cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.5.8.47 - Nicolas Coolman (05/05/2015)
~ Lancé par CHEN (09/05/2015 15:52:00)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17728
MFIE: Mozilla Firefox 37.0.2 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : 6XWXT
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Avast Free Antivirus v10.2.2218
Malwarebytes Anti-Malware version 2.1.6.1022
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v5.05

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3990 MB (54% free)
System Restore: Activé (Enable)
System drive C: has 302 GB (67%) free of 446 GB

---\\ Mode de connexion au système
~ Computer Name: CHEN-VAIO
~ User Name: CHEN
~ All Users Names: HomeGroupUser$, CHEN, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\CHEN\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\CHEN\AppData\Roaming\
~ %Desktop% : C:\Users\CHEN\Desktop\
~ %Favorites% : C:\Users\CHEN\Favorites\
~ %LocalAppData% : C:\Users\CHEN\AppData\Local\
~ %StartMenu% : C:\Users\CHEN\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 302 Go of 446 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/03/2015 - 03:45:57.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/1637
~ Mes musiques (My Musics) : 1/135
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 1/19540
~ Mon Bureau (My Desktop) : 1/34
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 37s



---\\ Processus lancés
[MD5.44A9229022A519ED45294A1934C05EEC] - (.Flux Software LLC - f.lux.) -- C:\Users\CHEN\AppData\Local\FluxSoftware\Flux\flux.exe [1017224] [PID.2152]
[MD5.3F03AC51CE406AE04902BF239EE4F8F8] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\CHEN\AppData\Roaming\Dropbox\bin\Dropbox.exe [43374104] [PID.2424]
[MD5.7515EC02E1F288107C95D5C195381235] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088] [PID.2868]
[MD5.4AD491D49890D794BFA77AAB935046C5] - (.Sony Corporation - Pas de description.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552] [PID.2880]
[MD5.31EA4BC4328BDBC50CD5CA4870F09E06] - (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496] [PID.2908]
[MD5.4D5D968FE6AE6BF94A807F73F7FF6B3D] - (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168] [PID.3032]
[MD5.61BA8BD94B0BCD2A138446FB49A441A3] - (...) -- C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [415608] [PID.2684]
[MD5.8790F03F7F652FCE43E39AA6B641CEA8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232] [PID.3132]
[MD5.36E5CA5DCE72A831A3F7C7ED8AEA83AE] - (.Brother Industries, Ltd. - Control Center 3 Main Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe [872448] [PID.3148]
[MD5.490F9A7948EF661DF32A9F0DC8534284] - (.Brother Industries, Ltd. - Brother Status Monitor (Local).) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe [221184] [PID.3352]
[MD5.7E212E742BF06BF678AE35E9C1B74B8F] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6212920] [PID.3724]
[MD5.4738DC864215B00B886E27A8D18CC326] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.3844]
[MD5.74A921A3820CA3139D0D30F453FDEB58] - (.Intel Corporation - Bluetooth Media Player Controller.) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe [936272] [PID.5800]
[MD5.2727208EA26F6B6DA898AB6890417214] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8208384] [PID.6984]
[MD5.54236E79A44F909612391C8A2D70D512] - (.Avast Software s.r.o. - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336] [PID.1452]
[MD5.C711ED965009BDCFF9AA62CEB6FF1AAD] - (.brother Industries Ltd - brsvc01a.) -- C:\Windows\SysWOW64\brsvc01a.exe [57344] [PID.1900]
[MD5.9B01D42D72FD0526360C174F34C52255] - (.brother Industries Ltd - brss01a.exe.) -- C:\Windows\SysWOW64\brss01a.exe [45056] [PID.1952]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1708]
[MD5.05981C3E51D827ED6B8101A54B05E392] - (.Intel Corporation - Bluetooth Device Monitor.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [1014096] [PID.2688]
[MD5.516E29AD03BDF610CC36A95AE692FE42] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.3252]
[MD5.2B983F067AEE3F9EB4DF5E97F45D21D1] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120] [PID.3712]
[MD5.D2A6E9DBC3247613568D86DAC599DB52] - (.Microsoft Corporation - SQL Browser Service EXE.) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [278696] [PID.2436]
[MD5.203FD19D70549A2939E1AE3A36608151] - (.Sony Corporation - VAIO Control Center (Service Module).) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe [65464] [PID.4088]
[MD5.905CEB6F1B4B536B9A74E7207B3C4321] - (.Sony Corporation - VAIO Control Center (Service Sub Module).) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe [182200] [PID.1740]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [7168] [PID.4316]
[MD5.41D8F56E6BBE0111244D87BE2FA90374] - (.Intel Corporation - Bluetooth OBEX Service.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1104208] [PID.4384]
[MD5.BBFAF63BF768047FE2441B4139E803E3] - (.Intel Corporation - Bluetooth Media Service.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1304912] [PID.5548]
[MD5.83FF82FE209E7997067B375DAD6CF23D] - (.Intel Corporation - Intel(R) Integrated Clock Controller Servic.) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752] [PID.5140]
[MD5.6241810294275CEA59EBA9733080E5EE] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720] [PID.6896]
[MD5.57739E742ABC085C2A4340D4404B4A8B] - (.Intel Corporation - Intel(R) ME Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544] [PID.6480]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.2700]
[MD5.6DC3A4E939B0F3EE16B54C5EC431D8C1] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [390616] [PID.4996]
[MD5.934BB0D23A25C8C136570800A5A149B6] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [687400] [PID.3024]
~ Processes Running: Scanned in 00mn 12s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\CHEN\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 00mn 03s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: Extension [CHEN - yzuurqdg.default-1429095417764] firegestures@xuldev.org.xpi
M2 - MFEP: Extension [CHEN - yzuurqdg.default-1429095417764] {dc572301-7619-498c-a57d-39143191b318}.xpi
M2 - MFEP: Extension [CHEN - yzuurqdg.default-1429095417764] {e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.5] - (...) -- C:\Program Files\VideoLAN\VLC\npvlc.dll (.not file.)
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.6] - (...) -- C:\Program Files\VideoLAN\VLC\npvlc.dll (.not file.)
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.7] - (...) -- C:\Program Files\VideoLAN\VLC\npvlc.dll (.not file.)
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.1.0] - (...) -- C:\Program Files\VideoLAN\VLC\npvlc.dll (.not file.)
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.1.1] - (...) -- C:\Program Files\VideoLAN\VLC\npvlc.dll (.not file.)
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.1.2] - (...) -- C:\Program Files\VideoLAN\VLC\npvlc.dll (.not file.)
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.1.3] - (...) -- C:\Program Files\VideoLAN\VLC\npvlc.dll (.not file.)
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.1.4] - (...) -- C:\Program Files\VideoLAN\VLC\npvlc.dll (.not file.)
~ Firefox Browser: 37 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (15517)
~ Hosts File: Scanned in 00mn 07s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: iToolsBHO [64Bits] - {E1499FE7-129D-4B6E-B681-DDF21E14172C} . (.iTools.hk - Pas de description.) -- C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [f.lux] . (.Flux Software LLC - f.lux.) -- C:\Users\CHEN\AppData\Local\FluxSoftware\Flux\flux.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\CHEN\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [ISBMgr.exe] . (.Sony Corporation - Pas de description.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Wow6432Node\Run: [Dolby Home Theater v4] . (.Dolby Laboratories Inc. - Dolby Profile Selector.) -- C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [BrMfcWnd] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
O4 - HKLM\..\Wow6432Node\Run: [ControlCenter3] . (.Brother Industries, Ltd. - ControlCenter Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2449715427-2145583385-3119360781-1000\..\Run: [f.lux] . (.Flux Software LLC - f.lux.) -- C:\Users\CHEN\AppData\Local\FluxSoftware\Flux\flux.exe
O4 - HKUS\S-1-5-21-2449715427-2145583385-3119360781-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\CHEN\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: N&Capture for NVivo [64Bits] - {b9c5d5a9-2b89-427d-bb30-32f567eaa60d} . (.QSR International - Capture for NVivo.) -- C:\Program Files (x86)\QSR\NCapture\Internet Explorer\QSR.NCapture.IE.Resources.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bankofchina.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.boc.cn
O15 - Trusted Zone: [HKCU\...\Domains\www] http.cfca.com.cn
~ IE Zone Confiance: Scanned in 00mn 03s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{21737826-EA25-4ECA-AC40-5D1BF8E92EF2}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{22E14517-7A59-4028-8523-F726688A8757}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACA2C8B8-CAAE-4C13-907E-387C469551A5}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE3C2ED4-B61A-4AAD-86D2-2CB3F7577F62}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E50704C3-9A25-4F5C-A24B-D88AC3CD65A9}: DhcpNameServer = 172.20.2.10 172.20.2.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{21737826-EA25-4ECA-AC40-5D1BF8E92EF2}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{22E14517-7A59-4028-8523-F726688A8757}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{ACA2C8B8-CAAE-4C13-907E-387C469551A5}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{BE3C2ED4-B61A-4AAD-86D2-2CB3F7577F62}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E50704C3-9A25-4F5C-A24B-D88AC3CD65A9}: DhcpNameServer = 172.20.2.10 172.20.2.39
O17 - HKLM\System\CS2\Services\Tcpip\..\{21737826-EA25-4ECA-AC40-5D1BF8E92EF2}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{22E14517-7A59-4028-8523-F726688A8757}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{ACA2C8B8-CAAE-4C13-907E-387C469551A5}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{BE3C2ED4-B61A-4AAD-86D2-2CB3F7577F62}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E50704C3-9A25-4F5C-A24B-D88AC3CD65A9}: DhcpNameServer = 172.20.2.10 172.20.2.39
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.61BA8BD94B0BCD2A138446FB49A441A3] [APT] [iToolsDaemon] (...) -- C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [415608]
[MD5.00000000000000000000000000000000] [APT] [{1FA9A99A-56E1-4ED2-A0CF-33FDC7B38F01}] (...) -- C:\Users\CHEN\Downloads\RiceVideoSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{22D61E9B-E724-4C6C-93EE-BED13F4868CD}] (...) -- C:\Users\CHEN\Downloads\N64\RiceVideoSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{75C1AF1D-74B5-47B7-83E2-F0BE341AB8F1}] (...) -- F:\VAIO WIN7\INTEL SATA\INDSNR-00266170-0042.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{90382C85-C196-411F-9022-3D8DCA20798F}] (...) -- F:\VAIO WIN7\MEMORY CARD SLOT\RIDFMC-00266126-0042.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E32B65D8-2C3D-4106-B191-77263BC43834}] (...) -- F:\VAIO WIN7\MEMORY CARD SLOT\RIDFMC-00255902-0042.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2449715427-2145583385-3119360781-1000Core [1022]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2449715427-2145583385-3119360781-1000UA [1074]
O39 - APT: iToolsDaemon - (...) -- C:\Windows\Tasks\iToolsDaemon.job [316]
O39 - APT: iToolsDaemon - (...) -- C:\Windows\System32\Tasks\iToolsDaemon [316]
~ Scheduled Task: 28 Legitimates Filtered in 00mn 08s



---\\ Logiciels installés (O42)
O42 - Logiciel: BOCNET USBKey Management(FTSafe) - (.Feitian Technologies Co., Ltd..) [HKLM][64Bits] -- InterPass3000-4b91-90CB-F11ED46DE178_BOC1.0.14.0424
O42 - Logiciel: SecEditCtl.BOC (only remove) - (.CFCA.) [HKLM][64Bits] -- SecEditCtl.BOC01000009
O42 - Logiciel: npCryptoKit.BOC.x86 (only remove) - (.CFCA.) [HKLM][64Bits] -- npCryptoKit.BOC.x863004005
~ Logic: 26 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Good.iWare]
[HKCU\Software\La Medicale]
[HKCU\Software\Mudlord]
[HKCU\Software\Popcorn Time]
[HKCU\Software\RootGenius_shuame]
[HKCU\Software\U64Emu]
[HKCU\Software\WandouLabs]
[HKCU\Software\XinYi Network]
[HKCU\Software\funkyf@ctory Development]
[HKLM\Software\QSR]
[HKLM\Software\Wow6432Node\CFCA]
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\FTSafe]
[HKLM\Software\Wow6432Node\XinYi Network]
~ Key Software: 370 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/02/2015 - 10:47:52 - [] ----D C:\Program Files (x86)\CFCA
O43 - CFD: 15/02/2015 - 10:48:16 - [] ----D C:\Program Files (x86)\FTSafe
O43 - CFD: 01/04/2015 - 18:20:43 - [0] ----D C:\Program Files (x86)\MyDrive Connect
O43 - CFD: 07/04/2015 - 21:58:24 - [] ----D C:\Program Files (x86)\QSR
O43 - CFD: 08/05/2015 - 17:07:59 - [] ----D C:\Program Files (x86)\ThinkSky
O43 - CFD: 15/04/2015 - 13:32:04 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 07/04/2015 - 22:00:24 - [] ----D C:\ProgramData\QSR
O43 - CFD: 04/10/2014 - 18:23:21 - [] ----D C:\ProgramData\Shuame
O43 - CFD: 16/09/2014 - 21:55:39 - [] ----D C:\ProgramData\Verimatrix
O43 - CFD: 09/12/2013 - 08:57:39 - [] --H-D C:\ProgramData\~1
O43 - CFD: 15/02/2015 - 10:48:23 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOCNET USBKey Management Suite
O43 - CFD: 07/04/2015 - 22:00:32 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QSR
O43 - CFD: 12/04/2011 - 11:27:52 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 03/09/2014 - 21:37:01 - [] ----D C:\Users\CHEN\AppData\Roaming\AdbDriverInstaller
O43 - CFD: 19/02/2015 - 15:09:39 - [] ----D C:\Users\CHEN\AppData\Roaming\library_dir
O43 - CFD: 09/11/2014 - 12:31:33 - [] ----D C:\Users\CHEN\AppData\Roaming\mgyun
O43 - CFD: 22/09/2014 - 21:15:29 - [] ----D C:\Users\CHEN\AppData\Roaming\Shuame
O43 - CFD: 07/11/2014 - 22:22:26 - [] ----D C:\Users\CHEN\AppData\Roaming\TaobaoProtect
O43 - CFD: 15/12/2014 - 18:25:02 - [] ----D C:\Users\CHEN\AppData\Roaming\ThinkSky
O43 - CFD: 04/10/2014 - 15:12:25 - [] ----D C:\Users\CHEN\AppData\Roaming\Wandoujia2
O43 - CFD: 12/07/2014 - 21:21:58 - [] ----D C:\Users\CHEN\AppData\Roaming\WandoujiaUsbDriver
O43 - CFD: 17/11/2014 - 15:10:14 - [] -SH-D C:\Users\CHEN\AppData\Local\EmieBrowserModeList
O43 - CFD: 18/11/2014 - 19:04:55 - [] ----D C:\Users\CHEN\AppData\Local\pangu
O43 - CFD: 29/05/2013 - 16:37:22 - [] ----D C:\Users\CHEN\AppData\Local\SelfExtractible
O43 - CFD: 29/06/2014 - 10:23:14 - [] ----D C:\Users\CHEN\AppData\Local\Wandoujia2
O43 - CFD: 15/02/2015 - 10:47:53 - [] ----D C:\Users\CHEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CFCA
~ Program Folder: 298 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.B5B4C90E9F52DA8586F1E5461AD90A5D] - 03/05/2015 - 20:31:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29168]
~ Files: 20 Legitimates Filtered in 00mn 36s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{3580a58d-336e-11e4-81f7-685d43b8529e}\AutoRun\command. (...) -- F:\Startme.exe (.not file.)
O51 - MPSK:{5f77d867-6a43-11e4-affd-685d43b8529e}\AutoRun\command. (...) -- F:\LG_PC_Programs.exe (.not file.)
O51 - MPSK:{6dfce4e8-c641-11e2-8c4b-685d43b8529e}\AutoRun\command. (...) -- F:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{72bc7d8c-f632-11e3-8f19-685d43b8529e}\AutoRun\command. (...) -- F:\Setup.exe (.not file.)
O51 - MPSK:{949e6302-c86b-11e2-a834-685d43b8529e}\AutoRun\command. (...) -- F:\Setup.exe (.not file.)
O51 - MPSK:{99f66778-f691-11e3-bce0-685d43b8529e}\AutoRun\command. (...) -- F:\Setup.exe (.not file.)
O51 - MPSK:{a07202ee-b4ee-11e4-9aa6-685d43b8529e}\AutoRun\command. (...) -- F:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\iFunBox Fast App Install Handler [Key] . (.i-Funbox.com - File & App Manager for iPhone/iPad.) -- C:\Program Files (x86)\i-Funbox DevTeam\ifunbox_x64.exe
O53 - SMSR:HKLM\...\startupreg\InterPass3000_BOC [Key] . (.Feitian Technologies Co., Ltd. - certreg MFC Application.) -- C:\Program Files (x86)\FTSafe\BOCNET USBKey Management Suite\BOCUsertool.exe
~ SMSR Keys: 8 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:29/07/2013 - 04:01:24 ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapt.) -- C:\Windows\System32\Drivers\AmpPal.sys [164832]
O58 - SDL:03/05/2015 - 20:31:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29168] =>.ALWIL Software
O58 - SDL:03/05/2015 - 20:31:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65736] =>.ALWIL Software
O58 - SDL:03/05/2015 - 20:31:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [272248] =>.ALWIL Software
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:15/12/2014 - 00:59:40 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver.) -- C:\Windows\System32\Drivers\eubakup.sys [60968]
O58 - SDL:15/12/2014 - 00:59:40 ---A- . (...) -- C:\Windows\System32\Drivers\EUBKMON.sys [48168]
O58 - SDL:15/12/2014 - 00:59:40 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver.) -- C:\Windows\System32\Drivers\eudskacs.sys [18472]
O58 - SDL:15/12/2014 - 00:59:40 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver.) -- C:\Windows\System32\Drivers\EuFdDisk.sys [192040]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:01/06/2011 - 20:22:00 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe64.sys [73216]
O58 - SDL:25/05/2011 - 17:23:00 ---A- . (.REDC - RICOH PCIe SDXC/MMC Controller Driver.) -- C:\Windows\System32\Drivers\risdxc64.sys [101888]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:05/11/2014 - 14:16:32 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0).) -- C:\Windows\System32\Drivers\tap0901.sys [27136]
O58 - SDL:28/07/2014 - 13:52:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 109 Legitimates Filtered in 00mn 05s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 03/05/2015 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 103 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\CHEN\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {4949CE88-4765-401F-81D6-7056A0098176} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] (SavePass) =>PUP.CrossRider
~ BCK: 5874 Legitimates Filtered in 00mn 14s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 15/04/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 04/02/2015 280680 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 11/05/2013 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 24/04/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 19/11/2014 268192 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/11/2014 244736 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 05/02/2014 772064 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SR - | Auto 19/01/2015 77128 | (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 03/05/2015 343336 | (avast! Antivirus) . (.Avast Software s.r.o..) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 19/12/2011 1014096 | (Bluetooth Device Monitor) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Demand 19/12/2011 1304912 | (Bluetooth Media Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
SR - | Auto 19/12/2011 1104208 | (Bluetooth OBEX Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 14/06/2004 57344 | (Brother XP spl Service) . (.brother Industries Ltd.) - C:\Windows\SysWOW64\brsvc01a.exe
SR - | Auto 12/09/2012 135984 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 03/09/2014 1243344 | (CAMService) . (.Intel® Corporation.) - C:\Program Files\Intel\CAM\bin\CAMService.exe
SR - | Auto 19/11/2014 638368 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 21/11/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 11/05/2013 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/08/2013 131544 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 06/04/2015 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 27/08/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 27/08/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 14/04/2015 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 14/04/2015 1080120 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 25/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 19/11/2014 157088 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 23/02/2012 65464 | (VAIO Event Service) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
SR - | Auto 10/01/2012 535688 | (VAIO Power Management) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/11/2014 3820960 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 17s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (05/05/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 2

C:\Users\CHEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm =>PUP.iGraal
C:\Users\CHEN\Downloads\Software =>Adware.Boxore
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKCR\CLSID\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] (SavePass) =>PUP.CrossRider^
~ Additionnel Scan: 350981 Items scanned in 00mn 47s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://www.nicolascoolman.fr/blog/ =>PUP.iGraal
http://nicolascoolman.fr/adware-boxore =>Adware.Boxore
~ MSI: 4 link(s) detected in 00mn 00s



~ 1046 Legitimates filtered by white list
End of the scan (542 lines in 03mn 55s)(0.10)

Publicité


Signaler le contenu de ce document

Publicité