Patrick
Participant
Nombre d'articles : 82

[spoiler:1fprowi1]Rapport de ZHPDiag v2013.9.22.410 – Nicolas Coolman (22/09/2013)
~ Lancé par Patrick (23/09/2013 07:47:22)
~ Adresse du Site Web http://nicolascoolman.webs.com » onclick= »window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16686
MFIE: Mozilla Firefox 23.0.1 (Defaut)
GCIE: Google Chrome v28.0.1500.72
OBIE: Wacom WebTabletPlugin for Internet Explorer and Netscape v2.0.0.1
OBIE: Wacom WebTabletPlugin for Netscape v1.1.0.10

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : RMQMR
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Internet Security v8.0.1497.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

—\ Logiciels d'optimisation du système
CCleaner v3.28 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer
µTorrent v3.3.0.29333 =>P2P.µTorrent

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 40

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8123 MB (68% free)
System Restore: Désactivé (Disabled)
System drive C: has 19 GB (11%) free of 168 GB

—\ Mode de connexion au système
~ Computer Name: PATRICK-PC
~ User Name: Patrick
~ All Users Names: Patrick, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppData% : C:UsersPatrickAppDataRoaming
~ %Desktop% : C:UsersPatrickDesktop
~ %Favorites% : C:UsersPatrickFavorites
~ %LocalAppData% : C:UsersPatrickAppDataLocal
~ %StartMenu% : C:UsersPatrickAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 19 Go of 168 Go)
D: Hard drive, Flash drive, Thumb drive (Free 251 Go of 466 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 344 Go of 932 Go)
H: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
S: Hard drive, Flash drive, Thumb drive (Free 235 Go of 1863 Go)
V: Hard drive, Flash drive, Thumb drive (Free 52 Go of 932 Go)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 35 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.AAFA952E774DDDB0956D3BDFAE5B5B99] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.10/08/2013 – 06:22:18.) — C:WindowsSystem32wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/12/2011 – 04:59:24.) — C:Windowssystem32DriversAFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/44104
~ Mes musiques (My Musics) : 67/2376
~ Mes Videos (My Videos) : 2/38
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 2/4280
~ Mon Bureau (My Desktop) : 0/194
~ Menu demarrer (Programs) : 1/43
~ Hidden Files: Scanned in 00mn 22s

—\ Processus lancés
[MD5.2DC64A3446C8C6E020E781456B46573D] – (.Microsoft Corporation – Tablet PC Input Panel Helper.) — C:Program Files (x86)Common FilesMicrosoft SharedInkTabTip32.exe [10240] [PID.3824]
[MD5.D875E6FFE3A6FB08EB9E59D72EC230D3] – (…) — C:Program FilesEIZOEIZO EasyPIX Coreep_eacore.exe [74240] [PID.3264]
[MD5.72334F906C2E2B002CDD2FF9022FD957] – (.PixArt Imaging Incorporation – Registry Monitor.) — C:WindowsPixArtPac207Monitor.exe [319488] [PID.3464]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] – (…) — ysWOW64rundll32.exe [0] [PID.3756]
[MD5.FDF0BF19E9360E437B02323B9FF81B18] – (.Pas de propriétaire – SpyderUtility 1.2.3.) — C:Program Files (x86)DatacolorSpyder4ProUtilitySpyderUtility.exe [8241767] [PID.3200]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [4858968] [PID.3216]
[MD5.A86097EE61A9945970BFA5A74A157352] – (…) — C:Program Files (x86)EIZOEIZO EasyPIXEIZO EasyPIX.exe [142848] [PID.3252]
[MD5.00AB2B491C7037BB219BEB26FAD34C72] – (.CANON INC. – Canon Solution Menu EX.) — C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.exe [1612920] [PID.2536]
[MD5.358C81ADA09E0B6906DB82EA75B836D5] – (.NEC Electronics Corporation – USB 3.0 Monitor.) — C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe [106496] [PID.4144]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.4408]
[MD5.8334E5088E74401490001EF65E07CAC5] – (.CANON INC. – Canon Solution Menu EX Updater.) — C:Program Files (x86)CanonSolution Menu EXCNSEUPDT.exe [593032] [PID.3268]
[MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [276376] [PID.4512]
[MD5.72EF708552059546B1AAA82E7AA59439] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [17304] [PID.5328]
[MD5.18F20138A715E0677A24A0986BC9AEA2] – (.Adobe Systems, Inc. – Adobe Flash Player 11.8 r800.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_8_800_168.exe [1862024] [PID.2056]
[MD5.63DCE64797C64FB6110727B993440EA5] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8000512] [PID.5984]
[MD5.F0359F7CE712D69ACEF0886BDB4792ED] – (.NVIDIA Corporation – Stereo Vision Control Panel API Server.) — C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [382824] [PID.904]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] – (.AVAST Software – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [46808] [PID.1444]
[MD5.68E3356BC848124F56BDAC3C70C2E54B] – (.AVAST Software – avast! firewall service.) — C:Program FilesAlwil SoftwareAvast5afwServ.exe [137960] [PID.1692]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.2036]
[MD5.07AF7870ABF051EBBAE8A8A92FF34ABE] – (.Seagate Technology LLC – Sync Windows Services.) — C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe [181544] [PID.1220]
[MD5.CE1EE31FFF730CA975A5535D8A71AF61] – (.Pas de propriétaire – Inkjet Printer/Scanner/Fax Extended Survey.) — C:Program Files (x86)CanonIJPLMIJPLMSVC.exe [138192] [PID.1688]
[MD5.71C6A95A5F0CCC87298C4DD0F2C3635A] – (.Hewlett-Packard Company – LightScribe Service.) — C:Program Files (x86)Common FilesLightScribeLSSrvc.exe [73728] [PID.2072]
[MD5.B1EF4686961986DFFB7FE8F18E6FCB5B] – (.Nalpeiron Ltd. – This service enables products that use the.) — C:WindowsSysWOW64nlssrv32.exe [66560] [PID.2148]
[MD5.0407143F2BBC1A5DD5B518AC0704FCBF] – (.TomTom – Windows Service for TomTom HOME.) — C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe [92632] [PID.2364]
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] – (.Google Inc. – Programme d'installation de Google.) — C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [135664] [PID.4072]
[MD5.C245E08EC469A52A622EFDC9787A0DCC] – (.Adobe Systems Incorporated – Adobe Photoshop Elements 10.0 (component).) — C:Program Files (x86)AdobeElements 10 OrganizerPhotoshopElementsFileAgent.exe [169624] [PID.3236]
[MD5.73A1F958FCAC3438046DBB829DC92FE6] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [325656] [PID.2948]
[MD5.F51C224B79D338BDE125FD8035D2418B] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2533400] [PID.4856]
~ Processes Running: Scanned in 00mn 01s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersPatrickAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [ookhcbgokankfmjafalglpofmolfopek] GoogleCalendar Checker (par Google) v.1.2.2 (Activé)
~ Google Browser: 13 Legitimates Filtered in 00mn 08s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:UsersPatrickAppDataRoamingMozillaFirefoxProfilesfqvycs8f.defaultprefs.js
M2 – MFEP: prefs.js [Patrick – fqvycs8f.default2020Player_IKEA@2020Technologies.com] [] Visualisateur 3D de 20-20 v5.0.94.0 (..)
M2 – MFEP: prefs.js [Patrick – fqvycs8f.defaultkeefox@chris.tomlinson] [] KeeFox v1.2.3 (..)
~ Firefox Browser: 28 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride =
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
O1 – Hosts: 0.0.0.0 sams.nikonimaging.com
O1 – Hosts: 0.0.0.0 sams.nikonimaging.com
O1 – Hosts: 8
O1 – Hosts: 0.0.0.0 boxore.com =>Adware.Boxore
O1 – Hosts: 0.0.0.0 http://www.boxore.com » onclick= »window.open(this.href);return false; =>Adware.Boxore
O1 – Hosts: 0.0.0.0 boxore.org =>Adware.Boxore
O1 – Hosts: 0.0.0.0 http://www.boxore.org » onclick= »window.open(this.href);return false; =>Adware.Boxore
O1 – Hosts: 0.0.0.0 boxore.net =>Adware.Boxore
O1 – Hosts: 0.0.0.0 http://www.boxore.net » onclick= »window.open(this.href);return false; =>Adware.Boxore
O1 – Hosts: 0.0.0.0 dlmanager.com =>Adware.Boxore
O1 – Hosts: 0.0.0.0 http://www.dlmanager.com » onclick= »window.open(this.href);return false; =>Adware.Boxore
O1 – Hosts: 0.0.0.0 dlmanager.org =>Adware.Boxore
O1 – Hosts: 0.0.0.0 http://www.dlmanager.org » onclick= »window.open(this.href);return false; =>Adware.Boxore
O1 – Hosts: 0.0.0.0 dlmanager.net =>Adware.Boxore
O1 – Hosts: 0.0.0.0 http://www.dlmanager.net » onclick= »window.open(this.href);return false; =>Adware.Boxore
O1 – Hosts: 0.0.0.0 eorezo.com =>PUP.Eorezo
O1 – Hosts: 0.0.0.0 http://www.eorezo.com » onclick= »window.open(this.href);return false; =>PUP.Eorezo
O1 – Hosts: 0.0.0.0 dist.eorezo.com =>PUP.Eorezo
O1 – Hosts: 0.0.0.0 file.eorezo.com =>PUP.Eorezo
O1 – Hosts: 0.0.0.0 log.eorezo.com =>PUP.Eorezo
O1 – Hosts: 0.0.0.0 ads.eorezo.com =>PUP.Eorezo
O1 – Hosts: 0.0.0.0 prof.eorezo.com =>PUP.Eorezo
O1 – Hosts: 0.0.0.0 soft.eorezo.com =>PUP.Eorezo
O1 – Hosts: 0.0.0.0 upd.eorezo.com =>PUP.Eorezo
O1 – Hosts: 0.0.0.0 dfr.eorezo.com =>PUP.Eorezo
O1 – Hosts: 0.0.0.0 lollipop-network.com =>Adware.Lollipop
O1 – Hosts: 0.0.0.0 http://www.lollipop-network.com » onclick= »window.open(this.href);return false; =>Adware.Lollipop
O1 – Hosts: 0.0.0.0 download.lollipop-network.com =>Adware.Lollipop
O1 – Hosts: 0.0.0.0 offers.lollipop-network.com =>Adware.Lollipop
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 335

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 – Toolbar: Google Toolbar [64Bits] – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Clé orpheline
O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Bamboo Dock.lnk . (…) — C:Program Files (x86)Bamboo DockBamboo DockBamboo Dock.exe
O4 – GSDesktop [Public]: Canon MG5300 series Manuel en ligne.lnk . (.CANON INC. – Easy Guide Viewer.) — C:Program Files (x86)CanonIJ ManualEasy Guide Viewercmview.exe
O4 – GSDesktop [Public]: Capture NX 2.lnk . (.Nik Software GmbH – Capture NX 2.) — C:Program FilesNikonCapture NX 2Capture NX 2.exe
O4 – GSDesktop [Public]: DeNoise QuickStart.pdf.lnk . (…) — C:WindowsInstaller{0A6C24B8-F519-4A1B-B3A1-0D4FA1078824}_BE1D357FFF8FF6096DCACD.exe
O4 – GSDesktop [Public]: DeNoise UsersGuide.pdf.lnk . (…) — C:WindowsInstaller{0A6C24B8-F519-4A1B-B3A1-0D4FA1078824}_8404151857E2A9CAEE5696.exe
O4 – GSDesktop [Public]: Detail QuickStart.pdf.lnk . (…) — C:WindowsInstaller{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}_8DF156B6024A411E633782.exe
O4 – GSDesktop [Public]: Detail UsersGuide.pdf.lnk . (…) — C:WindowsInstaller{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}_60B6A752AD1AB9EB471741.exe
O4 – GSDesktop [Public]: EIZO EasyPIX.lnk . (…) — C:Program Files (x86)EIZOEIZO EasyPIXEIZO EasyPIX.exe
O4 – GSDesktop [Public]: Elephorm.lnk . (…) — C:Program Files (x86)Elephorm applicationsElephormElephorm.exe
O4 – GSDesktop [Public]: Lightroom 5.2 RC 64-bit.lnk . (…) — C:Program Files (x86)AdobeAdobe Photoshop Lightroom 5.2 RClightroom.exe (.not file.)
O4 – GSDesktop [Public]: LightScribe.lnk . (.Hewlett-Packard Company – Pas de description.) — C:Program Files (x86)Common FilesLightScribeLSLauncher.exe
O4 – GSDesktop [Public]: MyPhoneExplorer.lnk . (.F.J. Wechselberger – MyPhoneExplorer.) — C:Program Files (x86)MyPhoneExplorerMyPhoneExplorer.exe
O4 – GSDesktop [Public]: Photo d'identité.lnk . (.Emjysoft – Pas de description.) — C:Program Files (x86)EmjysoftPhotophoto.exe
O4 – GSDesktop [Public]: PicturesToExe 7.0.lnk . (…) — C:Program Files (x86)WnSoft PicturesToexe7.0MainPicturesToexe.exe
O4 – GSDesktop [Public]: Seagate Manager.lnk . (.Seagate Technology LLC – Seagate Manager.) — C:Program Files (x86)SeagateSeagateManagerManagerAppstxmanager.exe
O4 – GSDesktop [Public]: Wise PC Engineer.lnk . (.WiseCleaner.com – Wise PC Engineer – Taking care of your PC E.) — C:Program Files (x86)Wise PC EngineerWisePCEngineer.exe
O4 – GSDesktop [Public]: Wise Registry Cleaner.lnk . (.WiseCleaner.com – Wise Registry Cleaner.) — C:Program Files (x86)Wise Registry CleanerWiseRegCleaner.exe
O4 – GSDesktop [Public]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
O4 – GSProgram [Public]: Elephorm.lnk . (…) — C:Program Files (x86)Elephorm applicationsElephormElephorm.exe
O4 – GSProgram [Public]: KeePass 2.lnk . (.Dominik Reichl – KeePass.) — C:Program Files (x86)KeePass Password Safe 2KeePass.exe
O4 – GSProgram [Public]: KeePass.lnk . (…) — C:Program Files (x86)KeePass Password SafeKeePass.exe (.not file.)
O4 – GSTaskBar [Patrick]: Lightroom 5.2 RC 64-bit.lnk . (…) — C:Program Files (x86)AdobeAdobe Photoshop Lightroom 5.2 RClightroom.exe (.not file.)
O4 – GSProgram [Patrick]: Lecteur VTC.lnk . (…) — C:UsersPatrickAppDataRoamingVTC ContentLecteur-VTC.exe
O4 – GSSendTo [Patrick]: Réduire les photographies….lnk . (…) — C:Program Files (x86)EmjysoftPhoto Réducteurphoto.exe (.not file.)
O4 – GSDesktop [Patrick]: Bibliothèques – Raccourci.lnk . (…) — C:UsersPatrickAppDataRoamingMicrosoftWindowsLibraries
O4 – GSDesktop [Patrick]: Dropbox.lnk . (.Dropbox, Inc. – Dropbox.) — C:UsersPatrickAppDataRoamingDropboxbinDropbox.exe
O4 – GSDesktop [Patrick]: Free PDF to Word Doc Converter.lnk . (…) — C:Program Files (x86)Free PDF to Word Doc Converterpdf2word.exe
O4 – GSDesktop [Patrick]: ImageMagick Display.lnk . (…) — C:Program Files (x86)ImageMagick-6.7.9-Q16imdisplay.exe (.not file.)
O4 – GSDesktop [Patrick]: KeePass 2.lnk . (.Dominik Reichl – KeePass.) — C:Program Files (x86)KeePass Password Safe 2KeePass.exe
O4 – GSDesktop [Patrick]: Lecteur VTC.lnk . (…) — C:UsersPatrickAppDataRoamingVTC ContentLecteur-VTC.exe
O4 – GSDesktop [Patrick]: Photomatix Pro 3.lnk . (.HDRsoft – Photomatix Pro.) — C:Program Files (x86)PhotomatixPro3PhotomatixPro.exe
O4 – GSDesktop [Patrick]: SosVirus Forum.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.sosvirus.net » onclick= »window.open(this.href);return false; =>Hijacker.Agent
O4 – GSDesktop [Patrick]: SosVirus On Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com » onclick= »window.open(this.href);return false; =>Hijacker.Agent
O4 – GSDesktop [Patrick]: Spyder4Pro 4.5.4.lnk . (…) — C:Program Files (x86)DatacolorSpyder4ProSpyder4Pro.exe
O4 – GSDesktop [Patrick]: TreeSize Free.lnk . (.JAM Software – TreeSize Free hard disk space manager.) — C:Program Files (x86)JAM SoftwareTreeSize FreeTreeSizeFree.exe
O4 – GSDesktop [Patrick]: Tutoriel photoshop cs5 detourage dun personnage et de ces cheveux.lnk . (…) — D:applic compresséesphotostutorielTutoriel photoshop cs5 detourage dun personnage et de ces cheveux.mp4
O4 – GSDesktop [Patrick]: vidéo juke-box.lnk – Clé orpheline
O4 – GSDesktop [Patrick]: Wise Disk Cleaner Free.lnk . (.WiseCleaner.com – Find and remove junk files from your hard d.) — C:Program Files (x86)Wise Disk CleanerWiseDiskCleaner.exe =>Rogue.DiskCleaner
O4 – GSDesktop [Administrateur]: DVD Shrink 3.2.lnk . (.DVD Shrink – DVD Shrink 3.2.) — C:Program Files (x86)DVD ShrinkDVD Shrink 3.2.exe
O4 – GSDesktop [Administrateur]: PicturesToExe.lnk . (…) — C:Program Files (x86)PicturesToexeapr.exe (.not file.)
O4 – GSDesktop [Administrateur]: Spyder4Pro 4.5.4.lnk . (…) — C:Program Files (x86)DatacolorSpyder4ProSpyder4Pro.exe
O4 – GSDesktop [Administrateur]: wlmail.lnk . (.Microsoft Corporation – Windows Live Mail.) — C:Program Files (x86)Windows LiveMailwlmail.exe =>.Microsoft Corporation
~ Global Startup: 163 Legitimates Filtered in 00mn 00s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: SpyderUtility.lnk . (…) — C:Program Files (x86)DatacolorSpyder4ProUtilitySpyderUtility.exe
O4 – GSStartup [Patrick]: EIZO EasyPIX.lnk . (…) — C:Program Files (x86)EIZOEIZO EasyPIXEIZO EasyPIX.exe
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
O4 – HKLM..Run: [EasyPIXCore] . (…) — C:Program FilesEIZOEIZO EasyPIX Coreep_eacore.exe
O4 – HKLM..Run: [Monitor] . (.PixArt Imaging Incorporation – Registry Monitor.) — C:WindowsPixArtPAC207Monitor.exe
O4 – HKLM..Run: [nwiz] . (…) — C:Program FilesNVIDIA Corporationnviewnwiz.exe
O4 – HKLM..Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated – Adobe Updater Startup Utility.) — C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 – HKLM..Run: [CanonMyPrinter] . (.CANON INC. – Canon My Printer.) — C:Program FilesCanonMyPrinterBJMyPrt.exe
O4 – HKLM..Run: [IntelliType Pro] . (.Microsoft Corporation – IType.exe.) — C:Program FilesMicrosoft Mouse and Keyboard Centeritype.exe
O4 – HKLM..Run: [IntelliPoint] . (.Microsoft Corporation – IPoint.exe.) — C:Program FilesMicrosoft Mouse and Keyboard Centeripoint.exe
O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 – HKCU..Run: [CAHeadless] . (.Adobe Systems Incorporated – ElementsAutoAnalyzer.) — C:Program Files (x86)AdobeElements 10 OrganizerCAHeadlessElementsAutoAnalyzer.exe
O4 – HKCU..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
O4 – HKLM..Wow6432NodeRun: [avast] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5avastUI.exe
O4 – HKLM..Wow6432NodeRun: [CanonSolutionMenuEx] . (.CANON INC. – Canon Solution Menu EX.) — C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.exe
O4 – HKLM..Wow6432NodeRun: [KeePass 2 PreLoad] . (.Dominik Reichl – KeePass.) — C:Program Files (x86)KeePass Password Safe 2KeePass.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [Nikon Message Center 2] . (.Nikon Corporation – Nikon Message Center 2.) — C:Program Files (x86)NikonNikon Message Center 2NkMC2.exe
O4 – HKLM..Wow6432NodeRun: [NUSB3MON] . (.NEC Electronics Corporation – USB 3.0 Monitor.) — C:Program Files (x86)NEC ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe
O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-3415070418-487983937-4007549341-1000..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 – HKUSS-1-5-21-3415070418-487983937-4007549341-1000..Run: [CAHeadless] . (.Adobe Systems Incorporated – ElementsAutoAnalyzer.) — C:Program Files (x86)AdobeElements 10 OrganizerCAHeadlessElementsAutoAnalyzer.exe
O4 – HKUSS-1-5-21-3415070418-487983937-4007549341-1000..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
~ Application: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{424D7F1E-C584-413A-9B06-323866CE2FD6}: DhcpNameServer = 192.168.0.1
O17 – HKLMSystemCCSServicesTcpip..{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpNameServer = 192.168.5.1
O17 – HKLMSystemCCSServicesTcpip..{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpDomain = pace
O17 – HKLMSystemCS1ServicesTcpip..{424D7F1E-C584-413A-9B06-323866CE2FD6}: DhcpNameServer = 192.168.0.1
O17 – HKLMSystemCS1ServicesTcpip..{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpNameServer = 192.168.5.1
O17 – HKLMSystemCS1ServicesTcpip..{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpDomain = pace
O17 – HKLMSystemCS2ServicesTcpip..{424D7F1E-C584-413A-9B06-323866CE2FD6}: DhcpNameServer = 192.168.0.1
O17 – HKLMSystemCS2ServicesTcpip..{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpNameServer = 192.168.5.1
O17 – HKLMSystemCS2ServicesTcpip..{9308E6EC-5617-4AED-9F21-B97B3EE2CFD3}: DhcpDomain = pace
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.5.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: text/xml [64Bits] – {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE15MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
[MD5.29B81898034EF7692A242E49310E0411] [APT] [Trigger KMS Activation] (…) — C:Program FilesKMSnanoTriggerKMS.exe [54784]
[MD5.00000000000000000000000000000000] [APT] [{16A9266D-BE32-46A2-8A65-88A85F508E13}] (…) — H:AUTORUN.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3AC0A510-71DA-4DD3-8F1E-196874ABEDE9}] (…) — D:applic compress‚esphotosirfanviewirfanview_plugins_425_setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{66BA574B-1E11-49b8-909C-8CC9E0E8E015}] (…) — C:UsersPatrickAppDataLocalTempSxk.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7D652DDF-EED9-43FA-8314-95A3ABB8D554}] (…) — C:UsersPatrickDesktopJMB36X_WinDrv_R1.17.63_WHQL_eSATAR1.17.63.01_eSATAsetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7F166341-B5FD-4643-958E-C0ECAC88B6E3}] (…) — C:UsersPatrickDesktopInstallSeagateManager.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B62195BC-BAF2-44F0-BF7B-3750E7A33AE4}] (…) — F:applic compress‚estrial_xtreme_photostory_cd_dvd_8_deluxe_us.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D59E4E52-CB2B-4725-97E0-ABF49C699F00}] (…) — C:UsersPatrickDownloadsPC_inspector_File_Recovery_4.0_1901.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DF249AE0-84B4-4502-9916-71BE6BC137CD}] (…) — C:Program Files (x86)MyPDFConvertersetupConverter.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E817F246-FC30-4CD7-9A06-70AB3F5C74F4}] (…) — C:UsersPatrickDownloadsSpyder2_2.3.5_Setup.exe (.not file.) [0]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 01s

—\ Logiciels installés (O42)
O42 – Logiciel: KMSnano 24 – (…) [HKLM][64Bits] — KMSnano 24_is1
O42 – Logiciel: Spyder4Pro – (…) [HKLM][64Bits] — Spyder4Pro
~ Logic: 174 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareBlack]
[HKCUSoftwareBookService]
[HKCUSoftwareFilesystems]
[HKCUSoftwareFlags]
[HKCUSoftwareFlowers]
[HKCUSoftwareLogic Développement Claude Ingrain]
[HKCUSoftwareRMFJudgingSystems100]
[HKLMSoftwareChorus]
[HKLMSoftwareWow6432Node685D6D1C-D73A-4F37-B7E5E53660311DDB]
[HKLMSoftwareWow6432NodeFruit]
~ Key Software: 326 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 30/09/2011 – 14:59:38 – [2,296] —-D C:Program Files (x86)EIZO
O43 – CFD: 23/03/2010 – 21:13:15 – [0,000] —-D C:ProgramDataApplause and Laugher
O43 – CFD: 19/03/2012 – 16:02:53 – [0,000] —-D C:ProgramDataAudio Units
O43 – CFD: 18/01/2013 – 10:26:28 – [0] —-D C:ProgramDataboost_interprocess_Patrick
O43 – CFD: 30/09/2011 – 09:45:49 – [0] —-D C:ProgramDataEIZO
O43 – CFD: 05/03/2012 – 23:06:23 – [0,000] —-D C:ProgramDataLimiter
O43 – CFD: 05/03/2012 – 23:05:31 – [0,000] —-D C:ProgramDataMIDI Patch Names
O43 – CFD: 10/02/2011 – 19:21:07 – [0,002] —-D C:ProgramDataPhotoLogic_2011
O43 – CFD: 21/01/2013 – 15:59:29 – [0,001] —-D C:ProgramDataPhotoLogic_2013
O43 – CFD: 15/08/2013 – 08:29:34 – [0] —-D C:UsersPatrickAppDataRoamingcom.eizo.EasyPIX
O43 – CFD: 30/09/2011 – 09:45:49 – [0,006] —-D C:UsersPatrickAppDataRoamingEIZO
O43 – CFD: 27/04/2012 – 20:23:47 – [0] —-D C:UsersPatrickAppDataRoamingvtcmovies
O43 – CFD: 23/12/2012 – 08:34:06 – [0,123] —-D C:UsersPatrickAppDataRoamingvtc_demo_setup
O43 – CFD: 30/04/2012 – 12:43:56 – [0] —-D C:UsersPatrickAppDataRoamingvtc_language
O43 – CFD: 03/12/2011 – 09:04:22 – [0] —-D C:UsersPatrickAppDataLocal7MPL
O43 – CFD: 30/09/2011 – 09:45:49 – [0] —-D C:UsersPatrickAppDataLocalEIZO
O43 – CFD: 11/12/2011 – 09:14:01 – [0] —-D C:UsersPatrickAppDataLocalMediaGet2 =>PUP.MediaGet
O43 – CFD: 30/04/2011 – 13:46:43 – [0,000] —-D C:UsersPatrickAppDataLocal_NkvMail@
O43 – CFD: 15/11/2010 – 13:54:45 – [0,000] —-D C:UsersPatrickAppDataLocal_NkvPrint@
~ 1945 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 2339 Legitimates Filtered in 00mn 25s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.AD77772F727F2EB7D4F01BF3782EA17C] – 23/09/2013 – 05:49:46 —A- . (…) — C:UsbFix [Scan 4] PATRICK-PC.txt [10210]
O44 – LFC:[MD5.DB42B8E702B92F4BEE695ECB662D3F24] – 22/09/2013 – 05:27:42 —A- . (…) — C:UsbFix [Scan 2] PATRICK-PC.txt [9817]
O44 – LFC:[MD5.24C5B4C3484953C314175E3566B7A32E] – 21/09/2013 – 06:59:38 —A- . (…) — C:UsbFix [Scan 1] PATRICK-PC.txt [9559]
~ Files: 145 Legitimates Filtered in 00mn 02s

—\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 – MPSK:{523b417a-3964-11df-bd6d-6cf049080b2c}AutoRuncommand. (…) — G:LaunchU3.exe (.not file.)
O51 – MPSK:{d5cf00ef-26b5-11e0-81dd-6cf049080b2c}AutoRuncommand. (…) — I:LaunchU3.exe (.not file.)
~ Keys: Scanned in 07mn 19s

—\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 – SMSR:HKLM…startupregBambooCore [Key] . (.Pas de propriétaire – BambooDock back-end application.) — C:Program Files (x86)Bamboo DockBambooCore.exe
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – « EnableUIADesktopToggle »=0
O55 – MWPS:[HKLM…PoliciesSystem] – « FilterAdministratorToken »=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKCU…policiesExplorer] – « NoLowDiskSpaceChecks »=1
~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.518B8D447A1975AB46DA093A2E743256] – 09/01/2010 – 21:22:06 . (.ALWIL Software – avast! Filtering NDIS driver.) — C:WindowsSystem32DriversaswNdis.sys [12368]
O58 – SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] – 02/04/2009 – 13:30:14 —A- . (…) — C:WindowsSysWOW64driversASUSHWIO.SYS [10296]
~ Drivers: 16 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 20/09/2013 – 14:13:11 —A- . (…) — C:UsersPatrickAppDataRoamingUsbFixforum.ico [370070]
O61 – LFC: 20/09/2013 – 21:23:09 —A- . (…) — C:UsersPatrickAppDataLocalresmon.resmoncfg [7617]
O61 – LFC: 21/09/2013 – 04:54:15 —A- . (…) — C:UsersPatrickDocumentsclub photo giencoordonnées Gien Photoclub.docx [13453]
O61 – LFC: 21/09/2013 – 06:39:48 —A- . (…) — C:UsersPatrickDocumentsbudget échéanceéchéance budget.xlsx [32305]
O61 – LFC: 21/09/2013 – 18:23:43 —A- . (…) — C:UsersPatrickAppDataLocalGoogleToolbar Cache7.5.4209.2358frtranslate_languages.json.content [1497]
O61 – LFC: 22/09/2013 – 07:23:37 —A- . (…) — C:UsersPatrickDocumentsromainmaster2013_09_22certificat scolarité.pdf [172124]
O61 – LFC: 22/09/2013 – 07:57:00 —A- . (…) — C:UsersPatrickDocumentsclub photo giendde de subvention 2014dossier-subenvetion-2014-14-octobre-2013.xlsx [23669]
O61 – LFC: 22/09/2013 – 08:24:10 —A- . (…) — C:UsersPatrickDocumentsclub photo giendde de subvention 2014lien pour dde de subvention.docx [11938]
O61 – LFC: 22/09/2013 – 08:51:43 —A- . (…) — C:UsersPatrickDocumentsclub photo gienréunion du 18 09 2013Compte rendu de réunion gpc du 17.docx [13637]
O61 – LFC: 22/09/2013 – 09:12:10 —A- . (.C.R.) — C:UsersPatrickDocumentsclub photo gienréunion du 18 09 2013Club Gien QCM intérets_oui_non a.xls [28160]
O61 – LFC: 22/09/2013 – 09:16:47 —A- . (…) — C:UsersPatrickDocumentsclub photo gienréunion du 18 09 2013calendrier Gien photo-club. 2013 2014 indice a.xlsx [58990]
O61 – LFC: 22/09/2013 – 09:34:13 —A- . (…) — C:UsersPatrickDocumentsclub photo gienréunion du 18 09 2013conctact gien.csv [14396]
O61 – LFC: 22/09/2013 – 11:30:52 —A- . (…) — C:UsersPatrickDocumentsclub photo gienliste noms forum.xlsx [13918]
O61 – LFC: 22/09/2013 – 11:54:53 —A- . (…) — C:UsersPatrickDocumentsclub photo giendde de subvention 2014liste noms.xlsx [15043]
O61 – LFC: 23/09/2013 – 04:33:32 —A- . (…) — C:UsersPatrickAppDataLocalGoogleToolbar Cache7.5.4209.2358frtranslate_element.js.content [2377]
O61 – LFC: 23/09/2013 – 04:34:18 —A- . (…) — C:UsersPatrickAppDataLocalGoogleToolbarbroker_metrics.xml [6975]
O61 – LFC: 23/09/2013 – 05:05:59 —A- . (.PC9.) — C:UsersPatrickDocumentsappart LoignyRegerat 2èmeCONTRAT LOCATION studio 2ème étage Loigny Mr Regérat .doc [89600]
O61 – LFC: 23/09/2013 – 05:27:04 —A- . (…) — C:UsersPatrickDocumentsappart Loignyjacquet 2èmeEtatDesLieux.xlsx [21634]
O61 – LFC: 23/09/2013 – 05:27:07 —A- . (…) — C:UsersPatrickDocumentsappart LoignyRegerat 2èmeEtatDesLieux départ mlleJacquet.xlsx [21675]
O61 – LFC: 23/09/2013 – 06:33:05 —A- . (…) — C:UsersPatrickAppDataLocalDatacolorSpyderUtilityPreferences.xml [521]
~ 14 Fichiers temporaires (Temporary files)
~ Files: 154 Legitimates Filtered in 01mn 49s

—\ Fichiers Alternate Data Stream (ADS) (O62)
O62 – ADS:Alternate Data Stream File – C:WindowsSystem32SpoonUninstall.exe:Zone.Identifier
~ ADS: Scanned in 00mn 02s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) » onclick= »window.open(this.href);return false; [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
O64 – Services: CurCS – 02/01/1601 – Pas de propriétaire (MtxVxd) .(…) – LEGACY_MTXVXD
~ Legacy: 79 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com » onclick= »window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {135589C2-E5EB-4c02-B8BD-F2762F96B8BB} – (Bing) – http://www.bing.com » onclick= »window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {414A5328-1F37-4c14-BA72-CE9DF4DD0FF3} – (Google) – http://www.google.com » onclick= »window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {858C7DEC-35B1-4033-9BA2-DB2C12908639} – (Yahoo) – http://fr.search.yahoo.com » onclick= »window.open(this.href);return false; =>Toolbar.Yahoo
~ Keys: Scanned in 00mn 00s

—\ Enumère les fichiers Crack & Keygen (CKF) (O82)
D:applic compresséesphotosAdobeAdobe Photoshop Lightroom 4.0 final multilangueskeygen.exe
D:applic compresséesphotosAdobeAdobe Photoshop Lightroom 5.0 Final (64 bit) [ChingLiu]Keygen – CORECORE10k.EXE
D:applic compresséesphotosAdobePlug in Photoshop CS5Plug-ins for Adobe Photoshop CS5OnOne Software Mask Pro 4.1.8KEYGEN.EXE =>.Adobe Systems Incorporated
D:applic compresséesphotosAdobePlug in Photoshop CS5Plug-ins for Adobe Photoshop CS5OnOne.PhotoTune.v3.0.2redtKeyGen.exe =>.Adobe Systems Incorporated
D:applic compresséesphotosNik_software_collection_completeSilver Efex Prokeygen.exe
D:logiciel pc sullyAdobeligthroom 3.6Adobe Photoshop Lightroom 4.0 final multilangueskeygen.exe
D:logiciel pc sullyAdobePlug in Photoshop CS5Plug-ins for Adobe Photoshop CS5OnOne.PhotoTune.v3.0.2redtKeyGen.exe =>.Adobe Systems Incorporated
D:logiciel pc sullyNik_software_collection_completeSilver Efex Prokeygen.exe
~ Files: Scanned in 04mn 38s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.83263C433C2917675BAFD5E0BC37C8FC] [SPRF][21/09/2013] (…) — C:UsersPatrickAppDataLocalTempchart_data.dat [21262]
[MD5.3BF79E6868B44D3ADB2796BA99521891] [SPRF][07/09/2013] (…) — C:UsersPatrickAppDataLocalTempQuarantine.exe [344583]
[MD5.17C8BF490CA207D06EF2A0EC84F47191] [SPRF][23/09/2013] (…) — C:UsersPatrickDesktopadwcleaner.exe [1042066]
[MD5.DA604B10528FDE8494103A1114B2D7E3] [SPRF][27/04/2013] (…) — C:UsersPatrickDesktopDiaporama hand indice c.exe [510460862]
[MD5.B92DD16BA6BB1DBB4A2F99244722606C] [SPRF][05/06/2010] (…) — C:UsersPatrickDesktopPortraiturePlugin2308.exe [4058712]
[MD5.70643FD276A90A153CF482F47A79BD7A] [SPRF][10/01/2013] (…) — C:UsersPatrickDesktopwinrar_winrar_4.2_64_bits_francais_9632 (1).exe [1736616]
~ Files: 7 Legitimates Filtered in 00mn 06s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: « {6D61A5CD-6AA0-43EF-845F-98769C3B0C53} » | In – Public – P6 – TRUE | .(…) — C:Program FilesEIZOEIZO EasyPIX Coreep_eacore.exe
O87 – FAEL: « {7C2D9206-D54A-4758-B7C9-D65B8B4637F2} » | In – Public – P17 – TRUE | .(…) — C:Program FilesEIZOEIZO EasyPIX Coreep_eacore.exe
~ Firewall: 206 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.AC56BB3E3B308C49E326FCCA48B417E0] [WIS][04/06/2013] (.UNKNOWN – Elephorm.) — C:WindowsInstaller223f0a57.msi [24064]
~ WIS: 164 Legitimates Filtered in 00mn 20s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 01/09/2011 169624 | (AdobeActiveFileMonitor10.0) . (.Adobe Systems Incorporated.) – C:Program Files (x86)AdobeElements 10 OrganizerPhotoshopElementsFileAgent.exe
SR – | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SS – | Demand 13/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SR – | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
SR – | Auto 30/08/2013 137960 | (avast! Firewall) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5afwServ.exe
SS – | Demand 17/11/2005 1527900 | (FirebirdServerMAGIXInstance) . (.MAGIX®.) – C:Program Files (x86)MAGIXCommonDatabasebinfbserver.exe
SR – | Auto 01/05/2009 181544 | (FreeAgentGoNext Service) . (.Seagate Technology LLC.) – C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe
SS – | Auto 28/06/2010 135664 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 28/06/2010 135664 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 23/08/2012 194032 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SS – | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) – C:Program Files (x86)Common FilesInstallShieldDriver11Intel 32IDriverT.exe
SR – | Auto 07/02/2011 138192 | (IJPLMSVC) . (…) – C:Program Files (x86)CanonIJPLMIJPLMSVC.exe
SR – | Auto 20/06/2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) – C:Program Files (x86)Common FilesLightScribeLSSrvc.exe
SR – | Auto 15/04/2010 325656 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SS – | Demand 05/02/2013 428928 | (maconfservice) . (.CybelSoft.) – C:Program Filesma-config.comx64maconfservice.exe
SS – | Demand 08/09/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
SR – | Auto 22/09/2011 66560 | (nlsX86cc) . (.Nalpeiron Ltd..) – C:WindowsSysWOW64nlssrv32.exe
SR – | Auto 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
SR – | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) – C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe
SR – | Auto 02/10/2012 382824 | (Stereo Service) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
SS – | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
SR – | Auto 08/09/2011 6583160 | (TabletServicePen) . (.Wacom Technology, Corp..) – C:Program FilesTabletPenPen_Tablet.exe
SR – | Auto 15/11/2010 5716848 | (TabletServiceWacom) . (.Wacom Technology, Corp..) – C:Program FilesTabletWacomWacom_Tablet.exe
SR – | Auto 28/08/2012 92632 | (TomTomHOMEService) . (.TomTom.) – C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe
SR – | Auto 08/09/2011 528760 | (TouchServicePen) . (.Wacom Technology, Corp..) – C:Program FilesTabletPenPen_TouchService.exe
SR – | Auto 15/04/2010 2533400 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SS – | Demand 14/12/2006 544768 | (UPnPService) . (.Magix AG.) – C:Program Files (x86)Common FilesMAGIX SharedUPnPServiceUPnPService.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 21s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Patrick at 23/09/2013 08:03:09
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog » onclick= »window.open(this.href);return false;
Run by Patrick at 23/09/2013 08:03:11

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12928 – (22/09/2013)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 2

[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Tarma
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Tarma
[HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:UsersPatrickAppDataLocalMediaGet2 =>PUP.MediaGet^
C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google^
C:Program Files (x86)Wise Disk CleanerWiseDiskCleaner.exe =>Rogue.DiskCleaner^
~ Additionnel Scan: 339034 Items scanned in 00mn 19s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore » onclick= »window.open(this.href);return false; =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo » onclick= »window.open(this.href);return false; =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop » onclick= »window.open(this.href);return false; =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google » onclick= »window.open(this.href);return false; =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/28151468-pup-mediaget » onclick= »window.open(this.href);return false; =>PUP.MediaGet
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo » onclick= »window.open(this.href);return false; =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma » onclick= »window.open(this.href);return false; =>Toolbar.Tarma
~ MSI: 7 link(s) detected in 00mn 19s

~ 3753 Legitimates filtered by white list
End of the scan (633 lines in 16mn 09s)(8)[/spoiler:1fprowi1]