cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.4.20.40 - Nicolas Coolman (20/04/2015)
~ Lancé par Admin (22/04/2015 00:42:48)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.17296
MFIE: Mozilla Firefox 38.0 (Defaut)
OBIE: Wacom WebTabletPlugin for Internet Explorer and Netscape v2.1.0.7
OBIE: Wacom WebTabletPlugin for Netscape v1.1.0.3

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : T389C
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Kaspersky Internet Security v15.0.2.361
Malwarebytes Anti-Malware version 2.0.4.1028
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v4.08

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 32640 MB (90% free)
System Restore: Activé (Enable)
System drive C: has 16 GB (13%) free of 112 GB

---\\ Mode de connexion au système
~ Computer Name: FIXE
~ User Name: Admin
~ All Users Names: UpdatusUser, HomeGroupUser$, Administrateur, Admin,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Admin\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Admin\AppData\Roaming\
~ %Desktop% : C:\Users\Admin\Desktop\
~ %Favorites% : C:\Users\Admin\Favorites\
~ %LocalAppData% : C:\Users\Admin\AppData\Local\
~ %StartMenu% : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 16 Go of 112 Go)
D: Hard drive, Flash drive, Thumb drive (Free 24 Go of 72 Go)
E: Hard drive, Flash drive, Thumb drive (Free 23 Go of 122 Go)
F: Hard drive, Flash drive, Thumb drive (Free 0 Go of 122 Go)
G: Hard drive, Flash drive, Thumb drive (Free 16 Go of 100 Go)
H: Hard drive, Flash drive, Thumb drive (Free 49 Go of 122 Go)
I: Hard drive, Flash drive, Thumb drive (Free 0 Go of 122 Go)
J: Hard drive, Flash drive, Thumb drive (Free 80 Go of 122 Go)
K: Hard drive, Flash drive, Thumb drive (Free 0 Go of 234 Go)
L: Hard drive, Flash drive, Thumb drive (Free 208 Go of 232 Go)
M: Hard drive, Flash drive, Thumb drive (Free 143 Go of 150 Go)
N: CD-ROM drive (Not Inserted)
O: Floppy drive, Flash card reader, USB Key (Free 0 Go of 1 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Explorateur Windows.) (.20/11/2010 - 14:24:45.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.11306EED81A8F0A48AFBB3960FFAD07E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/03/2015 - 06:28:47.) -- C:\Windows\System32\wininet.dll [2237952]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.25/02/2011 - 07:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes musiques (My Musics) : 1/11
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 1/516
~ Mon Bureau (My Desktop) : 1/1024
~ Menu demarrer (Programs) : 1/49
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.92762E6197539C579D1FCD1614DBD47A] - (.Steganos Software GmbH - Steganos Trace Destructor Browser Monitor.) -- C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe [57344] [PID.4292]
[MD5.7DFCCC67990B6DE7F30F553A4E4612A4] - (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe [495616] [PID.3432]
[MD5.54C7A2002D6E88DA4F8125EC609C9329] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3298712] [PID.4416]
[MD5.E9E5DADB85F756F83B61816AE0287EEA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe [192160] [PID.4812]
[MD5.3810F327C49C96A5D2299A6DA8F018E7] - (.PureVPN - PureVPN.) -- C:\Program Files (x86)\PureVPN\purevpn.exe [2553984] [PID.3500]
[MD5.D38E57E6FF593B43D7BE013348A32CE6] - (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848] [PID.5216]
[MD5.D3F0452392C45081D8866A92C86D1C7C] - (.Flexera Software, Inc. - FLEXnet Connect Software Manager.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [324976] [PID.5268]
[MD5.6E605C54E750D978D0FCA05CF97FED4E] - (.Nuance Communications, Inc. - PdfCreate7Hook.exe.) -- C:\Program Files (x86)\Nuance\PDF Create 7\PdfCreate7Hook.exe [606496] [PID.5316]
[MD5.E058087AFC466456BE5DE91CCA0A760F] - (.Corsair Components, Inc. - CorsairLINK Hardware Monitor.) -- C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.exe [238960] [PID.5360]
[MD5.F83CA1C55F985DB1F8B432CB75BD4725] - (.Pas de propriétaire - BCLK MFC Application.) -- C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe [1985848] [PID.5384]
[MD5.F11A4BF801F9BFE2938B713B751C3998] - (.ASUSTeK Computer Inc. - ASUS WiFi GO! Server.) -- C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe [967480] [PID.5392]
[MD5.CDE0ED9057DE78DB2A8D3678F3FC09E7] - (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1216656] [PID.5420]
[MD5.1A8E315039857E0706CB0E958C122838] - (.ASUSTeK Computer Inc. - Pas de description.) -- C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [1406776] [PID.5436]
[MD5.C316AFAE719B1C1CE1B903673BC6A641] - (...) -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe [77824] [PID.5516]
[MD5.4D5D968FE6AE6BF94A807F73F7FF6B3D] - (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168] [PID.5796]
[MD5.229922C9FE865E952A5C101B29F33D8A] - (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe [942656] [PID.5824]
[MD5.26443C4332B966C44481D1DE8D1BCBB4] - (.ASUSTek Computer Inc. - AiChargerPlus Application.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272] [PID.6036]
[MD5.98556881C1F1703FDDD05470ABA15DD0] - (.ASUSTeK Computer Inc. - WiFil GO! File Transfer.) -- C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416] [PID.6052]
[MD5.03B0344B641C8115388C782D21415674] - (.Steganos Software GmbH - Steganos Hot Key Service.) -- C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe [84480] [PID.6104]
[MD5.66D7BCE8822B3DF3A84D10241DDB7DC4] - (.Steganos Software GmbH - File Redirection Starter.) -- C:\Program Files (x86)\Steganos Privacy Suite 12\fredirstarter.exe [17408] [PID.6128]
[MD5.490F9A7948EF661DF32A9F0DC8534284] - (.Brother Industries, Ltd. - Brother Status Monitor (Local).) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe [221184] [PID.5128]
[MD5.207B16FA69F61D1895F8D8532F587E4B] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [263600] [PID.5680]
[MD5.36E5CA5DCE72A831A3F7C7ED8AEA83AE] - (.Brother Industries, Ltd. - Control Center 3 Main Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe [872448] [PID.6252]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\RunDll32.exe [0] [PID.6412]
[MD5.76798A69DC48DD594C364CF75C75CF2D] - (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe [1220408] [PID.1896]
[MD5.EDD4F85DC4E85B1412D923663859538C] - (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r52.) -- H:\Program Files (x86)\Adobe\Adobe Flash CS5\Players\FlashPlayer.exe [5143504] [PID.5368]
[MD5.726334512A539233FC3726F068F3A375] - (.ASUSTeK Computer Inc. - ASUS DLNA Player.) -- C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AsDLNAServerReal.exe [671544] [PID.7020]
[MD5.D342CD9148D4F9BC75304C658D52C25E] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192] [PID.4380]
[MD5.2C009C50C0EE073EC0F993698CDB6C92] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8198656] [PID.7844]
[MD5.F82B2FC221CA0E408874884787491667] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [410952] [PID.868]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1720]
[MD5.BBF8F831C7720DD5135D8C4C8325187A] - (...) -- C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728] [PID.1904]
[MD5.E536856E96A7605EBF580D62A868E5FE] - (...) -- C:\Windows\SysWOW64\ASGT.exe [55296] [PID.1968]
[MD5.03BAC13465BEFA17BFD26DE8EA79301D] - (.ASUSTeK Computer Inc. - Pas de description.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [945664] [PID.2068]
[MD5.5C31DFB196CB3A488A041881634D86D2] - (...) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880] [PID.2108]
[MD5.3BCE35761CD54396BEFDE490C39E7EEF] - (.ASUSTeK Computer Inc. - ASUS Motherboard Fan Control Service.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.25\AsusFanControlService.exe [1643008] [PID.2132]
[MD5.CF467DE3D15EFB58C4DB780DF234EB34] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400] [PID.2184]
[MD5.1F79342D9EB530A48742F651E570983A] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176] [PID.2436]
[MD5.E4938E0A376CF0B9D989EE5C0A146891] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520] [PID.2684]
[MD5.6300EAFB41913A3ED5C49C97AA3AA65D] - (.CrypKey (Canada) Ltd. - CrypKey NT Service.) -- C:\Windows\system32\crypserv.exe [122880] [PID.2864]
[MD5.064D13A0AEDC66FDD4C5AAF0D3A5BE36] - (.Foxit Software Inc. - Foxit Cloud Safe Update Service.) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880] [PID.3004]
[MD5.205E1B699FD3F2F9B036EEA2EC30C620] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.3000]
[MD5.A6A7AD767BF5141665F5C675F671B3E1] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [185632] [PID.2328]
[MD5.958E956E119EB7B9ABA142AFED1B5FF4] - (...) -- C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [186760] [PID.2512]
[MD5.CC907C2FB839D3F92690A25FF8E463BE] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [4972864] [PID.2804]
[MD5.D40DE5D85ACB6591C69B8D4DFAA538BF] - (.Ai Squared - Helps ZoomText to perform operations necess.) -- C:\Program Files (x86)\ZoomText 10\ZoomTextHelperService.exe [17024] [PID.3088]
[MD5.19E0B5B6202CE85796EA6C0EBB7334DF] - (.Wacom Technology - Wacom Load Agent.) -- C:\Program Files\Tablet\Wacom\WacomHost.exe [39808] [PID.5288]
[MD5.D9A9FFC89F61CAD4AD9EF31FBB17E634] - (.Intel Corporation - Intel(R) Integrated Clock Controller Servic.) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [171632] [PID.7864]
[MD5.D5854F77CEEAFC5A8405F8ECCBEC09DF] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344] [PID.8984]
[MD5.B7C53DA1C73FF39F4A6248643EFD979A] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1266464] [PID.9108]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2iajtbkb.default\prefs.js
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2iajtbkb.default\user.js
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fcqrhehr.default\prefs.js (.not file.)
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jk56smn8.default\prefs.js (.not file.)
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tn6p1l5v.default\prefs.js
M3 - MFPP: Plugins - [Admin] -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2iajtbkb.default\searchplugins\qwant-beta.xml
M3 - MFPP: Plugins - [Admin] -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2iajtbkb.default\searchplugins\seek.xml
M2 - MFEP: RegExtension {72CA2996-F580-47DF-98FF-0B853D09CEC8} . (...) --
M0 - MFSP: prefs.js [Admin - 2iajtbkb.default] http://psycho.univ-lyon2.fr
M2 - MFEP: prefs.js [Admin - 2iajtbkb.default\CLEO@guid.customsoftwareconsult.com] [] CLEO v6.0 (..)
M2 - MFEP: prefs.js [Admin - 2iajtbkb.default\https-everywhere@eff.org] [] HTTPS-Everywhere v5.0.2 (..)
M2 - MFEP: prefs.js [Admin - 2iajtbkb.default\mozilla_cc@internetdownloadmanager.com] [] IDM CC v7.3.99 (..)
M2 - MFEP: prefs.js [Admin - 2iajtbkb.default\toggleprivatebrowsing@supernova00.biz] [] Toggle Private Browsing v1.8 (..)
M2 - MFEP: prefs.js [Admin - 2iajtbkb.default\{20291fcc-1471-46c8-8213-5911f5ce6d67}] [] Site Launcher v2.8.1 (..)
M2 - MFEP: prefs.js [Admin - 2iajtbkb.default\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}] [] Nightly Tester Tools v3.7 (..)
M2 - MFEP: prefs.js [Admin - 2iajtbkb.default\{de1b245c-de57-11da-ba2d-0050c2490048}] [] MinimizeToTray Plus v1.0.8 (..)
M2 - MFEP: Extension [Admin - 2iajtbkb.default] {06C43693-2C7F-4beb-BB52-EF92C6CA0C44}.xpi
M2 - MFEP: Extension [Admin - 2iajtbkb.default] {1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
M2 - MFEP: Extension [Admin - 2iajtbkb.default] {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
M2 - MFEP: Extension [Admin - 2iajtbkb.default] {3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}.xpi
M2 - MFEP: Extension [Admin - 2iajtbkb.default] {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
M2 - MFEP: Extension [Admin - 2iajtbkb.default] {b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
M2 - MFEP: Extension [Admin - 2iajtbkb.default] {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}.xpi
M2 - MFEP: Extension [Admin - 2iajtbkb.default] {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
M2 - MFEP: Extension [Admin - fcqrhehr.default] {06C43693-2C7F-4beb-BB52-EF92C6CA0C44}.xpi
M2 - MFEP: Extension [Admin - fcqrhehr.default] {1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
M2 - MFEP: Extension [Admin - fcqrhehr.default] {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
M2 - MFEP: Extension [Admin - fcqrhehr.default] {3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}.xpi
M2 - MFEP: Extension [Admin - fcqrhehr.default] {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
M2 - MFEP: Extension [Admin - fcqrhehr.default] {b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
M2 - MFEP: Extension [Admin - fcqrhehr.default] {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}.xpi
M2 - MFEP: Extension [Admin - fcqrhehr.default] {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
M2 - MFEP: Extension [Admin - jk56smn8.default] {06C43693-2C7F-4beb-BB52-EF92C6CA0C44}.xpi
M2 - MFEP: Extension [Admin - jk56smn8.default] {1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
M2 - MFEP: Extension [Admin - jk56smn8.default] {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
M2 - MFEP: Extension [Admin - jk56smn8.default] {3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}.xpi
M2 - MFEP: Extension [Admin - jk56smn8.default] {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
M2 - MFEP: Extension [Admin - jk56smn8.default] {b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
M2 - MFEP: Extension [Admin - jk56smn8.default] {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}.xpi
M2 - MFEP: Extension [Admin - jk56smn8.default] {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
M2 - MFEP: Extension [Admin - tn6p1l5v.default] {06C43693-2C7F-4beb-BB52-EF92C6CA0C44}.xpi
M2 - MFEP: Extension [Admin - tn6p1l5v.default] {1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
M2 - MFEP: Extension [Admin - tn6p1l5v.default] {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
M2 - MFEP: Extension [Admin - tn6p1l5v.default] {3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}.xpi
M2 - MFEP: Extension [Admin - tn6p1l5v.default] {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
M2 - MFEP: Extension [Admin - tn6p1l5v.default] {b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
M2 - MFEP: Extension [Admin - tn6p1l5v.default] {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}.xpi
M2 - MFEP: Extension [Admin - tn6p1l5v.default] {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
~ Firefox Browser: 68 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (64)
~ Hosts File: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] . (.Logitech, Inc. - Logitech KHAL Main Process.) -- C:\Windows\KHALMNPR.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKCU\..\Run: [SSS12 Browser Monitor] . (.Steganos Software GmbH - Steganos Trace Destructor Browser Monitor.) -- C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe
O4 - HKCU\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [ISUSPM] . (.Flexera Software, Inc. - FLEXnet Connect Software Manager.) -- C:\ProgramData\FLEXnet\Connect\11\isuspm.exe
O4 - HKLM\..\Wow6432Node\Run: [PDFHook] . (.Nuance Communications, Inc. - PdfCreate7Hook.exe.) -- C:\Program Files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe
O4 - HKLM\..\Wow6432Node\Run: [PDF7 Registry Controller] . (.Nuance Communications, Inc. - REGISTRYCONTROLLER.EXE.) -- C:\Program Files (x86)\Nuance\PDF Create 7\RegistryController.exe
O4 - HKLM\..\Wow6432Node\Run: [BrMfcWnd] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
O4 - HKLM\..\Wow6432Node\Run: [agentantidote.exe] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
O4 - HKLM\..\Wow6432Node\Run: [agentantidote64.exe] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe
O4 - HKLM\..\Wow6432Node\Run: [ASUS AiChargerPlus Execute] . (.ASUSTek Computer Inc. - AiChargerPlus Application.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
O4 - HKLM\..\Wow6432Node\Run: [ASUS WiFi GO! FileTransfer Execute] . (.ASUSTeK Computer Inc. - WiFil GO! File Transfer.) -- C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe
O4 - HKLM\..\Wow6432Node\Run: [SSS12 HotKeys] . (.Steganos Software GmbH - Steganos Hot Key Service.) -- C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe
O4 - HKLM\..\Wow6432Node\Run: [SSS12 File Redirection Starter] . (.Steganos Software GmbH - File Redirection Starter.) -- C:\Program Files (x86)\Steganos Privacy Suite 12\fredirstarter.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [SpeechExec Startup] . (.Philips Austria GmbH - Speech Processing - Pas de description.) -- C:\Program Files (x86)\Common Files\Philips Speech Shared\Components\PSP.Speechexec.StartupApp.exe
O4 - HKLM\..\Wow6432Node\Run: [Psp6164a] Psp6164a.exe
O4 - HKLM\..\Wow6432Node\Run: [PspUsbCf] pspusbcf.exe
O4 - HKLM\..\Wow6432Node\Run: [SSBkgdUpdate] . (.Nuance Communications, Inc. - SSBkgdUpdate.) -- C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
O4 - HKLM\..\Wow6432Node\Run: [DNS7reminder] . (.Nuance Communications, Inc. - Ereg.) -- C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe
O4 - HKLM\..\Wow6432Node\Run: [wcmdmgr] . (.WildTangent, Inc. - wcmdmgrl.) -- C:\Windows\wt\updater\wcmdmgrl.exe
O4 - HKLM\..\Wow6432Node\Run: [ControlCenter3] . (.Brother Industries, Ltd. - ControlCenter Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-890562486-3117395037-1300803535-1000\..\Run: [SSS12 Browser Monitor] . (.Steganos Software GmbH - Steganos Trace Destructor Browser Monitor.) -- C:\Program Files (x86)\Steganos Privacy Suite 12\SteganosBrowserMonitor.exe
O4 - HKUS\S-1-5-21-890562486-3117395037-1300803535-1000\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - HKUS\S-1-5-21-890562486-3117395037-1300803535-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier virtuel [64Bits] - {5547CE1F-74E9-41E5-9CBF-5211ECC37341} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kbrd.ico
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{95D28892-5B36-4FB5-92B2-9DAAE49EDAD8}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{95D28892-5B36-4FB5-92B2-9DAAE49EDAD8}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{95D28892-5B36-4FB5-92B2-9DAAE49EDAD8}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ASGT (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) . (.Foxit Software Inc. - Foxit Cloud Safe Update Service.) - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: ScsiAccess (ScsiAccess) . (...) - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Soluto Launcher Service (SolutoLauncherService) . (.Soluto - Soluto Launcher Service.) - C:\Program Files\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) . (.Soluto - Soluto.) - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: ZoomText Helper Service (ZoomText Helper Service) . (.Ai Squared - Helps ZoomText to perform operations necess.) - C:\Program Files (x86)\ZoomText 10\ZoomTextHelperService.exe
~ Services: 28 Legitimates Filtered in 00mn 05s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{487A8ECC-7F59-4A6D-A822-87048494AC7F}] (...) -- L:\Program Files (x86)\Far Cry 4\GDFInstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B9328F7D-1E02-4164-882F-58889960847D}] (...) -- E:\DRIVERS SE7EN x64\Imprimante\Brother\mflpro_c2\Data\Disk1\setup.exe (.not file.) [0]
[MD5.CDE0ED9057DE78DB2A8D3678F3FC09E7] [APT] [ASUS DIPAwayMode] (...) -- C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1216656]
[MD5.F83CA1C55F985DB1F8B432CB75BD4725] [APT] [RC TweakIt Server Execute] (...) -- C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe [1985848]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job [540]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\NatSpeak Periodic Acoustic Optimization [540]
O39 - APT: - (..) -- C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job [550]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\NatSpeak Periodic Language Model Optimization [550]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: AlphaPlugins RedEyes - (...) [HKLM][64Bits] -- AlphaPlugins RedEyes for Adobe Photoshop_is1
O42 - Logiciel: IconLover - (...) [HKLM][64Bits] -- IconLover
O42 - Logiciel: InFlac 1.1.1 - (.Michael Facquet.) [HKLM][64Bits] -- InFlac
O42 - Logiciel: K-Jöfol 2000 - (...) [HKLM][64Bits] -- K-Jöfol 2000
O42 - Logiciel: PureVPN - (.PureVPN.) [HKLM][64Bits] -- PureVPN_is1
O42 - Logiciel: R4 - (...) [HKLM][64Bits] -- R4
O42 - Logiciel: Sonique - (...) [HKLM][64Bits] -- Sonique15
O42 - Logiciel: Sonique2 - (...) [HKLM][64Bits] -- Sonique2
O42 - Logiciel: Speak Aloud 2.0 - (.Guangming Software, Inc..) [HKLM][64Bits] -- Speak Aloud_is1
O42 - Logiciel: ZoomText 10 - (.Ai Squared.) [HKLM][64Bits] -- {F7BFAC00-DCB3-46E3-AF56-48A779E54899}
O42 - Logiciel: infovox4 - (.Acapela Group.) [HKLM][64Bits] -- infovox4
~ Logic: 36 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Fadeamp]
[HKCU\Software\Michael Facquet]
[HKCU\Software\Plate]
[HKLM\Software\Bird]
[HKLM\Software\Wow6432Node\Ai Squared]
~ Key Software: 467 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/07/2014 - 00:51:22 - [] ----D C:\Program Files (x86)\IconLover
O43 - CFD: 10/02/2015 - 15:22:43 - [] ----D C:\Program Files (x86)\Kjofol
O43 - CFD: 09/03/2015 - 03:43:49 - [] ----D C:\Program Files (x86)\PureVPN
O43 - CFD: 10/12/2013 - 17:21:04 - [] ----D C:\Program Files (x86)\R4
O43 - CFD: 16/02/2015 - 01:03:30 - [] ----D C:\Program Files (x86)\Sonique
O43 - CFD: 23/09/2014 - 02:04:19 - [] ----D C:\Program Files (x86)\Speak Aloud
O43 - CFD: 01/02/2014 - 00:28:16 - [] ----D C:\Program Files (x86)\Ultra Mobile 3GP Video Converter
O43 - CFD: 04/12/2013 - 07:14:47 - [] ----D C:\Program Files (x86)\ViaVoiceTTS
O43 - CFD: 04/12/2013 - 07:14:48 - [] ----D C:\Program Files (x86)\VW
O43 - CFD: 22/04/2015 - 00:39:41 - [] ----D C:\ProgramData\purevpn
O43 - CFD: 22/11/2014 - 22:40:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTTRACK
O43 - CFD: 04/07/2014 - 00:49:42 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconLover
O43 - CFD: 10/02/2015 - 15:22:27 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Jöfol
O43 - CFD: 09/03/2015 - 03:43:49 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureVPN
O43 - CFD: 10/12/2013 - 17:21:04 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R4
O43 - CFD: 23/09/2014 - 02:00:39 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speak Aloud
O43 - CFD: 10/09/2014 - 01:06:38 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeechExec
O43 - CFD: 01/02/2014 - 00:27:39 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Mobile 3GP Video Converter
O43 - CFD: 04/12/2013 - 07:16:04 - [] ----D C:\Users\Admin\AppData\Roaming\Ai Squared
O43 - CFD: 01/10/2014 - 01:36:32 - [] ----D C:\Users\Admin\AppData\Roaming\MOBILedit
O43 - CFD: 07/10/2014 - 23:28:10 - [] ----D C:\Users\Admin\AppData\Roaming\MOBILeditForensic
O43 - CFD: 04/12/2013 - 07:16:07 - [] ----D C:\Users\Admin\AppData\Local\Ai Squared
O43 - CFD: 09/03/2015 - 03:43:32 - [] ----D C:\Users\Admin\AppData\Local\purevpn
~ Program Folder: 315 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0F188021C49A15BC264553C1E2D71DEC] - 08/04/2015 - 18:52:00 ---A- . (...) -- C:\Windows\System32\nvcoproc.bin [4336074]
O44 - LFC:[MD5.B45B99B2940DEC2E830B22298D959E13] - 09/04/2015 - 01:58:18 ---A- . (...) -- C:\Windows\System32\nvinfo.pb [29329]
O44 - LFC:[MD5.A0C4A5B2C994C0594231131B8712AE46] - 09/04/2015 - 03:43:02 ---A- . (...) -- C:\Windows\Brpfx04a.ini [335]
O44 - LFC:[MD5.F2CF417EF502555B139EDCD9FEBF9CD3] - 15/04/2015 - 18:00:27 ---A- . (...) -- C:\Windows\System32\AcpiServiceVnA64.dll [109848]
O44 - LFC:[MD5.8113D6E1884940FC3F9DED886B364A1E] - 15/04/2015 - 18:00:27 ---A- . (...) -- C:\Windows\System32\audioLibVc.dll [96568]
O44 - LFC:[MD5.DA880167EFE3EFF9853585865F6EDC27] - 15/04/2015 - 18:00:32 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [1954478]
O44 - LFC:[MD5.2A1881E000ECA7370A52113BE367B55A] - 21/04/2015 - 22:55:10 ---A- . (...) -- C:\Windows\ntbtlog.txt [988584]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/04/2015 - 23:06:52 ---A- . (...) -- C:\Windows\Path.idx [0]
O44 - LFC:[MD5.C1BA692748FFF5C1610D01035FE75026] - 21/04/2015 - 23:39:17 ---A- . (...) -- C:\Windows\error.log [1116]
O44 - LFC:[MD5.6C1A691277C6BE37B08EFDF2079D5BAF] - 21/04/2015 - 23:39:57 ---A- . (...) -- C:\Windows\PE_Rom.dll [1048576]
~ Files: 162 Legitimates Filtered in 00mn 27s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{0dc15899-5bb2-11e3-965d-806e6f6e6963}\AutoRun\command. (...) -- N:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\I4Launcher [Key] . (.Acapela Group sa - I4Launch.) -- C:\Program Files (x86)\Acapela Group\infovox4\I4Launcher.exe
O53 - SMSR:HKLM\...\startupreg\SoniqueQuickStart [Key] . (...) -- C:\Program Files (x86)\Sonique\sqstart.exe
~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:25/11/2014 - 16:57:18 ---A- . (.Ai Squared - ZoomText 10 Kernel Sidekick (64).) -- C:\Windows\System32\Drivers\Ai2Chroniker.sys [14016]
O58 - SDL:25/11/2014 - 16:57:18 ---A- . (.Ai Squared - ZoomText 10 Kernel Driver (64).) -- C:\Windows\System32\Drivers\Ai2Mmpd.sys [12992]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:06/08/2014 - 19:15:50 ---A- . (.Windows (R) Win 7 DDK provider - Filter Driver for HID-KMDF Interface.) -- C:\Windows\System32\Drivers\hidkmdf.sys [14136]
O58 - SDL:28/03/2011 - 18:46:40 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [146568]
O58 - SDL:19/04/2013 - 04:56:48 ---A- . (...) -- C:\Windows\System32\Drivers\nvflash.sys [15648]
O58 - SDL:15/06/2011 - 09:30:46 ---A- . (.PowerISO Computing, Inc. - PowerISO Virtual Drive.) -- C:\Windows\System32\Drivers\scdemu.sys [93240]
O58 - SDL:21/11/2012 - 21:44:00 ---A- . (.Silicon Laboratories - SiLib WDM Support Driver.) -- C:\Windows\System32\Drivers\SiLib.sys [24576]
O58 - SDL:21/11/2012 - 21:44:00 ---A- . (.Silicon Laboratories - SiUSBXp.sys.) -- C:\Windows\System32\Drivers\SiUSBXp.sys [19456]
O58 - SDL:14/11/2013 - 14:26:30 ---A- . (.Soluto LTD. - Soluto PCGenome Core Driver.) -- C:\Windows\System32\Drivers\Soluto.sys [54728]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:17/12/2014 - 15:49:08 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
O58 - SDL:29/01/2015 - 00:54:34 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [37624]
O58 - SDL:25/11/2014 - 16:57:18 ---A- . (.Ai Squared - ZoomText 10 Kernel Driver (64).) -- C:\Windows\System32\Ai2V.sys [18624]
O58 - SDL:17/05/2007 - 23:01:30 ---A- . (...) -- C:\Windows\System32\Ckldrv.sys [27904]
O58 - SDL:22/10/2014 - 11:14:51 ---A- . (.Ai Squared - ZoomText 10 Kernel Driver.) -- C:\Windows\SysWOW64\drivers\Ai2sXP.sys [12928]
O58 - SDL:08/01/2013 - 14:17:28 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp32.sys [10216]
O58 - SDL:08/01/2013 - 14:17:28 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys [11832]
O58 - SDL:04/06/2013 - 10:41:00 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [15232]
O58 - SDL:14/09/2012 - 03:06:23 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys [14464]
O58 - SDL:02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
~ Drivers: 123 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 25/11/2014 - C:\Windows\System32\DRIVERS\Ai2Chroniker.sys (Ai2Chroniker) .(.Ai Squared - ZoomText 10 Kernel Sidekick (64).) - LEGACY_AI2CHRONIKER
O64 - Services: CurCS - 16/12/1745 - C:\Windows\TEMP\cpuz136\cpuz136_x64.sys (cpuz136) .(...) - LEGACY_CPUZ136
O64 - Services: CurCS - 16/12/1745 - C:\Windows\system32\drivers\IOMap64.sys (IOMap) .(...) - LEGACY_IOMAP
O64 - Services: CurCS - 10/11/2014 - C:\Windows\System32\DRIVERS\kneps.sys (kneps) .(.Kaspersky Lab ZAO - KNEPS Power [fre_wnet_amd64].) - LEGACY_KNEPS
O64 - Services: CurCS - 14/11/2013 - C:\Windows\System32\DRIVERS\Soluto.sys (Soluto) .(.Soluto LTD. - Soluto PCGenome Core Driver.) - LEGACY_SOLUTO
O64 - Services: CurCS - 16/12/1745 - C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys (WinRing0_1_2_0) .(...) - LEGACY_WINRING0_1_2_0
~ Legacy: 97 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Admin - 2iajtbkb.default] user_pref("interclue.preferences", "{\"User.buildId\":\"987bcab01b929eb2c07877b224215c92\",\"Security.sites\":{\"surfcanyon.com\":[...]
O69 - SBI: prefs.js [Admin - 2iajtbkb.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {F806DADF-2F7B-42ED-BD3D-07ADF297AA1C} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.0641A46F1E58529A42EAD4573A3A0861] [SPRF][09/12/2013] (...) -- C:\ProgramData\B874414FCD.sys [8]
[MD5.455A75788576A6E2B6057C6E108EE2B0] [SPRF][03/04/2015] (...) -- C:\ProgramData\KGyGaAvL.sys [3868]
[MD5.4375A28A45D3673E397F0F3525286CEB] [SPRF][27/03/2015] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.95F27CFC527208F0F6CA7F4B855F57DF] [SPRF][21/04/2015] (...) -- C:\Users\Admin\AppData\Roaming\config_data.dat [21]
~ Files: 7 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 15/04/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 20/07/2009 160784 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
SS - | Demand 15/04/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 17/12/2014 32568 | (OpenVPNService) . (.The OpenVPN Project.) - C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14/04/2015 836288 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 04/06/2013 936728 | (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
SR - | Auto 17/01/2012 55296 | (ASGT) . (...) - C:\Windows\SysWOW64\ASGT.exe
SR - | Auto 13/06/2013 945664 | (asHmComSvc) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
SR - | Auto 21/10/2010 586880 | (AsSysCtrlService) . (...) - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
SR - | Auto 13/06/2013 1643008 | (AsusFanControlService) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.25\AsusFanControlService.exe
SR - | Auto 23/12/2014 193400 | (AVP15.0.2) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
SR - | Auto 21/01/2013 1006384 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 23/05/2007 122880 | (Crypkey License) . (.CrypKey (Canada) Ltd..) - C:\Windows\System32\crypserv.exe
SR - | Auto 16/01/2015 243880 | (FoxitCloudUpdateService) . (.Foxit Software Inc..) - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
SR - | Auto 31/01/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 02/01/2013 171632 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 03/01/2013 183200 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe
SR - | Auto 10/04/2015 2823496 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 08/04/2015 936264 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 15/03/2013 1266464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 22/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 24/07/2007 185632 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 18/12/2014 186760 | (ScsiAccess) . (...) - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
SR - | Auto 14/11/2013 182848 | (SolutoLauncherService) . (.Soluto.) - C:\Program Files\Soluto\SolutoLauncherService.exe
SR - | Demand 14/11/2013 1942016 | (SolutoRemoteService) . (.GlavSoft LLC..) - C:\Program Files\Soluto\SolutoRemoteService.exe
SR - | Auto 14/11/2013 856128 | (SolutoService) . (.Soluto.) - C:\Program Files\Soluto\SolutoService.exe
SR - | Auto 22/07/1658 0 | (Steganos Volatile Disk) . (.Softwareentwicklung Remus - ArchiCrypt.) - C:\Windows\system32\STGRAMDiskHandler64.exe
SR - | Auto 08/04/2015 410952 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 01/02/2010 6159656 | (TabletServiceWacom) . (.Wacom Technology, Corp..) - C:\Windows\system32\Wacom_Tablet.exe
SR - | Auto 02/04/2014 4972864 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/08/2014 648472 | (WTabletServicePro) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/10/2014 17024 | (ZoomText Helper Service) . (.Ai Squared.) - C:\Program Files (x86)\ZoomText 10\ZoomTextHelperService.exe
~ Services: Scanned in 00mn 06s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (20/04/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 328051 Items scanned in 00mn 14s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s



~ 1314 Legitimates filtered by white list
End of the scan (594 lines in 01mn 38s)(0.10)

Publicité


Signaler le contenu de ce document

Publicité