cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.3.29.33 - Nicolas Coolman (2015-03-29)
~ Lancé par Stone (2015-03-30 15:08:05)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17690
MFIE: Mozilla Firefox 36.0.3
GCIE: Google Chrome v41.0.2272.101 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : DJY8Q
Windows License : OK
~ Windows Remaining Initializations Number : 998
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1, 64-bit (Build 9600)

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware version 2.0.4.1028
Kaspersky Security Scan v12.0.1.881
Spybot - Search & Destroy v2.4.40
SUPERAntiSpyware v5.7.1026
Windows Defender W8 (Deactivate)

---\\ Logiciels d'optimisation du système
CCleaner v5.03

---\\ Logiciels de partage PeerToPeer
Vuze v5.6.0.0 =>P2P.Azureus

---\\ Surveillance de Logiciels
Adobe Flash Player 16 NPAPI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 12241 MB (72% free)
System Restore: Activé (Enable)
System drive C: has 44 GB (40%) free of 107 GB

---\\ Mode de connexion au système
~ Computer Name: STONE
~ User Name: Stone
~ All Users Names: Stone, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Stone\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Stone\AppData\Roaming\
~ %Desktop% : C:\Users\Stone\Desktop\
~ %Favorites% : C:\Users\Stone\Favorites\
~ %LocalAppData% : C:\Users\Stone\AppData\Local\
~ %StartMenu% : C:\Users\Stone\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 44 Go of 107 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 11 Go)
E: Hard drive, Flash drive, Thumb drive (Free 1419 Go of 1863 Go)
F: Hard drive, Flash drive, Thumb drive (Free 919 Go of 932 Go)
G: CD-ROM drive (Free 0 Go of 5 Go)
H: Hard drive, Flash drive, Thumb drive (Free 451 Go of 932 Go)
I: Hard drive, Flash drive, Thumb drive (Free 766 Go of 932 Go)
J: CD-ROM drive (Free 0 Go of 2 Go)
K: CD-ROM drive (Free 0 Go of 45 Go)
L: CD-ROM drive (Not Inserted)
M: CD-ROM drive (Free 0 Go of 37 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.2015-01-27 - 18:47:12.) -- C:\Windows\Explorer.exe [2501368]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2013-08-22 - 04:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.36F99BD8A0F09BDBB7850A138845A014] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2015-02-19 - 20:28:25.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2014-02-22 - 04:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.2013-12-21 - 03:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.2014-05-29 - 22:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2013-08-22 - 07:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2013-08-22 - 06:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2013-08-22 - 03:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2014-03-06 - 04:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2014-07-24 - 06:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.2013-08-22 - 06:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.2013-11-27 - 07:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.7A1A3F213CDB3363D179D5014272025D] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.2014-04-30 - 01:41:46.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.2013-08-22 - 06:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.038C77D577900EE39410662478BB0D50] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2014-07-24 - 10:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [2009920]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.2013-08-22 - 06:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2013-08-22 - 06:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.2013-08-22 - 14:12:11.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.2013-08-22 - 08:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2014-06-18 - 21:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 0/141
~ Mes musiques (My Musics) : 1/66
~ Mes Favoris (My Favorites) : 1/601
~ Mes Documents (My Documents) : 1/185
~ Mon Bureau (My Desktop) : 0/63
~ Menu demarrer (Programs) : 1/49
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.CCCE51A85D1BA455FC789EFF3A9CF97B] - (.Mortal Universe - POP Peeper Email Notifier.) -- C:\Program Files (x86)\POP Peeper\POPPeeper.exe [1613824] [PID.3164]
[MD5.92E43EA3A3C609B05DA197480DB6F310] - (.Logitech Inc. - Logitech LCD Movie Viewer.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe [1039640] [PID.1584]
[MD5.08C582FD6A937F19B91EAB4F3069C049] - (.Logitech Inc. - Logitech LCD Video Player for YouTube™.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe [1246488] [PID.3768]
[MD5.660EB4CC7B64EB8E7C8CE357B5245E30] - (.Logitech Inc. - Logitech G-series Media Display.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe [664344] [PID.3400]
[MD5.E182E495103C9A9BD00A1F00CEC69418] - (.Logitech Inc. - Logitech LCD Webcam Viewer.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe [703256] [PID.3884]
[MD5.9673736471643D5E6D75BB8319589720] - (.TechSmith Corporation - Snagit.) -- C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe [9479536] [PID.5496]
[MD5.8FFDB89A0FB7C8ABC3A8825E38047341] - (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136] [PID.5548]
[MD5.0A1810F3CF866F67856C8A4E98194493] - (.TechSmith Corporation - TechSmith HTML Help Helper.) -- C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe [46080] [PID.5580]
[MD5.E4C53CE8409DCFF708C790A0AC76398D] - (...) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe [264040] [PID.5588]
[MD5.85F9466A6A73693858A5D34CD8EED744] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Stone\AppData\Roaming\Dropbox\bin\Dropbox.exe [42560368] [PID.5728]
[MD5.812C5A0ABB4A254CD4EBA9D03B0CDB6E] - (.TechSmith Corporation - Snagit RPC Helper.) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe [105328] [PID.5768]
[MD5.237A9108BCC77ECCAAB8FCC295E8B243] - (.TechSmith Corporation - Snagit Editor.) -- C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe [8915312] [PID.5892]
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [4085896] [PID.5944]
[MD5.11AFC7376D2B6CB381A00D3C194BD235] - (...) -- E:\PROGRAMS FILES\MAGELLAN CONTENT MANAGER\CmTray.exe [7375360] [PID.5240]
[MD5.7EE68A122ED08E4AAD8DA551E34D2515] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- E:\PROGRAMS FILES\SPYBOT & DESTROY\Spybot - Search & Destroy 2\SDTray.exe [4101576] [PID.5692]
[MD5.4E9AF25BA5E8219310E384AEA5B0EED8] - (.CyberLink - CyberLink MediaLibrary Service.) -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576] [PID.5260]
[MD5.F217EF2EA31D8F73504B1CD2F9787D9D] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288] [PID.1636]
[MD5.8DF7F2A9B72B7CA4294BB9E59FEAEFCD] - (.Microsoft Corporation - Hôte Microsoft WWA.) -- C:\windows\syswow64\wwahost.exe [514560] [PID.6680]
[MD5.EFB2614E9142FA4427CE82EE6DC0CA7B] - (.Kaspersky Lab ZAO - Kaspersky Security Scan.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080] [PID.3160]
[MD5.45D0ECEAB8E010873D641DB2C91A4EC5] - (.Estmob Inc. - Send Anywhere Desktop.) -- E:\PROGRAMS FILES\SEND ANYWHERE\Send Anywhere\sendanywhere.exe [3435256] [PID.1964]
[MD5.099247EFDB20293AC72C6F532A239FED] - (...) -- E:\PROGRAMS FILES\HALF LIFE 2\Half-Life 2 3in1\hl2.exe [103760] [PID.4872]
[MD5.06CC578BC150D9AAAE20672130A36CB9] - (.Nicolas Coolman - ZHPDiag.) -- E:\PROGRAMS FILES\ZHPDIAG\ZHPDiag\ZHPDiag.exe [8190976] [PID.2156]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Stone\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Stone\AppData\Roaming\Mozilla\Firefox\Profiles\pptadab9.default\prefs.js
M2 - MFEP: prefs.js [Stone - pptadab9.default\{76239af6-9293-43ed-aa86-4d871453c7c9}] [] Start Page v2.7 (..)
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pourtesfesses.com
~ IE Browser: 21 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (15518)
~ Hosts File: Scanned in 00mn 04s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: PC Scan & Repair by Reimage.lnk . (.Reimage® - Reimage Downloader.) -- C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe =>Rogue.ReimageRepair
O4 - GS\Desktop [Public]: Poursuivre l'installation de Reimage Repair.lnk . (.Reimage® - Reimage Downloader.) -- C:\Users\Stone\Downloads\ReimageRepair.exe =>Rogue.ReimageRepair
O4 - GS\Desktop [Public]: Vuze.lnk . (...) -- C:\Program Files (x86)\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
O4 - GS\Program [Public]: Vuze.lnk . (...) -- C:\Program Files (x86)\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
O4 - GS\QuickLaunch [Stone]: Vuze.lnk . (...) -- C:\Program Files (x86)\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
~ Global Startup: 5 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [BeatsOSDApp] . (.Hewlett-Packard - HP Beats.) -- C:\Program Files\IDT\WDM\beats64.exe
O4 - HKLM\..\Run: [SimplePass] . (.Hewlett-Packard - HP SimplePass Application.) -- C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
O4 - HKLM\..\Run: [OPBHOBroker] . (.Hewlett-Packard - HP SimplePass BHO Broker.) -- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
O4 - HKLM\..\Run: [OPBHOBrokerDesktop] . (.Hewlett-Packard - HP SimplePass BHO Broker.) -- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
O4 - HKLM\..\Run: [Launch LCore] . (.Logitech Inc. - Logitech Gaming Framework.) -- C:\Program Files\Logitech Gaming Software\LCore.exe =>.Logitech Inc
O4 - HKCU\..\Run: [POP Peeper] . (.Mortal Universe - POP Peeper Email Notifier.) -- C:\Program Files (x86)\POP Peeper\POPPeeper.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- E:\PROGRAMS FILES\SUPER ANTISPYWARE\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- E:\PROGRAMS FILES\DAEMON TOOLS LITE\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Stone\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKCU\..\Run: [CmTray] . (...) -- E:\PROGRAMS FILES\MAGELLAN CONTENT MANAGER\launchCM.exe
O4 - HKCU\..\Run: [KSS] . (.Kaspersky Lab ZAO - Kaspersky Security Scan.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
O4 - HKCU\..\Run: [SendAnywhere] . (.Estmob Inc. - Send Anywhere Desktop.) -- E:\PROGRAMS FILES\SEND ANYWHERE\Send Anywhere\sendanywhere.exe
O4 - HKLM\..\Wow6432Node\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe =>.Logitech Inc
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- E:\PROGRAMS FILES\QUICK TIME\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePDRShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- E:\PROGRAMS FILES\POWER DIRECTOR 8\PowerDirector\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- E:\PROGRAMS FILES\SPYBOT & DESTROY\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [WebcamMaxunstall] Clé orpheline
O4 - HKUS\S-1-5-21-89832294-4165435018-180274893-1001\..\Run: [POP Peeper] . (.Mortal Universe - POP Peeper Email Notifier.) -- C:\Program Files (x86)\POP Peeper\POPPeeper.exe
O4 - HKUS\S-1-5-21-89832294-4165435018-180274893-1001\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- E:\PROGRAMS FILES\SUPER ANTISPYWARE\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-89832294-4165435018-180274893-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- E:\PROGRAMS FILES\DAEMON TOOLS LITE\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-89832294-4165435018-180274893-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Stone\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-89832294-4165435018-180274893-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKUS\S-1-5-21-89832294-4165435018-180274893-1001\..\Run: [CmTray] . (...) -- E:\PROGRAMS FILES\MAGELLAN CONTENT MANAGER\launchCM.exe
O4 - HKUS\S-1-5-21-89832294-4165435018-180274893-1001\..\Run: [KSS] . (.Kaspersky Lab ZAO - Kaspersky Security Scan.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
O4 - HKUS\S-1-5-21-89832294-4165435018-180274893-1001\..\Run: [SendAnywhere] . (.Estmob Inc. - Send Anywhere Desktop.) -- E:\PROGRAMS FILES\SEND ANYWHERE\Send Anywhere\sendanywhere.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Cliquer pour appeler Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Add to &VideoGet [64Bits] - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} . (...) -- C:\Program Files\Nuclear Coffee\VideoGet\VideoGet.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D300B8C-DEBC-4ACD-9868-96D93123710C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A480FA5-DC8D-4CC5-8D6C-83CF3D228B40}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{536C4978-2867-4AE1-8994-41AA93ED789D}: DhcpDomain = sgt.automation.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{8D300B8C-DEBC-4ACD-9868-96D93123710C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9A480FA5-DC8D-4CC5-8D6C-83CF3D228B40}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{536C4978-2867-4AE1-8994-41AA93ED789D}: DhcpDomain = sgt.automation.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) . (.Reimage® - Reimage Real Time Protection.) - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>Rogue.ReimageRepair
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - E:\PROGRAMS FILES\SPYBOT & DESTROY\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 25 Legitimates Filtered in 00mn 06s



---\\ Tâches planifiées en automatique (O39)
[MD5.39D266BD7B5BA17BD4C1FEA9DDB7D144] [APT] [Reimage Reminder] (.Reimage ltd..) -- C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [4431712] =>Rogue.ReimageRepair
[MD5.AEB53D4C5A3E079621BAE45C12C0EDA7] [APT] [ReimageUpdater] (.Reimage®.) -- C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024] =>Rogue.ReimageRepair
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1088]
~ Scheduled Task: 28 Legitimates Filtered in 00mn 02s



---\\ Logiciels installés (O42)
O42 - Logiciel: Content Manager - (.Magellan.) [HKLM][64Bits] -- {B64BC516-2406-43AE-A21A-1E387A2343B1}
O42 - Logiciel: KMSpico v9.1.3 - (...) [HKLM][64Bits] -- KMSpico_is1 =>PUA.KMSpico
O42 - Logiciel: MotoGP 13 - (...) [HKLM][64Bits] -- MotoGP 13_is1
O42 - Logiciel: NBA 2K15 - (...) [HKLM][64Bits] -- TkJBMksxNQ==_is1
O42 - Logiciel: Nuclear Coffee - VideoGet - (.Nuclear Coffee.) [HKLM][64Bits] -- VideoGet_is1
O42 - Logiciel: Pinger - (.Pinger Inc..) [HKLM][64Bits] -- Pinger 1.1.1.2
O42 - Logiciel: Pinger - (.Pinger Inc..) [HKLM][64Bits] -- {9B56B031-A6C0-4BB7-8F61-938548C1B759}
O42 - Logiciel: Red Light Center 3D Client - (.Utherverse Digital Inc.) [HKLM][64Bits] -- Red Light Center 3D Client
O42 - Logiciel: Reimage Protector - (.Reimage.) [HKLM][64Bits] -- Reimage Protector =>Rogue.ReimageRepair
O42 - Logiciel: Reimage Repair - (.Reimage.) [HKLM][64Bits] -- Reimage Repair =>Rogue.ReimageRepair
O42 - Logiciel: Send Anywhere - (.Estmob Inc..) [HKLM][64Bits] -- {4C09F722-410A-481D-A488-D56FBE34334F}_is1
~ Logic: 35 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\CC]
[HKCU\Software\Drivers]
[HKCU\Software\Estmob]
[HKCU\Software\Nuclear Coffee]
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKCU\Software\System32]
[HKCU\Software\Win]
[HKLM\Software\0012C5CB-3192-475B-B0A8-5F323C30CEDE] =>PUP.CrossRider
[HKLM\Software\Nuclear Coffee]
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\SupraSavings ] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\Nuclear Coffee]
[HKLM\Software\Wow6432Node\Pinger Inc.]
[HKLM\Software\Wow6432Node\id]
~ Key Software: 477 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2014-12-06 - 17:15:50 - [] ----D C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE
O43 - CFD: 2013-12-09 - 23:07:27 - [] ----D C:\Program Files (x86)\Pinger
O43 - CFD: 2015-03-30 - 02:37:26 - [] ----D C:\ProgramData\Reimage Protector =>Rogue.ReimageRepair
O43 - CFD: 2014-12-02 - 17:59:09 - [0] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 2014-12-02 - 17:59:09 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 2014-12-02 - 17:59:05 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUA.KMSpico
O43 - CFD: 2014-08-24 - 23:13:48 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mephisto
O43 - CFD: 2014-10-24 - 18:55:02 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
O43 - CFD: 2014-06-12 - 13:28:51 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
O43 - CFD: 2014-07-27 - 22:09:50 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Games
O43 - CFD: 2015-03-30 - 11:29:09 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair =>Rogue.ReimageRepair
O43 - CFD: 2014-07-12 - 19:44:04 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
O43 - CFD: 2015-03-30 - 13:17:35 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Send Anywhere
O43 - CFD: 2013-08-22 - 15:12:21 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 2014-06-13 - 20:16:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoGet
O43 - CFD: 2014-06-13 - 20:16:43 - [] ----D C:\Users\Stone\AppData\Roaming\Nuclear Coffee
O43 - CFD: 2014-11-30 - 12:14:21 - [] -SH-D C:\Users\Stone\AppData\Local\EmieBrowserModeList
O43 - CFD: 2015-03-30 - 13:18:40 - [] ----D C:\Users\Stone\AppData\Local\Estmob
O43 - CFD: 2014-06-12 - 13:29:08 - [0] ----D C:\Users\Stone\AppData\Local\PackageStaging
O43 - CFD: 2014-08-04 - 00:46:32 - [] ----D C:\Users\Stone\AppData\Local\Sniper3
O43 - CFD: 2014-07-27 - 22:13:07 - [] ----D C:\Users\Stone\AppData\Local\storage
O43 - CFD: 2014-10-17 - 21:08:42 - [] ----D C:\Users\Stone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
O43 - CFD: 2014-08-13 - 22:45:11 - [] ----D C:\Users\Stone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Red Light Center 3D Client
~ Program Folder: 304 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.BDE6152B584ABDA7DA102B363E58354F] - 2015-03-15 - 21:24:22 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [396419]
O44 - LFC:[MD5.6C96F42E78FD9F00D128A4AD93E4DE8E] - 2015-03-20 - 00:27:07 ---A- . (...) -- C:\Windows\DirectX.log [35066]
O44 - LFC:[MD5.531121E7ED50084B493A69F8F8A7A927] - 2015-03-29 - 16:05:22 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [37624]
O44 - LFC:[MD5.D08BD7942F16C847CCDA5C32D7BE9EB2] - 2015-03-29 - 16:43:57 ---A- . (...) -- C:\TDSSKiller.3.0.0.44_29.03.2015_17.43.07_log.txt [244158]
O44 - LFC:[MD5.F1DC40D08C716705C34CD399CA19B1B1] - 2015-03-29 - 16:47:33 ---A- . (...) -- C:\TDSSKiller.3.0.0.44_29.03.2015_17.46.28_log.txt [1620216]
O44 - LFC:[MD5.5A94A5D41D7205B9206CECB38E603D50] - 2015-03-30 - 10:38:54 ---A- . (...) -- C:\Windows\Reimage.ini [165] =>Rogue.ReimageRepair
~ Files: 107 Legitimates Filtered in 00mn 01s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\08801573.sys . (...) -- C:\Windows\System32\Drivers\08801573.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\08801573.sys . (...) -- C:\Windows\System32\Drivers\08801573.sys (.not file.)
~ CSB: 19 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{2ece08bf-f26d-11e3-8252-806e6f6e6963}\AutoRun\command. (.Electronic Arts Inc. - Electronic Arts AutoRun.) -- J:\Autorun.exe
O51 - MPSK:{bcc294d3-0c69-11e4-826f-54271e6b7c08}\AutoRun\command. (.Pas de propriétaire - MotoGP 13.) -- G:\setup.exe
O51 - MPSK:{bcc294f6-0c69-11e4-826f-54271e6b7c08}\AutoRun\command. (.CODEX - InstallWizard.) -- K:\setup.exe
O51 - MPSK:{d1425955-0e2f-11e4-8272-806e6f6e6963}\AutoRun\command. (.Pas de propriétaire - NBA 2K15 (c) 2K Setup.) -- M:\setup.exe
~ Keys: Scanned in 00mn 02s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.FICV"="ficvdec_x64.dll" . (...) -- C:\Windows\System32\ficvdec_x64.dll
~ TDSD: 4 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:2014-07-12 - 10:30:01 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:2014-07-12 - 10:30:01 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:2014-07-12 - 10:30:01 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:2013-08-12 - 18:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:2012-05-29 - 13:53:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456]
O58 - SDL:2014-07-17 - 15:10:25 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680]
O58 - SDL:2013-08-22 - 07:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:2014-01-05 - 06:42:18 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [551936]
O58 - SDL:2015-03-29 - 16:05:22 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [37624]
~ Drivers: 70 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {4BBABC3A-26FD-440F-AB7B-E2C7E020D1CF} [DefaultScope] - (Yahoo) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Goo) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {CF3B6C54-4BCC-4120-A85A-40D041547D5E} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {E3CAC4AD-AEA9-4765-B721-FFEAD821BA10} - (Amazon (Canada) Search Suggestions) - http://www.amazon.ca
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF][2014-10-19] (...) -- C:\Users\Stone\AppData\Roaming\inst.exe [99384]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{BEBEE77A-49CE-45BB-8602-3CE499A48348}" | In - Private - P6 - TRUE | .(.Azureus Software, Inc - Vuze Launcher.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.Azureus
O87 - FAEL: "{2C464D8B-C4DF-4CD7-A677-BD67E25E0F4F}" | In - Private - P17 - TRUE | .(.Azureus Software, Inc - Vuze Launcher.) -- C:\Program Files\Vuze\Azureus.exe =>P2P.Azureus
~ Firewall: 2 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 2013-11-13 2251992 | (BcmBtRSupport) . (.Broadcom Corporation..) - C:\Windows\System32\BtwRSupportService.exe
SS - | Demand 2014-06-14 203344 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 2014-07-11 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2014-07-11 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2014-06-06 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 2013-05-13 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 2013-05-11 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 2015-03-21 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 1658-07-22 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 2013-08-22 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 2014-08-12 172344 | (!SASCORE) . (.SUPERAntiSpyware.com.) - E:\PROGRAMS FILES\SUPER ANTISPYWARE\SASCORE64.exe
SR - | Auto 2010-03-18 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 2014-07-12 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 2011-08-30 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 2014-04-24 227904 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
SR - | Auto 2013-11-04 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 2013-08-22 37768 | C:\Users\Stone\AppData\Local\Temp\7zS791E\hpslpsvc64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 2014-05-21 49464 | (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
SR - | Auto 2013-05-11 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 2013-08-12 131544 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 2013-08-12 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 2014-06-15 202080 | (KSS) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
SR - | Auto 2013-08-12 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 2013-08-29 920864 | (nvsvc) . (.NVIDIA Corporation.) - C:\windows\system32\nvvsvc.exe
SR - | Auto 2013-09-05 87552 | (omniserv) . (.Softex Inc..) - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
SR - | Auto 1658-07-22 0 | (PnkBstrA) . (...) - C:\windows\system32\PnkBstrA.exe
SR - | Auto 1658-07-22 0 | (PnkBstrB) . (...) - C:\windows\system32\PnkBstrB.exe
SR - | Auto 2015-01-14 7410024 | (ReimageRealTimeProtector) . (.Reimage®.) - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>Rogue.ReimageRepair
SR - | Auto 2013-08-19 254512 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 2012-08-08 390672 | (RichVideo64) . (...) - C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
SR - | Auto 2014-06-24 1738168 | (SDScannerService) . (.Safer-Networking Ltd..) - E:\PROGRAMS FILES\SPYBOT & DESTROY\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 2014-06-27 2088408 | (SDUpdateService) . (.Safer-Networking Ltd..) - E:\PROGRAMS FILES\SPYBOT & DESTROY\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 2014-04-25 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - E:\PROGRAMS FILES\SPYBOT & DESTROY\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 2014-01-05 340480 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Demand 1658-07-22 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 1658-07-22 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 05s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:2014-07-17 - 15:10:25 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680]
~ Emulateurs: Scanned in 00mn 05s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (2015-03-29)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 5

[HKLM\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector] =>Rogue.ReimageRepair^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1] =>PUA.KMSpico^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Protector] =>Rogue.ReimageRepair^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair] =>Rogue.ReimageRepair^
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
C:\ProgramData\Reimage Protector =>Rogue.ReimageRepair^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUA.KMSpico^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair =>Rogue.ReimageRepair^
C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe =>Rogue.ReimageRepair^
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>Rogue.ReimageRepair^
[HKLM\Software\0012C5CB-3192-475B-B0A8-5F323C30CEDE] =>PUP.CrossRider^
[HKLM\Software\SupraSavings ] =>PUP.SupraSavings^
C:\Windows\Reimage.ini =>Rogue.ReimageRepair
~ Additionnel Scan: 333873 Items scanned in 00mn 13s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/rogue-reimagerepair =>Rogue.ReimageRepair
http://nicolascoolman.fr/pup-kmspico =>PUA.KMSpico
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-suprasavings =>PUP.SupraSavings
~ MSI: 4 link(s) detected in 00mn 00s



~ 1024 Legitimates filtered by white list
End of the scan (552 lines in 00mn 51s)(0.10)

Publicité


Signaler le contenu de ce document

Publicité