoTune.v3.0.2\redt\KeyGen.exe =>.Adobe Systems Incorporated
D:\applic compressées\photos\Nik_software_collection_complete\Silver Efex Pro\keygen.exe
D:\logiciel pc sully\Adobe\ligthroom 3.6\Adobe Photoshop Lightroom 4.0 final multilangues\keygen.exe
D:\logiciel pc sully\Adobe\Plug in Photoshop CS5\Plug-ins for Adobe Photoshop CS5\OnOne.PhotoTune.v3.0.2\redt\KeyGen.exe =>.Adobe Systems Incorporated
D:\logiciel pc sully\Nik_software_collection_complete\Silver Efex Pro\keygen.exe
~ Files: Scanned in 04mn 35s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.DA604B10528FDE8494103A1114B2D7E3] [SPRF][27/04/2013] (...) -- C:\Users\Patrick\Desktop\Diaporama hand indice c.exe [510460862]
[MD5.B275BDB3E1718652EA30AFB3209BB975] [SPRF][23/09/2013] (...) -- C:\Users\Patrick\Desktop\FHSetup.exe [264757]
[MD5.B92DD16BA6BB1DBB4A2F99244722606C] [SPRF][05/06/2010] (...) -- C:\Users\Patrick\Desktop\PortraiturePlugin2308.exe [4058712]
[MD5.70643FD276A90A153CF482F47A79BD7A] [SPRF][10/01/2013] (...) -- C:\Users\Patrick\Desktop\winrar_winrar_4.2_64_bits_francais_9632 (1).exe [1736616]
~ Files: 6 Legitimates Filtered in 00mn 07s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{6D61A5CD-6AA0-43EF-845F-98769C3B0C53}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files\EIZO\EIZO EasyPIX Core\ep_eacore.exe
O87 - FAEL: "{7C2D9206-D54A-4758-B7C9-D65B8B4637F2}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files\EIZO\EIZO EasyPIX Core\ep_eacore.exe
~ Firewall: 209 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.AC56BB3E3B308C49E326FCCA48B417E0] [WIS][04/06/2013] (.UNKNOWN - Elephorm.) -- C:\Windows\Installer\223f0a57.msi [24064]
~ WIS: 148 Legitimates Filtered in 00mn 21s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 01/09/2011 169624 | (AdobeActiveFileMonitor10.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 23/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 30/08/2013 137960 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\afwServ.exe
SS - | Demand 17/11/2005 1527900 | (FirebirdServerMAGIXInstance) . (.MAGIX®.) - C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
SR - | Auto 01/05/2009 181544 | (FreeAgentGoNext Service) . (.Seagate Technology LLC.) - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
SS - | Auto 28/06/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/06/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 23/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 07/02/2011 138192 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 20/06/2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 15/04/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 05/02/2013 428928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SS - | Demand 08/09/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 22/09/2011 66560 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\SysWOW64\nlssrv32.exe
SR - | Auto 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 02/10/2012 382824 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 08/09/2011 6583160 | (TabletServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
SR - | Auto 15/11/2010 5716848 | (TabletServiceWacom) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
SR - | Auto 28/08/2012 92632 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
SR - | Auto 08/09/2011 528760 | (TouchServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
SR - | Auto 15/04/2010 2533400 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14/12/2006 544768 | (UPnPService) . (.Magix AG.) - C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 21s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Patrick at 26/09/2013 07:17:45
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, https://ad13.geekstog
Run by Patrick at 26/09/2013 07:17:47
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 12930 - (24/09/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
~ Additionnel Scan: 293372 Items scanned in 00mn 19s
---\\ Récapitulatif des détections trouvées sur votre station
~ https://nicolascoolman.webs.com/apps/blo ... bar-google =>Toolbar.Google
~ MSI: 1 link(s) detected in 00mn 19s
~ 1897 Legitimates filtered by white list
End of the scan (557 lines in 10mn 05s)(6)
~ Lancé par Patrick (26/09/2013 07:08:02)
~ Adresse du Site Web https://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16686
MFIE: Mozilla Firefox 23.0.1 (Defaut)
GCIE: Google Chrome v29.0.1547.76
OBIE: Wacom WebTabletPlugin for Internet Explorer and Netscape v2.0.0.1
OBIE: Wacom WebTabletPlugin for Netscape v1.1.0.10
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : RMQMR
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Internet Security v8.0.1497.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v4.05 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
µTorrent v3.3.0.29333 =>P2P.µTorrent
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 40
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8123 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 39 GB (23%) free of 168 GB
---\\ Mode de connexion au système
~ Computer Name: PATRICK-PC
~ User Name: Patrick
~ All Users Names: Patrick, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\Patrick\AppData\Roaming\
~ %Desktop% : C:\Users\Patrick\Desktop\
~ %Favorites% : C:\Users\Patrick\Favorites\
~ %LocalAppData% : C:\Users\Patrick\AppData\Local\
~ %StartMenu% : C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 39 Go of 168 Go)
D: Hard drive, Flash drive, Thumb drive (Free 255 Go of 466 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 328 Go of 932 Go)
H: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
S: Hard drive, Flash drive, Thumb drive (Free 235 Go of 1863 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 35 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AAFA952E774DDDB0956D3BDFAE5B5B99] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2013 - 06:22:18.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d‚ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/43898
~ Mes musiques (My Musics) : 67/2376
~ Mes Videos (My Videos) : 2/36
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 2/1961
~ Mon Bureau (My Desktop) : 0/193
~ Menu demarrer (Programs) : 1/43
~ Hidden Files: Scanned in 00mn 27s
---\\ Processus lancés
[MD5.2DC64A3446C8C6E020E781456B46573D] - (.Microsoft Corporation - Tablet PC Input Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [10240] [PID.3984]
[MD5.D875E6FFE3A6FB08EB9E59D72EC230D3] - (...) -- C:\Program Files\EIZO\EIZO EasyPIX Core\ep_eacore.exe [74240] [PID.3916]
[MD5.72334F906C2E2B002CDD2FF9022FD957] - (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\PixArt\Pac207\Monitor.exe [319488] [PID.3100]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4858968] [PID.2280]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.3760]
[MD5.FDF0BF19E9360E437B02323B9FF81B18] - (.Pas de propriétaire - SpyderUtility 1.2.3.) -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe [8241767] [PID.3604]
[MD5.A86097EE61A9945970BFA5A74A157352] - (...) -- C:\Program Files (x86)\EIZO\EIZO EasyPIX\EIZO EasyPIX.exe [142848] [PID.4348]
[MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [276376] [PID.4588]
[MD5.2ABFC3BC2EBA7E6E446ABE55B67DBCC2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8012288] [PID.3248]
[MD5.F0359F7CE712D69ACEF0886BDB4792ED] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382824] [PID.912]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808] [PID.1452]
[MD5.68E3356BC848124F56BDAC3C70C2E54B] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe [137960] [PID.1684]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1992]
[MD5.07AF7870ABF051EBBAE8A8A92FF34ABE] - (.Seagate Technology LLC - Sync Windows Services.) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [181544] [PID.504]
[MD5.CE1EE31FFF730CA975A5535D8A71AF61] - (.Pas de propriétaire - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe [138192] [PID.1500]
[MD5.71C6A95A5F0CCC87298C4DD0F2C3635A] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1060]
[MD5.B1EF4686961986DFFB7FE8F18E6FCB5B] - (.Nalpeiron Ltd. - This service enables products that use the.) -- C:\Windows\SysWOW64\nlssrv32.exe [66560] [PID.2084]
[MD5.0407143F2BBC1A5DD5B518AC0704FCBF] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92632] [PID.2316]
[MD5.C245E08EC469A52A622EFDC9787A0DCC] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 10.0 (component).) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624] [PID.3584]
[MD5.73A1F958FCAC3438046DBB829DC92FE6] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.3188]
[MD5.F51C224B79D338BDE125FD8035D2418B] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2533400] [PID.5232]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 13 Legitimates Filtered in 00mn 10s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\fqvycs8f.default\prefs.js
M2 - MFEP: prefs.js [Patrick - fqvycs8f.default\2020Player_IKEA@2020Technologies.com] [] Visualisateur 3D de 20-20 v5.0.94.0 (..)
M2 - MFEP: prefs.js [Patrick - fqvycs8f.default\keefox@chris.tomlinson] [] KeeFox v1.2.3 (..)
~ Firefox Browser: 28 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Bamboo Dock.lnk . (...) -- C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
O4 - GS\Desktop [Public]: Canon MG5300 series Manuel en ligne.lnk . (.CANON INC. - Easy Guide Viewer.) -- C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe
O4 - GS\Desktop [Public]: DeNoise QuickStart.pdf.lnk . (...) -- C:\Windows\Installer\{0A6C24B8-F519-4A1B-B3A1-0D4FA1078824}\_BE1D357FFF8FF6096DCACD.exe
O4 - GS\Desktop [Public]: DeNoise UsersGuide.pdf.lnk . (...) -- C:\Windows\Installer\{0A6C24B8-F519-4A1B-B3A1-0D4FA1078824}\_8404151857E2A9CAEE5696.exe
O4 - GS\Desktop [Public]: Detail QuickStart.pdf.lnk . (...) -- C:\Windows\Installer\{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}\_8DF156B6024A411E633782.exe
O4 - GS\Desktop [Public]: Detail UsersGuide.pdf.lnk . (...) -- C:\Windows\Installer\{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}\_60B6A752AD1AB9EB471741.exe
O4 - GS\Desktop [Public]: EIZO EasyPIX.lnk . (...) -- C:\Program Files (x86)\EIZO\EIZO EasyPIX\EIZO EasyPIX.exe
O4 - GS\Desktop [Public]: Elephorm.lnk . (...) -- C:\Program Files (x86)\Elephorm applications\Elephorm\Elephorm.exe
O4 - GS\Desktop [Public]: Lightroom 5.2 RC 64-bit.lnk . (...) -- C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 5.2 RC\lightroom.exe (.not file.)
O4 - GS\Desktop [Public]: LightScribe.lnk . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe
O4 - GS\Desktop [Public]: Photo d'identité.lnk . (.Emjysoft - Pas de description.) -- C:\Program Files (x86)\Emjysoft\Photo\photo.exe
O4 - GS\Desktop [Public]: PicturesToExe 7.0.lnk . (...) -- C:\Program Files (x86)\WnSoft PicturesToexe\7.0\Main\PicturesToexe.exe
O4 - GS\Desktop [Public]: Seagate Manager.lnk . (.Seagate Technology LLC - Seagate Manager.) -- C:\Program Files (x86)\Seagate\SeagateManager\ManagerApp\stxmanager.exe
O4 - GS\Desktop [Public]: Wise PC Engineer.lnk . (.WiseCleaner.com - Wise PC Engineer - Taking care of your PC E.) -- C:\Program Files (x86)\Wise PC Engineer\WisePCEngineer.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: Elephorm.lnk . (...) -- C:\Program Files (x86)\Elephorm applications\Elephorm\Elephorm.exe
O4 - GS\Program [Public]: KeePass 2.lnk . (.Dominik Reichl - KeePass.) -- C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
O4 - GS\Program [Public]: KeePass.lnk . (...) -- C:\Program Files (x86)\KeePass Password Safe\KeePass.exe (.not file.)
O4 - GS\TaskBar [Patrick]: Lightroom 5.2 RC 64-bit.lnk . (...) -- C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 5.2 RC\lightroom.exe (.not file.)
O4 - GS\Program [Patrick]: Lecteur VTC.lnk . (...) -- C:\Users\Patrick\AppData\Roaming\VTC Content\Lecteur-VTC.exe
O4 - GS\SendTo [Patrick]: Réduire les photographies....lnk . (...) -- C:\Program Files (x86)\Emjysoft\Photo Réducteur\photo.exe (.not file.)
O4 - GS\Desktop [Patrick]: Bibliothèques - Raccourci.lnk . (...) -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Libraries
O4 - GS\Desktop [Patrick]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - GS\Desktop [Patrick]: ImageMagick Display.lnk . (...) -- C:\Program Files (x86)\ImageMagick-6.7.9-Q16\imdisplay.exe (.not file.)
O4 - GS\Desktop [Patrick]: KeePass 2.lnk . (.Dominik Reichl - KeePass.) -- C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
O4 - GS\Desktop [Patrick]: Lecteur VTC.lnk . (...) -- C:\Users\Patrick\AppData\Roaming\VTC Content\Lecteur-VTC.exe
O4 - GS\Desktop [Patrick]: Photomatix Pro 3.lnk . (.HDRsoft - Photomatix Pro.) -- C:\Program Files (x86)\PhotomatixPro3\PhotomatixPro.exe
O4 - GS\Desktop [Patrick]: SosVirus Forum.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe https://www.sosvirus.net =>Hijacker.Agent
O4 - GS\Desktop [Patrick]: Spyder4Pro 4.5.4.lnk . (...) -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Spyder4Pro.exe
O4 - GS\Desktop [Patrick]: TreeSize Free.lnk . (.JAM Software - TreeSize Free hard disk space manager.) -- C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe
O4 - GS\Desktop [Patrick]: Tutoriel photoshop cs5 detourage dun personnage et de ces cheveux.lnk . (...) -- D:\applic compressées\photos\tutoriel\Tutoriel photoshop cs5 detourage dun personnage et de ces cheveux.mp4
O4 - GS\Desktop [Patrick]: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
O4 - GS\Desktop [Patrick]: vidéo juke-box.lnk - Clé orpheline
O4 - GS\Desktop [Administrateur]: DVD Shrink 3.2.lnk . (.DVD Shrink - DVD Shrink 3.2.) -- C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe
O4 - GS\Desktop [Administrateur]: PicturesToExe.lnk . (...) -- C:\Program Files (x86)\PicturesToexe\apr.exe (.not file.)
O4 - GS\Desktop [Administrateur]: Spyder4Pro 4.5.4.lnk . (...) -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Spyder4Pro.exe
O4 - GS\Desktop [Administrateur]: wlmail.lnk . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation
~ Global Startup: 155 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: SpyderUtility.lnk . (...) -- C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
O4 - GS\Startup [Patrick]: EIZO EasyPIX.lnk . (...) -- C:\Program Files (x86)\EIZO\EIZO EasyPIX\EIZO EasyPIX.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [EasyPIXCore] . (...) -- C:\Program Files\EIZO\EIZO EasyPIX Core\ep_eacore.exe
O4 - HKLM\..\Run: [Monitor] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Patrick\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Patrick\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [KeePass 2 PreLoad] . (.Dominik Reichl - KeePass.) -- C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3415070418-487983937-4007549341-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-3415070418-487983937-4007549341-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-3415070418-487983937-4007549341-1000\..\RunOnce: [Uninstall C:\Users\Patrick\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3415070418-487983937-4007549341-1000\..\RunOnce: [Uninstall C:\Users\Patrick\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{424D7F1E-C584-413A-9B06-323866CE2FD6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpDomain = pace
O17 - HKLM\System\CS1\Services\Tcpip\..\{424D7F1E-C584-413A-9B06-323866CE2FD6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpDomain = pace
O17 - HKLM\System\CS2\Services\Tcpip\..\{424D7F1E-C584-413A-9B06-323866CE2FD6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpDomain = pace
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tàches planifiées en automatique (O39)
[MD5.29B81898034EF7692A242E49310E0411] [APT] [Trigger KMS Activation] (...) -- C:\Program Files\KMSnano\TriggerKMS.exe [54784]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: KMSnano 24 - (...) [HKLM][64Bits] -- KMSnano 24_is1
O42 - Logiciel: Spyder4Pro - (...) [HKLM][64Bits] -- Spyder4Pro
~ Logic: 157 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Black]
[HKCU\Software\Filesystems]
[HKCU\Software\Flags]
[HKCU\Software\Flowers]
[HKCU\Software\Logic Développement Claude Ingrain]
[HKCU\Software\RMFJudgingSystems100]
[HKLM\Software\Chorus]
[HKLM\Software\Wow6432Node\685D6D1C-D73A-4F37-B7E5E53660311DDB]
[HKLM\Software\Wow6432Node\Fruit]
~ Key Software: 310 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/09/2011 - 14:59:38 - [2,296] ----D C:\Program Files (x86)\EIZO
O43 - CFD: 23/03/2010 - 21:13:15 - [0,000] ----D C:\ProgramData\Applause and Laugher
O43 - CFD: 18/01/2013 - 10:26:28 - [0] ----D C:\ProgramData\boost_interprocess_Patrick
O43 - CFD: 30/09/2011 - 09:45:49 - [0] ----D C:\ProgramData\EIZO
O43 - CFD: 05/03/2012 - 23:06:23 - [0,000] ----D C:\ProgramData\Limiter
O43 - CFD: 05/03/2012 - 23:05:31 - [0,000] ----D C:\ProgramData\MIDI Patch Names
O43 - CFD: 10/02/2011 - 19:21:07 - [0,002] ----D C:\ProgramData\PhotoLogic_2011
O43 - CFD: 21/01/2013 - 15:59:29 - [0,001] ----D C:\ProgramData\PhotoLogic_2013
O43 - CFD: 15/08/2013 - 08:29:34 - [0] ----D C:\Users\Patrick\AppData\Roaming\com.eizo.EasyPIX
O43 - CFD: 30/09/2011 - 09:45:49 - [0,006] ----D C:\Users\Patrick\AppData\Roaming\EIZO
O43 - CFD: 27/04/2012 - 20:23:47 - [0] ----D C:\Users\Patrick\AppData\Roaming\vtcmovies
O43 - CFD: 23/12/2012 - 08:34:06 - [0,123] ----D C:\Users\Patrick\AppData\Roaming\vtc_demo_setup
O43 - CFD: 30/04/2012 - 12:43:56 - [0] ----D C:\Users\Patrick\AppData\Roaming\vtc_language
O43 - CFD: 03/12/2011 - 09:04:22 - [0] ----D C:\Users\Patrick\AppData\Local\7MPL
O43 - CFD: 30/09/2011 - 09:45:49 - [0] ----D C:\Users\Patrick\AppData\Local\EIZO
O43 - CFD: 30/04/2011 - 13:46:43 - [0,000] ----D C:\Users\Patrick\AppData\Local\_NkvMail@
O43 - CFD: 15/11/2010 - 13:54:45 - [0,000] ----D C:\Users\Patrick\AppData\Local\_NkvPrint@
~ 1 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 314 Legitimates Filtered in 00mn 04s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.546A767DDE54AA3CD9069C4153FF41B6] - 25/09/2013 - 07:14:10 ---A- . (...) -- C:\Windows\DirectX.log [764]
O44 - LFC:[MD5.D76F03D887233EE847D2D2D4D8E70AE3] - 23/09/2013 - 12:11:19 ---A- . (...) -- C:\DelFix.txt [1671]
~ Files: 154 Legitimates Filtered in 00mn 02s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{523b417a-3964-11df-bd6d-6cf049080b2c}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.)
O51 - MPSK:{d5cf00ef-26b5-11e0-81dd-6cf049080b2c}\AutoRun\command. (...) -- I:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 01mn 31s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BambooCore [Key] . (.Pas de propriétaire - BambooDock back-end application.) -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
~ SMSR Keys: 15 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.518B8D447A1975AB46DA093A2E743256] - 09/01/2010 - 21:22:06 . (.ALWIL Software - avast! Filtering NDIS driver.) -- C:\Windows\System32\Drivers\aswNdis.sys [12368]
O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 23/09/2013 - 04:33:32 ---A- . (...) -- C:\Users\Patrick\AppData\Local\Google\Toolbar Cache\7.5.4209.2358\fr\translate_element.js.content [2377]
O61 - LFC: 23/09/2013 - 05:05:59 ---A- . (.PC9.) -- C:\Users\Patrick\Documents\appart Loigny\Regerat 2ème\CONTRAT LOCATION studio 2ème étage Loigny Mr Regérat .doc [89600]
O61 - LFC: 23/09/2013 - 05:27:04 ---A- . (...) -- C:\Users\Patrick\Documents\appart Loigny\jacquet 2ème\EtatDesLieux.xlsx [21634]
O61 - LFC: 23/09/2013 - 05:27:07 ---A- . (...) -- C:\Users\Patrick\Documents\appart Loigny\Regerat 2ème\EtatDesLieux départ mlleJacquet.xlsx [21675]
O61 - LFC: 23/09/2013 - 09:58:51 ---A- . (...) -- C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [260138]
O61 - LFC: 23/09/2013 - 10:17:51 ---A- . (...) -- C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Local State [53214]
O61 - LFC: 23/09/2013 - 12:35:52 ---A- . (...) -- C:\Users\Patrick\Documents\Pc Patrick\Recherche de virus.docx [58700]
O61 - LFC: 23/09/2013 - 12:36:31 ---A- . (...) -- C:\Users\Patrick\AppData\Local\Google\Toolbar\broker_metrics.xml [8778]
O61 - LFC: 23/09/2013 - 15:09:14 ---A- . (...) -- C:\Users\Patrick\Documents\voiture\pneus polo.xlsx [9043]
O61 - LFC: 23/09/2013 - 16:28:33 ---A- . (...) -- C:\Users\Patrick\Links\SkyDrive.lnk [617]
O61 - LFC: 23/09/2013 - 18:37:45 ---A- . (...) -- C:\Users\Patrick\Documents\club photo gien\dde de subvention 2014\liste noms.xlsx [15533]
O61 - LFC: 23/09/2013 - 18:53:10 ---A- . (...) -- C:\Users\Patrick\AppData\Local\resmon.resmoncfg [7617]
O61 - LFC: 24/09/2013 - 05:03:38 ---A- . (...) -- C:\Users\Patrick\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 24/09/2013 - 05:09:03 ---A- . (...) -- C:\Users\Patrick\AppData\Roaming\ZHP\ZHPDiag.txt [44489] =>.Nicolas Coolman
O61 - LFC: 24/09/2013 - 12:14:20 ---A- . (...) -- C:\Users\Patrick\Documents\budget échéance\échéance budget.xlsx [32381]
O61 - LFC: 24/09/2013 - 19:00:12 ---A- . (...) -- C:\Users\Patrick\AppData\Roaming\Microsoft\IdentityCRL\production\MetaConfig.xml [163]
O61 - LFC: 25/09/2013 - 07:08:35 ---A- . (...) -- C:\Users\Patrick\Documents\connexion web\répertoire.xlsx [12122]
O61 - LFC: 25/09/2013 - 07:30:08 ---A- . (...) -- C:\Users\Patrick\Documents\club photo gien\invitation GIEN PHOTO.docx [11315]
O61 - LFC: 25/09/2013 - 10:09:03 ---A- . (...) -- C:\Users\Patrick\AppData\Roaming\Overdrive [0]
O61 - LFC: 26/09/2013 - 05:43:50 ---A- . (...) -- C:\Users\Patrick\Documents\romain\0720414R0241380170612150.tsv [6251]
O61 - LFC: 26/09/2013 - 05:49:40 ---A- . (...) -- C:\Users\Patrick\AppData\Local\Datacolor\SpyderUtility\Preferences.xml [521]
O61 - LFC: 26/09/2013 - 06:10:44 ---A- . (...) -- C:\Users\Patrick\AppData\Roaming\ZHP\Log.txt [40795] =>.Nicolas Coolman
~ 19 Fichiers temporaires (Temporary files)
~ Files: 350 Legitimates Filtered in 01mn 50s
---\\ Fichiers Alternate Data Stream (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\SpoonUninstall.exe:Zone.Identifier
~ ADS: Scanned in 00mn 02s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (MtxVxd) .(...) - LEGACY_MTXVXD
~ Legacy: 79 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com
O69 - SBI: SearchScopes [HKCU] {135589C2-E5EB-4c02-B8BD-F2762F96B8BB} - (Bing) - https://www.bing.com
O69 - SBI: SearchScopes [HKCU] {414A5328-1F37-4c14-BA72-CE9DF4DD0FF3} - (Google) - https://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
D:\applic compressées\photos\Adobe\Plug in Photoshop CS5\Plug-ins for Adobe Photoshop CS5\OnOne Software Mask Pro 4.1.8\KEYGEN.EXE =>.Adobe Systems Incorporated
D:\applic compressées\photos\Adobe\Plug in Photoshop CS5\Plug-ins for Adobe Photoshop CS5\OnOne.PhotoTune.v3.0.2\redt\KeyGen.exe =>.Adobe Systems Incorporated
D:\applic compressées\photos\Nik_software_collection_complete\Silver Efex Pro\keygen.exe
D:\logiciel pc sully\Adobe\ligthroom 3.6\Adobe Photoshop Lightroom 4.0 final multilangues\keygen.exe
D:\logiciel pc sully\Adobe\Plug in Photoshop CS5\Plug-ins for Adobe Photoshop CS5\OnOne.PhotoTune.v3.0.2\redt\KeyGen.exe =>.Adobe Systems Incorporated
D:\logiciel pc sully\Nik_software_collection_complete\Silver Efex Pro\keygen.exe
~ Files: Scanned in 04mn 35s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.DA604B10528FDE8494103A1114B2D7E3] [SPRF][27/04/2013] (...) -- C:\Users\Patrick\Desktop\Diaporama hand indice c.exe [510460862]
[MD5.B275BDB3E1718652EA30AFB3209BB975] [SPRF][23/09/2013] (...) -- C:\Users\Patrick\Desktop\FHSetup.exe [264757]
[MD5.B92DD16BA6BB1DBB4A2F99244722606C] [SPRF][05/06/2010] (...) -- C:\Users\Patrick\Desktop\PortraiturePlugin2308.exe [4058712]
[MD5.70643FD276A90A153CF482F47A79BD7A] [SPRF][10/01/2013] (...) -- C:\Users\Patrick\Desktop\winrar_winrar_4.2_64_bits_francais_9632 (1).exe [1736616]
~ Files: 6 Legitimates Filtered in 00mn 07s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{6D61A5CD-6AA0-43EF-845F-98769C3B0C53}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files\EIZO\EIZO EasyPIX Core\ep_eacore.exe
O87 - FAEL: "{7C2D9206-D54A-4758-B7C9-D65B8B4637F2}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files\EIZO\EIZO EasyPIX Core\ep_eacore.exe
~ Firewall: 209 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.AC56BB3E3B308C49E326FCCA48B417E0] [WIS][04/06/2013] (.UNKNOWN - Elephorm.) -- C:\Windows\Installer\223f0a57.msi [24064]
~ WIS: 148 Legitimates Filtered in 00mn 21s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 01/09/2011 169624 | (AdobeActiveFileMonitor10.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 23/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 30/08/2013 137960 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\afwServ.exe
SS - | Demand 17/11/2005 1527900 | (FirebirdServerMAGIXInstance) . (.MAGIX®.) - C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
SR - | Auto 01/05/2009 181544 | (FreeAgentGoNext Service) . (.Seagate Technology LLC.) - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
SS - | Auto 28/06/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/06/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 23/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 07/02/2011 138192 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 20/06/2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 15/04/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 05/02/2013 428928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SS - | Demand 08/09/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 22/09/2011 66560 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\SysWOW64\nlssrv32.exe
SR - | Auto 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 02/10/2012 382824 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 08/09/2011 6583160 | (TabletServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
SR - | Auto 15/11/2010 5716848 | (TabletServiceWacom) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
SR - | Auto 28/08/2012 92632 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
SR - | Auto 08/09/2011 528760 | (TouchServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
SR - | Auto 15/04/2010 2533400 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14/12/2006 544768 | (UPnPService) . (.Magix AG.) - C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 21s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Patrick at 26/09/2013 07:17:45
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, https://ad13.geekstog
Run by Patrick at 26/09/2013 07:17:47
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 12930 - (24/09/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
~ Additionnel Scan: 293372 Items scanned in 00mn 19s
---\\ Récapitulatif des détections trouvées sur votre station
~ https://nicolascoolman.webs.com/apps/blo ... bar-google =>Toolbar.Google
~ MSI: 1 link(s) detected in 00mn 19s
~ 1897 Legitimates filtered by white list
End of the scan (557 lines in 10mn 05s)(6)