~ Rapport de ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014) ~ Lancé par Jalliffier (01/11/2014 14:01:17) ~ Adresse du Site Web http://nicolascoolman.fr ~ Adresse du Forum http://forum.nicolascoolman.fr ~ Traduit par Nicolas Coolman ~ Etat de la version : Nouvelle version disponible ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.17239 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows Operating System - Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 3Q6C9 Windows License : OK ~ Windows Remaining Initializations Number : 2 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système avast! Free Antivirus v8.0.1497.0 Malwarebytes Anti-Malware version 2.0.3.1025 Windows Defender W7 (Activate) ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 10 ActiveX Adobe Reader XI ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 2927 MB (33% free) System Restore: Activé (Enable) System drive C: has 66 GB (23%) free of 281 GB ---\\ Mode de connexion au système ~ Computer Name: JALLIFFIER-HP ~ User Name: Jalliffier ~ All Users Names: Jalliffier, HomeGroupUser$, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Jalliffier\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Jalliffier\AppData\Roaming\ ~ %Desktop% : C:\Users\Jalliffier\Desktop\ ~ %Favorites% : C:\Users\Jalliffier\Favorites\ ~ %LocalAppData% : C:\Users\Jalliffier\AppData\Local\ ~ %StartMenu% : C:\Users\Jalliffier\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 66 Go of 281 Go) F: Hard drive, Flash drive, Thumb drive (Free 1 Go of 2 Go) G: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.8E71A5CB5312B8392D4DA4CA37BB5868] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/07/2014 - 11:52:06.) -- C:\Windows\System32\wininet.dll [2266624] [MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/116 ~ Mes Videos (My Videos) : 1/3 ~ Mes Favoris (My Favorites) : 1/16 ~ Mes Documents (My Documents) : 1/590 ~ Mon Bureau (My Desktop) : 3/7429 ~ Menu demarrer (Programs) : 1/31 ~ Hidden Files: Scanned in 00mn 31s ---\\ Processus lancés [MD5.B18DD75D9A482A56A1E61D8512EB4206] - (.DigitalPersona, Inc. - DigitalPersona Local Agent.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe [634192] [PID.2296] [MD5.CCF2234A35077CA217A61C9CACC48198] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392] [PID.4108] [MD5.270B6BFFDE7A8199DFEB9735BBB1918F] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Jalliffier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968] [PID.4240] [MD5.A66B6FF26F6651796A9B2E525CD9604E] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160] [PID.4256] [MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.4384] [MD5.709D5D20E51073B63F90D0CE645DBB3F] - (.Hewlett-Packard - File Sanitizer for HP ProtectTools.) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe [11265536] [PID.4464] [MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.4544] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4556] [MD5.1A69BFFC814E701036041F244F95F28D] - (.Cisco Systems, Inc. - Cisco AnyConnect User Interface.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472] [PID.4576] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\RunDll32.exe [0] [PID.3944] [MD5.CCC250711E6B5F998DC1B7393233A755] - (.Broadcom Corporation. - Bluetooth Headset Skype Proxy.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe [13600] [PID.4404] [MD5.66A4A7C7802E0968E07647999FFC87E2] - (.Google Inc. - Google Chrome.) -- C:\Users\Jalliffier\AppData\Local\Google\Chrome\Application\chrome.exe [854344] [PID.5980] [MD5.A57C8C7D1533BFF493FB2BBF07FBBEB3] - (.Portrait Displays, Inc - PDI SDK COM Server for x64/x86 interop.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe [70256] [PID.1280] [MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8099328] [PID.4584] [MD5.C9D858E20AE696E7A0D9A05B595F850A] - (.Hewlett-Packard - HPFSService Application.) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984] [PID.852] [MD5.5AFB3F9B74553BD933555E1C800D2CE1] - (.McAfee, Inc. - Drive Encryption for HP ProtectTools Servic.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192] [PID.888] [MD5.0B0772247B85FC844A06498386E32F59] - (.Cisco Systems, Inc. - VPN Agent Service.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [560528] [PID.1444] [MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1544] [MD5.C5679E5186B2FC95BC76A8A9870D5456] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704] [PID.1392] [MD5.657E81DF0625198C97F91C09AE9611FC] - (.Hewlett-Packard Development Company, L.P - PTChangeFilterService.) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768] [PID.2128] [MD5.94C74D758E0F7B1D962DA452B4D28C91] - (.Hewlett-Packard Company - HP DayStarter service.) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112] [PID.2716] [MD5.83D8BE94E1CBCBE2EA8372DB1A95A159] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2892] [MD5.BB4E55778D8DE3885E1CDAC795DE7BCE] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.2916] [MD5.4A8CC4D25525F456069887D5E8C53225] - (.Portrait Displays, Inc. - pdisrvc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [113264] [PID.2956] [MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\windows\SysWOW64\PnkBstrA.exe [76888] [PID.2788] [MD5.9EEA84226ED2A028BC3FDFDDE03FE95C] - (.ArcSoft, Inc. - ArcVCapture.) -- C:\windows\system\uArcCapture.exe [506472] [PID.1452] [MD5.E6E9610D76418357A7EC725989687CB4] - (.McAfee, Inc. - Drive Encryption for HP ProtectTools Plugin.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512] [PID.3304] [MD5.D2946D9F020AE76E9CEF9B4A6DF838C0] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [1129760] [PID.3348] [MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.4844] [MD5.44AA8D5D3B3B5610FEF46CA8A9C52D8C] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.6376] ~ Processes Running: Scanned in 00mn 02s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Jalliffier\AppData\Local\Google\Chrome\User Data\Default\Preferences ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://google.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://google.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com ~ IE Browser: 19 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe O4 - HKLM\..\Run: [HPPowerAssistant] . (.Hewlett-Packard Company, L.P. - DelayedAppStarter.) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe O4 - HKCU\..\Run: [orangeinside] . (...) -- C:\Users\Jalliffier\AppData\Roaming\Orange\OrangeInside\two\OrangeInside.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Jalliffier\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKCU\..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (.not file.) O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Jalliffier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKCU\..\Run: [Wahoo] C:\Users\Jalliffier\AppData\Local\WahOO\Wahoo.exe (.not file.) O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Jalliffier\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Wow6432Node\Run: [File Sanitizer] . (.Hewlett-Packard - File Sanitizer for HP ProtectTools.) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe O4 - HKLM\..\Wow6432Node\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [QLBController] . (.Hewlett-Packard Company - QLBController.) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] . (.Cisco Systems, Inc. - Cisco AnyConnect User Interface.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [orangeinside] . (...) -- C:\Users\Jalliffier\AppData\Roaming\Orange\OrangeInside\two\OrangeInside.exe O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Jalliffier\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (.not file.) O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Jalliffier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [Wahoo] C:\Users\Jalliffier\AppData\Local\WahOO\Wahoo.exe (.not file.) O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Jalliffier\AppData\Local\Facebook\Update\FacebookUpdate.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{CD430554-BB79-4E9D-805A-393849E89DD3}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{CD430554-BB79-4E9D-805A-393849E89DD3}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{CD430554-BB79-4E9D-805A-393849E89DD3}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{1FA54DAC-AB0F-4271-8AA4-722B9266FBA4}] (...) -- C:\Users\Jalliffier\Downloads\epsxe_v1.6.0.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{BB6970B6-1962-4981-9597-B8DC9B85239A}] (...) -- C:\Users\Jalliffier\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1281447494-601060173-2627765126-1002Core [926] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1281447494-601060173-2627765126-1002UA [948] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1281447494-601060173-2627765126-1002Core [1046] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1281447494-601060173-2627765126-1002UA [1098] O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForJalliffier [352] ~ Scheduled Task: 24 Legitimates Filtered in 00mn 07s ---\\ Logiciels installés (O42) O42 - Logiciel: LudoColl - (.FdSoft.) [HKLM][64Bits] -- LUDOCOLL O42 - Logiciel: Torrent2Exe - (.www.torrent2exe.com.) [HKCU][64Bits] -- Torrent2Exe ~ Logic: 25 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\FFWorld] [HKCU\Software\Torrent2Exe.com] [HKCU\Software\virtual_audio_capture] [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager ~ Key Software: 285 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 29/01/2014 - 10:17:42 - [] ----D C:\Program Files (x86)\LudoColl O43 - CFD: 29/01/2014 - 10:18:09 - [] ----D C:\ProgramData\LudoColl O43 - CFD: 23/01/2014 - 18:12:52 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} O43 - CFD: 18/10/2014 - 11:22:56 - [] ----D C:\Users\Jalliffier\AppData\Roaming\FFWorld Triple Triad O43 - CFD: 16/10/2013 - 17:38:28 - [] ----D C:\Users\Jalliffier\AppData\Roaming\Torrent2Exe O43 - CFD: 16/10/2013 - 17:38:28 - [0] ----D C:\Users\Jalliffier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent2Exe ~ 1170 Dossier CLSID vide (CLSID Empty Folder) ~ Program Folder: 1396 Legitimates Filtered in 00mn 23s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.7314C4A6D884135969DF81004A95BA40] - 30/10/2014 - 23:49:02 ---A- . (...) -- C:\log_Naruto Shippuden Intégrale des Films (HD 720p Mkv).log [163538236] O44 - LFC:[MD5.DEBF509C4CF1A3F7424F4D87F0E87584] - 30/10/2014 - 23:49:03 ---A- . (...) -- C:\log_Furtif.Truefrench.Dvdrip.Xvid.AC3-FwD.avi.log [10485089] O44 - LFC:[MD5.B8F5984031BCC470D369424419DC1F58] - 30/10/2014 - 23:49:03 ---A- . (...) -- C:\log_Maroon 5 - V [Deluxe Edition] (2014) FLAC.log [4848837] O44 - LFC:[MD5.2E657087C27CEEE56F79E7800B8B5BEB] - 30/10/2014 - 23:49:07 ---A- . (...) -- C:\log_Naruto Shippuden - Saison 14 - Episode 333 a 356.log [41016446] O44 - LFC:[MD5.1B0B6D9E9CFFFBCCA0035629FB8FBA79] - 30/10/2014 - 23:49:08 ---A- . (...) -- C:\log_Fiston.2014.RERiP.FRENCH.DVDRip.XviD-DesTroY.log [5257223] O44 - LFC:[MD5.76E330842631DF7ABBE94FE02A068723] - 30/10/2014 - 23:49:09 ---A- . (...) -- C:\log_Once.Upon.A.Time.S02.FRENCH.LD.BDRip.XviD-MiND.log [59433938] O44 - LFC:[MD5.0B438245ACF4D9F3B8392AE803296615] - 30/10/2014 - 23:49:14 ---A- . (...) -- C:\log_Casseurs Flowters – Orelsan Et Gringe Sont Les Casseur (2013).log [1160772] O44 - LFC:[MD5.D5F3FA331FB9EFECF67054FE733954D5] - 30/10/2014 - 23:49:18 ---A- . (...) -- C:\log_Ellie Goulding - Lights (2010).log [3355449] O44 - LFC:[MD5.4CB65BB12758A529D5E92CE9C015F8A1] - 30/10/2014 - 23:49:18 ---A- . (...) -- C:\log_Renaud - L'intégrale 1975-2003.log [10701158] O44 - LFC:[MD5.28E3885554A2C0F08762A10C784599D9] - 30/10/2014 - 23:49:19 ---A- . (...) -- C:\log_Halcyon Days (Deluxe Edition).log [3066171] O44 - LFC:[MD5.91DBE31E98DA8DAE8B34B4C6EE7E835D] - 30/10/2014 - 23:49:19 ---A- . (...) -- C:\log_Kyo - Integrale (2000 - 2007) [mp3 320Kbps].log [4958183] O44 - LFC:[MD5.026B06128C19473484E94B94064E5EC3] - 30/10/2014 - 23:49:19 ---A- . (...) -- C:\log_VA - Divergent (Deluxe Edition) (2014, mp3).log [2112839] O44 - LFC:[MD5.DF600656D042BE5362578E764BB19D20] - 30/10/2014 - 23:49:20 ---A- . (...) -- C:\log_Your Songs - VA (2014).log [3283072] O44 - LFC:[MD5.37EECA1589A32640C0E565809238031A] - 30/10/2014 - 23:49:21 ---A- . (...) -- C:\log_FAUVE - VIEUX FRÈRES - PARTIE 1.log [737350] O44 - LFC:[MD5.7F2446D70C33BB9B00E6BBD51724B3A9] - 30/10/2014 - 23:49:22 ---A- . (...) -- C:\log_Luc Arbogast - Odysseus (2013) FLAC.log [2773031] O44 - LFC:[MD5.79CC1D7BC130DF539FA271BFEFC60168] - 31/10/2014 - 20:03:16 ---A- . (...) -- C:\log_Sam Smith - In the Lonely Hour (Deluxe Edition 2014).log [904617] O44 - LFC:[MD5.2A7BFF6365AC7F5823823EF5853BDE6E] - 31/10/2014 - 20:03:22 ---A- . (...) -- C:\log_FAUVE - BLIZZARD [EP - 2013].log [740276] O44 - LFC:[MD5.0324B9C50EF443B5086715ABAA6B8003] - 31/10/2014 - 20:03:37 ---A- . (...) -- C:\log_Luc arbogast - Oreflam [MP3][320KBPS].log [1988375] O44 - LFC:[MD5.669D3E113423A359577889A8F1B7ABE6] - 31/10/2014 - 20:03:37 ---A- . (...) -- C:\log_saison 11.log [43787772] O44 - LFC:[MD5.7F9FE0E9F53CFC816EF78957392B5A8E] - 31/10/2014 - 20:04:05 ---A- . (...) -- C:\log_Le Loup De Wall Street.mkv.log [5167000] O44 - LFC:[MD5.0ADEFB210EE5C13AB216BAC8B8A355AA] - 31/10/2014 - 20:04:26 ---A- . (...) -- C:\log_Thor.Le.Monde.des.Ténèbres.(The.Dark.World).2013.BDRip.{x264+HE-AAC}{Fr-Eng-Com}{Sub.Fr-Eng-Ara-Com}-™.mkv.log [5318504] O44 - LFC:[MD5.D04001B6305D6085DBEE8F12E6855091] - 31/10/2014 - 20:04:28 ---A- . (...) -- C:\log_Insanity Asylum Workout.log [38230786] O44 - LFC:[MD5.F1D191E4EE41E0829D5D83EF1FB49F7E] - 31/10/2014 - 20:04:58 ---A- . (...) -- C:\log_Garou - Au Milieu De Ma Vie 2013 (Version Deluxe) Maxx.log [1888195] O44 - LFC:[MD5.EE6B117111F9A43E196C02085F683897] - 31/10/2014 - 20:05:04 ---A- . (...) -- C:\log_le jour le plus long.avi.log [5254624] O44 - LFC:[MD5.0B21936D6C76938F21DEA12800F013AB] - 31/10/2014 - 20:05:19 ---A- . (...) -- C:\log_9 Mois Ferme 2013 FRENCH BRRiP XviD-CARPEDIEM.log [6003463] O44 - LFC:[MD5.C20880CFDCF9462BA87790E97C0C3D17] - 31/10/2014 - 20:07:58 ---A- . (...) -- C:\log_Perception.S01.FRENCH.LD.HDTV.XviD-MiND.log [27380344] O44 - LFC:[MD5.AFDA8BF85E5C7C570B9B65D24E22FB93] - 31/10/2014 - 20:08:14 ---A- . (...) -- C:\log_Naruto Shippuden Saison 11.log [55282212] O44 - LFC:[MD5.1ECAB5E7E2D3EA6A96F673EA68920691] - 31/10/2014 - 20:08:19 ---A- . (...) -- C:\log_Kyo - L'équilibre (2014).log [1634401] O44 - LFC:[MD5.2AB1386DA73EEFD3C9EA4D719F254FCD] - 31/10/2014 - 20:08:38 ---A- . (...) -- C:\log_47 Ronin 2013 FRENCH BRRiP x264-CARPEDIEM.log [6096600] O44 - LFC:[MD5.890A1FEE15A160390B034D05FC46441F] - 31/10/2014 - 20:09:59 ---A- . (...) -- C:\log_Naruto Shippuuden VOSTFR - S13 par Fansub-Resistance.log [44413183] O44 - LFC:[MD5.32D42337060960D9FCD247EC7E9181FC] - 31/10/2014 - 20:10:00 ---A- . (...) -- C:\log_Frankenweenie 2012 TRUEFRENCH DVDRiP XViD-AViTECH.avi.log [5348657] O44 - LFC:[MD5.839C0E13F5306854ADF0E172CB4099C3] - 31/10/2014 - 20:10:19 ---A- . (...) -- C:\log_naruto fansub resistance.log [44089525] O44 - LFC:[MD5.29D3E19CBAB2F52DBFB4F7DAFF569DE9] - 31/10/2014 - 20:11:04 ---A- . (...) -- C:\log_Naruto Shippuden Saison 9.log [36959430] O44 - LFC:[MD5.BD9B9A338EE9875BE051BED3551372A2] - 31/10/2014 - 20:11:33 ---A- . (...) -- C:\log_The Hobbit.The Desolation of Smaug-2013-TRUEFRENCH-BRRip.Xvid-h@mster(Le Hobbit.La désolation de Smaug).avi.log [7692996] O44 - LFC:[MD5.4996C5D6648D9BBB64A075D21369F738] - 31/10/2014 - 20:11:50 ---A- . (...) -- C:\log_Snowpiercer-2013-FRENCH-BRRip.Xvid-h@mster.avi.log [6147196] O44 - LFC:[MD5.B2EE1370B8AFC28AD9175B5D1C3138C5] - 31/10/2014 - 20:11:55 ---A- . (...) -- C:\log_Insanity Deluxe.log [61857031] O44 - LFC:[MD5.2540F7D5F9E0D049B61DAC3B2F73A091] - 31/10/2014 - 20:12:02 ---A- . (...) -- C:\log_Naruto Shippuden Saison 12 VF 720p.log [49212416] O44 - LFC:[MD5.70C2B8E022B3A09050F0965CD9CD2CB4] - 31/10/2014 - 20:12:31 ---A- . (...) -- C:\log_Albator Corsaire de l'espace-2013-TRUEFRENCH-BRRip.Xvid-h@mster(Space Pirate Captain Harlock).avi.log [5427459] O44 - LFC:[MD5.A116AB907F3BE67199A7F72AB4E05A0B] - 31/10/2014 - 20:12:31 ---A- . (...) -- C:\log_Hunger Games.L'embrasement-2013-FRENCH-BRRip.Xvid-h@mster(The Hunger Games-Catching Fire).avi.log [6422615] O44 - LFC:[MD5.459440A08AA7F8B238C75C1F4BEBBAE4] - 31/10/2014 - 20:12:37 ---A- . (...) -- C:\log_DRAGONS (2010).avi.log [5298295] O44 - LFC:[MD5.FC91CDD642368D9CE9842D6FCFB8D93D] - 31/10/2014 - 20:12:45 ---A- . (...) -- C:\T2Exe.log [223558933] ~ Files: 58 Legitimates Filtered in 08mn 49s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{3bfd97f5-96cf-11e2-b043-e02a82d4122f}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.) O51 - MPSK:{bb7ad72c-703c-11e1-8dc4-e02a82adf5b1}\AutoRun\command. (...) -- D:\Setup.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:30/08/2013 - 08:48:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336] =>.ALWIL Software O58 - SDL:28/06/2013 - 09:41:23 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175] O58 - SDL:28/06/2013 - 09:41:23 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175] O58 - SDL:30/08/2013 - 08:48:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [204880] =>.ALWIL Software O58 - SDL:28/06/2013 - 09:41:23 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:24/08/2011 - 18:54:15 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [515584] O58 - SDL:14/01/2013 - 11:26:00 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [36736] O58 - SDL:07/12/2010 - 13:41:09 ---A- . (...) -- C:\Windows\System32\Drivers\wdfdfgc.sys [3120] O58 - SDL:07/12/2010 - 13:41:09 ---A- . (...) -- C:\Windows\SysWOW64\drivers\wdfdfgc.sys [3120] ~ Drivers: 97 Legitimates Filtered in 00mn 03s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Jalliffier\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.0E922BE6BC537BA106076ACBA6AFBC6E] [SPRF][17/09/2011] (...) -- C:\ProgramData\EB9B4F7F1D.sys [88] [MD5.37B6D67A53AD829E29E50914BDC0F8A0] [SPRF][20/02/2012] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.FCD6C695C95BD74E0906BA44AFD39CC7] [SPRF][17/09/2011] (...) -- C:\ProgramData\KGyGaAvL.sys [2516] ~ Files: 3 Legitimates Filtered in 00mn 00s ---\\ Recherche de clés de registre Tracing (O100) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 =>Toolbar.AVGSearch HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASMANCS =>Toolbar.AVGSearch ~ BTK: 247 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 17/11/2009 362040 | (FLCDLOCK) . (.Hewlett-Packard Ltd.) - c:\Windows\SysWOW64\flcdlock.exe SS - | Auto 27/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 27/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Auto 13/05/2013 270624 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe SS - | Auto 01/10/2010 280120 | (hpHotkeyMonitor) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Auto 14/12/2009 2019120 | (vcsFPService) . (.Validity Sensors, Inc..) - C:\windows\system32\vcsFPService.exe SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 24/08/2011 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe SR - | Auto 02/11/2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 09/06/2010 952096 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe SR - | Demand 01/02/2010 704512 | (DEBridge) . (.McAfee, Inc..) - C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe SR - | Auto 16/07/2010 462160 | (DpHost) . (.DigitalPersona, Inc..) - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe SR - | Auto 17/08/2011 133176 | (HP Power Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe SR - | Auto 19/10/2010 32768 | (HP ProtectTools Service) . (.Hewlett-Packard Development Company, L.P.) - C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co SR - | Auto 05/04/2010 103992 | (HP Wireless Assistant Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe SR - | Auto 10/05/2010 90112 | (HPDayStarterService) . (.Hewlett-Packard Company.) - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe SR - | Auto 01/02/2010 281192 | (HpFkCryptService) . (.McAfee, Inc..) - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe SR - | Auto 12/12/2009 297984 | (HPFSService) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe SR - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe SR - | Auto 13/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe SR - | Auto 04/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 17/06/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe SR - | Auto 04/11/2009 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 16/03/2011 113264 | (PdiService) . (.Portrait Displays, Inc..) - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\windows\system32\PnkBstrA.exe SR - | Auto 24/08/2011 271360 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe SR - | Auto 04/12/2009 506472 | (uArcCapture) . (.ArcSoft, Inc..) - C:\windows\system\uArcCapture.exe SR - | Auto 04/11/2009 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 12/12/2013 560528 | (vpnagent) . (.Cisco Systems, Inc..) - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 12s ---\\ Scan Additionnel (O88) Database Version : 13026 - (28/08/2014) Clés trouvées (Keys found) : 2 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 1 [HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ C:\ProgramData\Software =>Adware.Boxore C:\Users\Jalliffier\AppData\Local\Software =>Adware.Boxore [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^ ~ Additionnel Scan: 326002 Items scanned in 01mn 10s ---\\ Informations complémentaires sur les modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4) ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51) ~ AMI: 4 Legitimates Filtered in 00mn 00s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.fr/hijacker-webssearches =>Hijacker.WebsSearches http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager http://nicolascoolman.fr/pup-babylon =>PUP.Babylon http://nicolascoolman.fr/adware-boxore =>Adware.Boxore ~ MSI: 4 link(s) detected in 00mn 00s ~ 2047 Legitimates filtered by white list End of the scan (516 lines in 12mn 04s)(0)