toubda
Participant
Nombre d'articles : 8

nouveau rapport
je reçois toujours des emails
Ceci est un message automatique genere par le serveur mwinf5d17.orange.fr.
Merci de ne pas y repondre.
This is the mail system at host mwinf5d17.orange.fr.
The mail system
: delivery to host netscape.net[205.188.103.2] timed out

[spoiler:19tjqofv]http://pjjoint.malekal.com/files.php?id=ZHPDiag_20130917_y15c6h10i6n15[/spoiler:19tjqofv]

[spoiler:19tjqofv]~ Rapport de ZHPDiag v2013.9.17.31 – Nicolas Coolman (17/09/2013)
~ Lancé par david (17/09/2013 22:08:09)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16688
GCIE: Google Chrome v29.0.1547.66 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : H8MQ7
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Ad Blocker v1.0.0.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

—\ Logiciels d'optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Reader XI
Java 7 Update 40

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 7884 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 166 GB (71%) free of 233 GB

—\ Mode de connexion au système
~ Computer Name: PC-DAVID
~ User Name: david
~ All Users Names: Sylvia, HomeGroupUser$, david, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppData% : C:UsersdavidAppDataRoaming
~ %Desktop% : C:UsersdavidDesktop
~ %Favorites% : C:UsersdavidFavorites
~ %LocalAppData% : C:UsersdavidAppDataLocal
~ %StartMenu% : C:UsersdavidAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 166 Go of 233 Go)
D: Hard drive, Flash drive, Thumb drive (Free 343 Go of 373 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 3 Go)
G: Hard drive, Flash drive, Thumb drive (Free 274 Go of 298 Go)
H: Hard drive, Flash drive, Thumb drive (Free 334 Go of 443 Go)
I: Hard drive, Flash drive, Thumb drive (Free 259 Go of 932 Go)
J: Hard drive, Flash drive, Thumb drive (Free 183 Go of 488 Go)
K: Floppy drive, Flash card reader, USB Key (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 34 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] – (.Microsoft Corporation – Explorateur Windows.) (.01/06/2013 – 12:34:21.) — C:WindowsExplorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] – (.Microsoft Corporation – Application de démarrage de Windows.) (.26/07/2012 – 04:08:50.) — C:WindowsSystem32Wininit.exe [132608]
[MD5.6DBE239FF1C9650A794C974B8C7913D7] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.21/08/2013 – 05:12:06.) — C:WindowsSystem32wininet.dll [2241024]
[MD5.BCF2036A0DD579E47C008C133550283E] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.11/10/2012 – 06:46:58.) — C:WindowsSystem32Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] – (.Microsoft Corporation – Bibliothèque de licences.) (.26/07/2012 – 04:07:20.) — C:WindowsSystem32sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.06/11/2012 – 04:53:44.) — C:Windowssystem32DriversAFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.26/07/2012 – 06:00:48.) — C:Windowssystem32Driversatapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] – (.Microsoft Corporation – CD-ROM File System Driver.) (.26/07/2012 – 03:30:10.) — C:Windowssystem32DriversCdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.26/07/2012 – 03:26:36.) — C:Windowssystem32DriversCdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.26/07/2012 – 03:26:53.) — C:Windowssystem32DriversDfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/09/2012 – 07:08:44.) — C:Windowssystem32DriversHDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] – (.Microsoft Corporation – Pilote de port i8042.) (.26/07/2012 – 03:28:51.) — C:Windowssystem32Driversi8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] – (.Microsoft Corporation – IP Network Address Translator.) (.26/07/2012 – 03:23:01.) — C:Windowssystem32DriversIpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.05/02/2013 – 23:29:09.) — C:Windowssystem32DriversMRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] – (.Microsoft Corporation – MBT Transport driver.) (.26/07/2012 – 03:24:28.) — C:Windowssystem32DriversnetBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.02/02/2013 – 11:54:54.) — C:Windowssystem32Driversntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] – (.Microsoft Corporation – Pilote de port parallèle.) (.26/07/2012 – 03:29:53.) — C:Windowssystem32DriversParport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.26/07/2012 – 03:23:17.) — C:Windowssystem32DriversRasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 – 03:25:18.) — C:Windowssystem32Driversrdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] – (.Microsoft Corporation – TDI Translation Driver.) (.26/07/2012 – 06:26:47.) — C:Windowssystem32Driverstdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.01/06/2013 – 12:26:33.) — C:Windowssystem32Driversvolsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/2362
~ Mes musiques (My Musics) : 1/2485
~ Mes Videos (My Videos) : 1/56
~ Mes Favoris (My Favorites) : 1/33
~ Mes Documents (My Documents) : 2/1881
~ Mon Bureau (My Desktop) : 1/3
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 00s

—\ Processus lancés
[MD5.01B64830DE6341004AC00EB8CC302DA0] – (.Acronis – Acronis Scheduler Helper.) — C:Program Files (x86)Common FilesAcronisSchedule2schedhlp.exe [403816] [PID.2920]
[MD5.69764A6475A4C54732E6A07CE6EF8BE2] – (.Microsoft Corporation – Microsoft LifeCam Device Application.) — C:WindowsvVX3000.exe [762736] [PID.5068]
[MD5.D5543E09953C8A8B12801A3A7AFEE155] – (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe [59720] [PID.5220]
[MD5.CC37819A9C45FDF9E0577D71D8044319] – (.Apple Inc. – ApplePhotoStreams.exe.) — C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe [59720] [PID.5284]
[MD5.61E4289E91E88C90478D7F4BEB10DCF7] – (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe [59720] [PID.5376]
[MD5.A1993250DD28B823D0B2477CFE9B331F] – (.Apple Inc. – BookmarkDAV_client.exe.) — C:Program Files (x86)Common FilesAppleInternet ServicesBookmarkDAV_client.exe [59720] [PID.5384]
[MD5.C48ACB5EC85FABB168BA37B867116776] – (.Pas de propriétaire – MFManager.) — C:Program Files (x86)CanonImageBrowser EXMFManager.exe [69120] [PID.5664]
[MD5.CE42DFE915F78246364D464902E47360] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.5412]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [4858968] [PID.5856]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe [532040] [PID.5828]
[MD5.DF1BBA1168C0AD1D080A1F1B99576A76] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [829392] [PID.6524]
[MD5.E4CC9B9536C130DD6324B7B9B0F19C6F] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [7967744] [PID.4424]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersdavidAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [adkabecbfdkkkemgjlccffplidobgebn] Bons Plans v.0.2 (Activé)
G2 – GCE: Preference [User DataDefault] [ajnmfkilicomdippcehaldlonfldmlfi] House Plans v.2.2 (Activé)
G2 – GCE: Preference [User DataDefault] [cfiebajnnakcjkedcfamhdfgckcbnhke] PagesJaunes v.2.0 (Activé)
G2 – GCE: Preference [User DataDefault] [chmachfiimeggafocgeldapnchdnoiib] Striker Manager v.5 (Activé)
G2 – GCE: Preference [User DataDefault] [cnglhdfndkfkpiddcmfioekcjkmojhbj] Findizer Shopping via vos-demarches.com v.0.16, (Activé)
G2 – GCE: Preference [User DataDefault] [edmenbbkdinanecgnpphpfdbdlnfobnb] Télévision v.1.0.0 (Activé)
G2 – GCE: Preference [User DataDefault] [eegpopcingfghbompjfejakfeaolmbop] Mahjongg v.1.0.0.2 (Activé)
G2 – GCE: Preference [User DataDefault] [ekckfmbgohljpbplohgkeoepmieffaef] Applications iPhone gratuites et moins chè res v.2.0 (Activé)
G2 – GCE: Preference [User DataDefault] [epanfjkfahimkgomnigadpkobaefekcd] DoNotTrackMe v.2.2.9.815 (Activé)
G2 – GCE: Preference [User DataDefault] [fjkkongamjdfggeifeicejegagbhhjlf] Cinémur v.2.1 (Activé)
G2 – GCE: Preference [User DataDefault] [hhnjdplhmcnkiecampfdgfjilccfpfoe] Enregistrement de mes désactivations v.1.0.15 (Activé)
G2 – GCE: Preference [User DataDefault] [hjhfaknohpjconjoefidanhihokmkice] Marvel Comics v.1.0.0.0 (Activé)
G2 – GCE: Preference [User DataDefault] [imjhdahelgojehmfmkmdfjcpfbglbfmj] 60 Minutes v.0.60 (Activé)
G2 – GCE: Preference [User DataDefault] [lopjcmmefbnfmhpeddjcencjfioejlfb] Zone bourse v.1.0.0.4 (Activé)
G2 – GCE: Preference [User DataDefault] [lpjiedkmklkkiekefddjkekdngpdgnbd] L'équipe v.1.4.3 (Activé)
G2 – GCE: Preference [User DataDefault] [nielaigelomefgdoljcpfgbdbfefhdjc] Amazon Windowshop v.1.1.0.0 (Activé)
G2 – GCE: Preference [User DataDefault] [pfmopbbadnfoelckkcmjjeaaegjpjjbk] GoPhoto.it v.1.6, (Désactivé) =>Spyware.GophotoIt
~ Google Browser: 52 Legitimates Filtered in 00mn 06s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: WBFS Manager 4.0.lnk . (…) — C:WindowsInstaller{825E9A84-1E03-4526-9F8E-45015C938A7C}_487BD6FE9B27D3A38E7997.exe
O4 – GSProgram [Public]: Desktop.lnk – Clé orpheline
O4 – GSDesktop [david]: HDPlayer.lnk . (…) — C:Program Files (x86)HDPlayerHDPlayer.exe (.not file.)
O4 – GSDesktop [david]: WiiBackup Manager.lnk . (…) — J:Dossier Jeux DS_WiiWiiBackup ManagerWiiBackupManager_Win64.exe
~ Global Startup: 39 Legitimates Filtered in 00mn 00s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: ImageBrowser EX Agent.lnk . (…) — C:Program Files (x86)CanonImageBrowser EXMFManager.exe
O4 – HKLM..Run: [Logitech Download Assistant] . (.Logitech, Inc. – Logitech Download Assistant.) — C:WindowsSystem32LogiLDA.dll
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
O4 – HKLM..Run: [VX3000] . (.Microsoft Corporation – Microsoft LifeCam Device Application.) — C:WindowsvVX3000.exe
O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARtkNGUI64.exe
O4 – HKLM..Run: [Acronis Scheduler2 Service] . (.Acronis – Acronis Scheduler Helper.) — C:Program Files (x86)Common FilesAcronisSchedule2schedhlp.exe
O4 – HKCU..Run: [msnmsgr] C:Program Files (x86)Windows LiveMessengermsnmsgr.exe (.not file.)
O4 – HKCU..Run: [iCloudServices] . (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
O4 – HKCU..Run: [ApplePhotoStreams] . (.Apple Inc. – ApplePhotoStreams.exe.) — C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
O4 – HKCU..Run: [com.apple.dav.bookmarks.daemon] . (.Apple Inc. – BookmarkDAV_client.exe.) — C:Program Files (x86)Common FilesAppleInternet ServicesBookmarkDAV_client.exe
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe
O4 – HKLM..Wow6432NodeRunOnce: [Malwarebytes Anti-Malware] . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe
O4 – HKUSS-1-5-21-3962733790-4023239181-3022731195-1001..Run: [msnmsgr] C:Program Files (x86)Windows LiveMessengermsnmsgr.exe (.not file.)
O4 – HKUSS-1-5-21-3962733790-4023239181-3022731195-1001..Run: [iCloudServices] . (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
O4 – HKUSS-1-5-21-3962733790-4023239181-3022731195-1001..Run: [ApplePhotoStreams] . (.Apple Inc. – ApplePhotoStreams.exe.) — C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe
O4 – HKUSS-1-5-21-3962733790-4023239181-3022731195-1001..Run: [com.apple.dav.bookmarks.daemon] . (.Apple Inc. – BookmarkDAV_client.exe.) — C:Program Files (x86)Common FilesAppleInternet ServicesBookmarkDAV_client.exe
~ Application: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{AE21C186-3F14-4898-85C2-25A216E8CD72}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{AE21C186-3F14-4898-85C2-25A216E8CD72}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKCUSoftware1ClickDownload] =>PUP.1ClickDownloader
[HKCUSoftware3]
~ Key Software: 151 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 17/09/2013 – 21:17:13 – [2,877] —-D C:Program Files (x86)FreeHDSport.TV =>Hijacker.FreehdsportTV
O43 – CFD: 17/09/2013 – 22:07:03 – [0] —-D C:Program Files (x86)HDPlayer
O43 – CFD: 05/04/2013 – 23:01:47 – [1,703] —-D C:UsersdavidAppDataRoamingwam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 – CFD: 17/09/2013 – 21:17:11 – [0,002] —-D C:UsersdavidAppDataRoamingMicrosoftWindowsStart MenuProgramsHDPlayer
~ Program Folder: 148 Legitimates Filtered in 00mn 01s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.FCF580666155E035D356D0589D5F0E83] – 16/09/2013 – 19:43:19 —A- . (…) — C:UsbFix [Clean 1] PC-DAVID.txt [17926]
O44 – LFC:[MD5.2CE63B3A60C54BF7421B090429C286B0] – 13/09/2013 – 17:09:16 —A- . (…) — C:WindowsSysNativeApnDatabase.xml [387583]
O44 – LFC:[MD5.2CE63B3A60C54BF7421B090429C286B0] – 13/09/2013 – 17:09:16 RSHAD . (…) — C:WindowsSystem32ApnDatabase.xml [387583]
~ Files: 158 Legitimates Filtered in 00mn 02s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLinkedConnections”=1
~ MWPS: 18 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.286193DC28CFB4CEB8D378E20A0850A9] – 30/08/2013 – 08:48:10 . (…) — C:WindowsSystem32DriversaswRvrt.sys [65336]
O58 – SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] – 02/04/2009 – 13:30:14 —A- . (…) — C:WindowsSysWOW64driversASUSHWIO.SYS [10296]
~ Drivers: 18 Legitimates Filtered in 00mn 00s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.)” onclick=”window.open(this.href);return false; [HKLM] — Usbfix
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] ${searchCLSID} – (@ieframe.dll,-12512) – http://search.live.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKUS.DEFAULT] {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} – (DnsBasic) – http://www.dnsbasic.com” onclick=”window.open(this.href);return false; =>PUP.Zwangi
O69 – SBI: SearchScopes [HKUSS-1-5-18] {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} – (DnsBasic) – http://www.dnsbasic.com” onclick=”window.open(this.href);return false; =>PUP.Zwangi
~ Keys: Scanned in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.004B342C4ED21D45A95EC1A4BD43C890] [WIS][16/03/2013] (.Driver Manager – Driver Manager.) — C:WindowsInstaller2af8513.msi [6012416]
~ WIS: 72 Legitimates Filtered in 00mn 01s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 23/08/2012 1127392 | (AcrSch2Svc) . (.Acronis.) – C:Program Files (x86)Common FilesAcronisSchedule2schedul2.exe
SR – | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SR – | Auto 17/03/2013 3717112 | (afcdpsrv) . (.Acronis.) – C:Program Files (x86)Common FilesAcronisCDPafcdpsrv.exe
SR – | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Auto 30/08/2013 137960 | (avast! Firewall) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastafwServ.exe
SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SS – | Demand 14/12/2012 277616 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
SS – | Auto 15/03/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 15/03/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SR – | Auto 09/07/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
SR – | Demand 16/08/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
SS – | Demand 06/09/2013 565672 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe
SR – | Auto 18/08/2012 7026408 | (syncagentsrv) . (.Acronis.) – C:Program Files (x86)Common FilesAcronisSyncAgentsyncagentsrv.exe
SS – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe
SS – | Demand 20/09/2012 29696 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 01s

—\ Scan Additionnel (O88)
Database Version : 12920 – (17/09/2013)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 0

[HKLMSoftwareGoogleChromeExtensionspfmopbbadnfoelckkcmjjeaaegjpjjbk] =>Spyware.GophotoIt^
[HKCUSoftware1ClickDownload] =>PUP.1ClickDownloader
[HKLMSoftwareWow6432NodeGoogleChromeExtensionspfmopbbadnfoelckkcmjjeaaegjpjjbk] =>Spyware.GophotoIt
C:Program Files (x86)FreeHDSport.TV =>Hijacker.FreehdsportTV ^
C:Program Files (x86)Gophoto.it =>Spyware.GophotoIt
C:UsersdavidAppDataLocalGoogleChromeUser DataDefaultExtensionspfmopbbadnfoelckkcmjjeaaegjpjjbk =>Spyware.GophotoIt
~ Additionnel Scan: 232529 Items scanned in 00mn 10s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27793524-spyware-gophotoit” onclick=”window.open(this.href);return false; =>Spyware.GophotoIt
~ http://nicolascoolman.webs.com/apps/blog/show/26607014-pup-1clickdownloader” onclick=”window.open(this.href);return false; =>PUP.1ClickDownloader
~ http://nicolascoolman.webs.com/apps/blog/show/30583270-hijacker-freehdsporttv” onclick=”window.open(this.href);return false; =>Hijacker.FreeHDSportTV
~ http://nicolascoolman.webs.com/apps/blog/show/28363807-pup-zwangi” onclick=”window.open(this.href);return false; =>PUP.Zwangi
~ MSI: 4 link(s) detected in 00mn 10s

~ 1021 Legitimates filtered by white list
End of the scan (379 lines in 00mn 39s)(0)[/spoiler:19tjqofv]