Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2015.6.4.54 - Nicolas Coolman (31/05/2015)
~ Lancé par Laurent (11/06/2015 21:02:34)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17801
MFIE: Mozilla Firefox 38.0.5 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
---\\ Logiciels de protection du système
Windows Defender W7 (Activate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 63 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3991 MB (65% free)
System Restore: Activé (Enable)
System drive C: has 189 GB (79%) free of 238 GB
---\\ Mode de connexion au système
~ Computer Name: LAURENT-PC
~ User Name: Laurent
~ All Users Names: Laurent, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Laurent\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Laurent\AppData\Roaming\
~ %Desktop% : C:\Users\Laurent\Desktop\
~ %Favorites% : C:\Users\Laurent\Favorites\
~ %LocalAppData% : C:\Users\Laurent\AppData\Local\
~ %StartMenu% : C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 189 Go of 238 Go)
E: Hard drive, Flash drive, Thumb drive (Free 30 Go of 224 Go)
F: Hard drive, Flash drive, Thumb drive (Free 145 Go of 293 Go)
G: Hard drive, Flash drive, Thumb drive (Free 715 Go of 1570 Go)
H: Hard drive, Flash drive, Thumb drive (Free 281 Go of 1570 Go)
J: CD-ROM drive (Not Inserted)
K: Hard drive, Flash drive, Thumb drive (Free 154 Go of 293 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F0289B3A341429117696F0279DA977B6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2015 - 16:27:25.) -- C:\Windows\System32\wininet.dll [2352128]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 04:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/1067
~ Mon Bureau (My Desktop) : 1/609
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.968EDA6EA6E00DFAE78586BFA6322B74] - (.VIA Technologies, Inc. - usbmonitor.) -- C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe [331776] [PID.2408]
[MD5.F19BB9A114A0F85E6E8C4395322E7191] - (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848] [PID.2780]
[MD5.30D8547AE84A235C53426497D6F80E7C] - (.Creative Technology Ltd - CTXfiHlp MFC Application.) -- C:\Windows\SysWOW64\Ctxfihlp.exe [24576] [PID.2932]
[MD5.C316AFAE719B1C1CE1B903673BC6A641] - (...) -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe [77824] [PID.2988]
[MD5.C3F3FB14E3987ED545EDC2CA315DD8D6] - (.Razer USA Ltd. - razerhid MFC Application.) -- C:\Program Files (x86)\n52te\razerhid.exe [163840] [PID.1992]
[MD5.175596062987D2AD073C0C30C2CC37AB] - (.Brother Industries, Ltd. - ControlCenter Main Process.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe [393216] [PID.2244]
[MD5.2E8DAE04FDC0B3B92BC271FB7B3E6A5D] - (.Micro-Star INT'L CO., LTD. - Live Update 6 Application.) -- C:\Program Files (x86)\MSI\Live Update\Live Update.exe [3454632] [PID.2676]
[MD5.075D7872E7AAD06350A4D687C4237C83] - (.MSI - Super Charger.) -- C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1027024] [PID.3032]
[MD5.89350F1A4BA6B264A6E81A8B44F6C90B] - (.Pas de propriétaire - razertra MFC Application.) -- C:\Program Files (x86)\n52te\razertra.exe [110592] [PID.3308]
[MD5.7663448A86E4D85ACB9549787273D74F] - (.Raptr, Inc - Raptr Desktop App.) -- C:\Program Files (x86)\Raptr\raptr.exe [67344] [PID.3708]
[MD5.B6F7C29ACBD3660A6E61180B2D062DE1] - (.Brother Industries, Ltd. - ControlCenter UX System.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe [1327104] [PID.3768]
[MD5.7C0770247610524831957BF8D841CDAC] - (...) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe [821600] [PID.3784]
[MD5.54FEE207354C708BB2BBAD49E647A04A] - (.Raptr, Inc - Raptr Desktop App.) -- C:\Program Files (x86)\Raptr\raptr_im.exe [45840] [PID.5028]
[MD5.E36900591919DB01DF2B963C4CE384E3] - (.Creative Technology Ltd - SPI (Creative X-Fi Module).) -- C:\Windows\SysWOW64\CTXFISPI.exe [1271808] [PID.4320]
[MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8214016] [PID.3412]
[MD5.5CE3D0E1D1B3832EE052CFC442EEE0FA] - (.Creative Technology Ltd - Creative Audio Service.) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720] [PID.1236]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1964]
[MD5.5C8BC8A28798FD010E7ABC4E0D588CAA] - (.Nero AG - NService Application.) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368] [PID.1980]
[MD5.516E29AD03BDF610CC36A95AE692FE42] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.2140]
[MD5.2B983F067AEE3F9EB4DF5E97F45D21D1] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120] [PID.2432]
[MD5.3269323591C8B104C7F77159F7E5ED56] - (.Micro-Star INT'L CO., LTD. - MSI Live Update Service.) -- C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1736872] [PID.2568]
[MD5.F88CCB54F2B917F03DBFC27E93463035] - (.MSI - Super Charger Service.) -- C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280] [PID.2664]
[MD5.446462BBA744DA60379574926FD51EAB] - (.Pas de propriétaire - PassThruSvr Application.) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912] [PID.2716]
[MD5.E98CED53B8E912D19D9F229B0D299F30] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464] [PID.3180]
[MD5.08C42E275557776BE1367B3DE616D0E3] - (.Intel Corporation - Intel(R) ME Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [132896] [PID.5660]
[MD5.CA295D3E5032DDF8A3CBD1A256E646FA] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496] [PID.5716]
[MD5.ED5C8B920F2ACF11A26586B2FA66BF3D] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [409376] [PID.5344]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [Laurent - n2g5rhbh.default\abs@avira.com] [] Segurança do navegador Avira v1.4.9 (..)
M2 - MFEP: Extension [Laurent - n2g5rhbh.default] abs@avira.com
M2 - MFEP: Extension [Laurent - n2g5rhbh.default] {b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
~ Firefox Browser: 22 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [VIAxHCUtl] C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
O4 - HKLM\..\Run: [MBCfg64] . (.Creative Technology Ltd. - Pas de description.) -- C:\Windows\system32\MBCfg64.dll
O4 - HKLM\..\Run: [Launch LCore] . (.Logitech Inc. - Logitech Gaming Framework.) -- C:\Program Files\Logitech Gaming Software\LCore.exe =>.Logitech Inc
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] . (.Logitech, Inc. - Logitech KHAL Main Process.) -- C:\Windows\KHALMNPR.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdReg] . (.Creative Technology Ltd. - Creative UpdReg.) -- C:\Windows\UpdReg.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [Raptr] . (.Raptr, Inc - Raptr Desktop App.) -- C:\Program Files (x86)\Raptr\raptrstub.exe
O4 - HKLM\..\Wow6432Node\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Wow6432Node\Run: [ControlCenter4] . (.Brother Industries, Ltd. - ControlCenter Launcher.) -- C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
O4 - HKLM\..\Wow6432Node\Run: [BrStsMon00] . (.Brother Industries, Ltd. - Status Monitor Application.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
O4 - HKLM\..\Wow6432Node\Run: [Jomantha] . (.Razer USA Ltd. - razerhid MFC Application.) -- C:\Program Files (x86)\n52te\razerhid.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [Live Update] . (.Micro-Star INT'L CO., LTD. - Live Update 6 Application.) -- C:\Program Files (x86)\MSI\Live Update\Live Update.exe
O4 - HKLM\..\Wow6432Node\Run: [Super Charger] . (.MSI - Super Charger.) -- C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Skype for Business Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office 15\root\Office15\lync.exe
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{383F0A92-1CBB-4964-BD36-20FB793E75B5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{76FBB315-9602-4DD8-8436-CE46CEDF9C38}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{383F0A92-1CBB-4964-BD36-20FB793E75B5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{76FBB315-9602-4DD8-8436-CE46CEDF9C38}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{383F0A92-1CBB-4964-BD36-20FB793E75B5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{76FBB315-9602-4DD8-8436-CE46CEDF9C38}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Killer Service V2 (Killer Service V2) . (.Rivet Networks - Killer Network Service.) - C:\Program Files\Killer Networking\Network Manager\KillerService.exe
~ Services: 17 Legitimates Filtered in 00mn 07s
---\\ Tâches planifiées en automatique (O39)
[MD5.EC62720A72C1ACD6AB638C0D7D10F431] [APT] [IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473] (...) -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368]
[MD5.EC62720A72C1ACD6AB638C0D7D10F431] [APT] [IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon] (...) -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368]
[MD5.2A5C656B0A364580E578B26EAE2EE889] [APT] [klcp_update] (...) -- C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1173504]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
~ Scheduled Task: 7 Legitimates Filtered in 00mn 01s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (BfLwf) . (.Rivet Networks, LLC. - Killer Bandwidth Control Filter Driver.) - C:\Windows\System32\DRIVERS\bflwfx64.sys
~ Drivers: 63 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Killer E220x Drivers - (.Rivet Networks.) [HKLM][64Bits] -- {5CF9FE6F-7EBC-4391-8547-C8F9D83890B4}
O42 - Logiciel: Killer Network Manager - (.Rivet Networks.) [HKLM][64Bits] -- {E1635028-06FE-4E4D-B471-A28B429C837C}
O42 - Logiciel: Minion - (.ZAM Network LLC.) [HKCU][64Bits] -- {Minion}}_is1
O42 - Logiciel: Ori and the Blind Forest - (...) [HKLM][64Bits] -- Ori and the Blind Forest_is1
O42 - Logiciel: Timed Shutdown - (.Tinnes Software.) [HKLM][64Bits] -- Timed Shutdown_is1
~ Logic: 31 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Killer]
[HKLM\Software\Wow6432Node\Wow6432Note]
[HKLM\Software\Wow6432Node\Zenimax_Online]
~ Key Software: 318 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/02/2015 - 22:43:22 - [] ----D C:\Program Files (x86)\SafeIP
O43 - CFD: 10/04/2015 - 14:00:16 - [] ----D C:\ProgramData\Elder Scrolls Online
O43 - CFD: 11/06/2015 - 18:05:49 - [] ----D C:\ProgramData\Killer
O43 - CFD: 11/06/2015 - 18:03:55 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
O43 - CFD: 18/05/2015 - 19:55:48 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ori and the Blind Forest
O43 - CFD: 12/04/2011 - 11:27:56 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 21/12/2014 - 23:46:38 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Timed Shutdown
O43 - CFD: 23/03/2015 - 00:13:30 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XXCLONE
O43 - CFD: 21/12/2014 - 15:23:41 - [] ----D C:\Users\Laurent\AppData\Roaming\library_dir
O43 - CFD: 21/12/2014 - 19:22:52 - [] ----D C:\Users\Laurent\AppData\Roaming\rmi
O43 - CFD: 11/06/2015 - 18:33:16 - [0] -SH-D C:\Users\Laurent\AppData\Local\EmieBrowserModeList
O43 - CFD: 19/04/2015 - 16:56:24 - [] ----D C:\Users\Laurent\AppData\Local\Minion
O43 - CFD: 18/05/2015 - 21:49:56 - [] ----D C:\Users\Laurent\AppData\Local\Ori and the Blind Forest
O43 - CFD: 19/04/2015 - 16:56:29 - [] ----D C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZAM Network LLC
~ Program Folder: 247 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.5374B2917238387B27CE17C56BA69E59] - 01/06/2015 - 22:13:32 ---A- . (.SteelSeries ApS - SteelSeries Device Factory Driver.) -- C:\Windows\System32\Drivers\ssdevfactory.sys [32792]
O44 - LFC:[MD5.79D5E84AE99A05E707F2CD4308238AE6] - 01/06/2015 - 22:13:32 ---A- . (.SteelSeries ApS - SteelSeries HID Driver.) -- C:\Windows\System32\Drivers\sshid.sys [43616]
O44 - LFC:[MD5.30FB27DDE4A2A92A459369B1AF974940] - 01/06/2015 - 22:13:32 ---A- . (.Windows (R) Win 7 DDK provider - Filter Driver for HID-KMDF Interface.) -- C:\Windows\System32\Drivers\hidkmdf.sys [8704]
O44 - LFC:[MD5.1C077E50D2E6AB87A7ED48E4A6834763] - 10/06/2015 - 18:47:51 ---A- . (...) -- C:\Windows\DPINST.LOG [51354]
O44 - LFC:[MD5.7839F72821DD28BB7A50E557B0B9CA76] - 10/06/2015 - 18:49:49 ---A- . (...) -- C:\IFRToolLog.txt [1947]
O44 - LFC:[MD5.5772BCDC01DAD5DA962576581AF66B2A] - 10/06/2015 - 21:32:42 ---A- . (...) -- C:\Windows\LDPINST.LOG [22764]
O44 - LFC:[MD5.AD760D102C63628BA796C786AFEF47E7] - 11/06/2015 - 18:18:57 ---A- . (...) -- C:\RHDSetup.log [2309]
O44 - LFC:[MD5.3A9470185B1139774D071DD6D0B905F5] - 11/06/2015 - 18:48:21 ---A- . (...) -- C:\Windows\LkmdfCoInst.log [2763]
O44 - LFC:[MD5.CBF18FA277DF434D9D0468557F119812] - 11/06/2015 - 18:59:45 ---A- . (...) -- C:\Windows\ntbtlog.txt [526746]
~ Files: 91 Legitimates Filtered in 00mn 01s
---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{a0bd6664-c5a5-11e4-b2a2-d8cb8a179111}\AutoRun\command. (...) -- L:\HTC_Sync_Manager_PC.exe (.not file.)
O51 - MPSK:{a98007dd-8dbe-11e4-a33a-806e6f6e6963}\AutoRun\command. (...) -- K:\HTC_Sync_Manager_PC.exe (.not file.)
O51 - MPSK:{bfa04aee-891c-11e4-90f2-d8cb8a179111}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
O51 - MPSK:{ff948191-8da5-11e4-a21f-d8cb8a179111}\AutoRun\command. (...) -- L:\HTC_Sync_Manager_PC.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 12 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:29/01/2015 - 14:56:36 ---A- . (.Rivet Networks, LLC. - Killer Bandwidth Control Filter Driver.) -- C:\Windows\System32\Drivers\bflwfx64.sys [100400]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/05/2013 - 12:13:12 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver.) -- C:\Windows\System32\Drivers\eubakup.sys [59976]
O58 - SDL:10/05/2013 - 12:21:38 ---A- . (...) -- C:\Windows\System32\Drivers\EUBKMON.sys [48200]
O58 - SDL:10/05/2013 - 12:16:22 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver.) -- C:\Windows\System32\Drivers\eudskacs.sys [18504]
O58 - SDL:10/05/2013 - 12:24:48 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver.) -- C:\Windows\System32\Drivers\EuFdDisk.sys [189000]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:01/06/2015 - 22:13:32 ---A- . (.Windows (R) Win 7 DDK provider - Filter Driver for HID-KMDF Interface.) -- C:\Windows\System32\Drivers\hidkmdf.sys [8704]
O58 - SDL:17/10/2013 - 15:27:02 ---A- . (.Windows (R) Win 7 DDK provider - RawPacket NDIS Protocol Driver.) -- C:\Windows\System32\Drivers\htcnprot.sys [36928]
O58 - SDL:29/09/2007 - 01:04:58 ---A- . (...) -- C:\Windows\System32\Drivers\JmtFltr.sys [46464]
O58 - SDL:21/12/2014 - 15:21:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680]
O58 - SDL:01/06/2015 - 22:13:32 ---A- . (.SteelSeries ApS - SteelSeries Device Factory Driver.) -- C:\Windows\System32\Drivers\ssdevfactory.sys [32792]
O58 - SDL:01/06/2015 - 22:13:32 ---A- . (.SteelSeries ApS - SteelSeries HID Driver.) -- C:\Windows\System32\Drivers\sshid.sys [43616]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:29/09/2007 - 01:21:58 ---A- . (.Windows (R) Codename Longhorn DDK provider - Virtual Hid Device.) -- C:\Windows\System32\Drivers\vhidmini.sys [13952]
~ Drivers: 93 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 29/01/2015 - C:\Windows\System32\DRIVERS\bflwfx64.sys (BfLwf) .(.Rivet Networks, LLC. - Killer Bandwidth Control Filter Driver.) - LEGACY_BFLWF
~ Legacy: 90 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 11/06/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 05/06/2012 266240 | (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files (x86)\Browny02\BrYNSvc.exe
SS - | Demand 22/12/2014 79360 | (Creative Audio Engine Licensing Service) . (.Creative Labs.) - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
SS - | Demand 31/01/2014 887232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 09/04/2014 174368 | (iumsvc) . (...) - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
SS - | Demand 10/06/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/06/2015 24576 | (SetupARService) . (.Realtek Semiconductor..) - C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 08/02/2014 569024 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/11/2014 244736 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 12/02/2010 286720 | (CTAudSvcService) . (.Creative Technology Ltd.) - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
SR - | Auto 27/06/2014 87368 | (HTCMonitorService) . (.Nero AG.) - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
SR - | Auto 10/11/2014 132896 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 10/11/2014 158496 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 05/02/2015 386560 | (Killer Service V2) . (.Rivet Networks.) - C:\Program Files\Killer Networking\Network Manager\KillerService.exe
SR - | Auto 10/11/2014 409376 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 14/04/2015 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 14/04/2015 1080120 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 08/06/2015 1736872 | (MSI_LiveUpdate_Service) . (.Micro-Star INT'L CO., LTD..) - C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
SR - | Auto 18/05/2015 163280 | (MSI_SuperCharger) . (.MSI.) - C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
SR - | Auto 17/10/2013 166912 | (PassThru Service) . (...) - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
SR - | Auto 30/03/2015 5448464 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:21/12/2014 - 15:21:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680]
~ Emulateurs: Scanned in 00mn 07s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (31/05/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 263851 Items scanned in 00mn 11s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s
~ 964 Legitimates filtered by white list
End of the scan (438 lines in 00mn 38s)(0.8)
~ Lancé par Laurent (11/06/2015 21:02:34)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17801
MFIE: Mozilla Firefox 38.0.5 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
---\\ Logiciels de protection du système
Windows Defender W7 (Activate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 63 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3991 MB (65% free)
System Restore: Activé (Enable)
System drive C: has 189 GB (79%) free of 238 GB
---\\ Mode de connexion au système
~ Computer Name: LAURENT-PC
~ User Name: Laurent
~ All Users Names: Laurent, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Laurent\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Laurent\AppData\Roaming\
~ %Desktop% : C:\Users\Laurent\Desktop\
~ %Favorites% : C:\Users\Laurent\Favorites\
~ %LocalAppData% : C:\Users\Laurent\AppData\Local\
~ %StartMenu% : C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 189 Go of 238 Go)
E: Hard drive, Flash drive, Thumb drive (Free 30 Go of 224 Go)
F: Hard drive, Flash drive, Thumb drive (Free 145 Go of 293 Go)
G: Hard drive, Flash drive, Thumb drive (Free 715 Go of 1570 Go)
H: Hard drive, Flash drive, Thumb drive (Free 281 Go of 1570 Go)
J: CD-ROM drive (Not Inserted)
K: Hard drive, Flash drive, Thumb drive (Free 154 Go of 293 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F0289B3A341429117696F0279DA977B6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2015 - 16:27:25.) -- C:\Windows\System32\wininet.dll [2352128]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 04:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/1067
~ Mon Bureau (My Desktop) : 1/609
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.968EDA6EA6E00DFAE78586BFA6322B74] - (.VIA Technologies, Inc. - usbmonitor.) -- C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe [331776] [PID.2408]
[MD5.F19BB9A114A0F85E6E8C4395322E7191] - (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848] [PID.2780]
[MD5.30D8547AE84A235C53426497D6F80E7C] - (.Creative Technology Ltd - CTXfiHlp MFC Application.) -- C:\Windows\SysWOW64\Ctxfihlp.exe [24576] [PID.2932]
[MD5.C316AFAE719B1C1CE1B903673BC6A641] - (...) -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe [77824] [PID.2988]
[MD5.C3F3FB14E3987ED545EDC2CA315DD8D6] - (.Razer USA Ltd. - razerhid MFC Application.) -- C:\Program Files (x86)\n52te\razerhid.exe [163840] [PID.1992]
[MD5.175596062987D2AD073C0C30C2CC37AB] - (.Brother Industries, Ltd. - ControlCenter Main Process.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe [393216] [PID.2244]
[MD5.2E8DAE04FDC0B3B92BC271FB7B3E6A5D] - (.Micro-Star INT'L CO., LTD. - Live Update 6 Application.) -- C:\Program Files (x86)\MSI\Live Update\Live Update.exe [3454632] [PID.2676]
[MD5.075D7872E7AAD06350A4D687C4237C83] - (.MSI - Super Charger.) -- C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1027024] [PID.3032]
[MD5.89350F1A4BA6B264A6E81A8B44F6C90B] - (.Pas de propriétaire - razertra MFC Application.) -- C:\Program Files (x86)\n52te\razertra.exe [110592] [PID.3308]
[MD5.7663448A86E4D85ACB9549787273D74F] - (.Raptr, Inc - Raptr Desktop App.) -- C:\Program Files (x86)\Raptr\raptr.exe [67344] [PID.3708]
[MD5.B6F7C29ACBD3660A6E61180B2D062DE1] - (.Brother Industries, Ltd. - ControlCenter UX System.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe [1327104] [PID.3768]
[MD5.7C0770247610524831957BF8D841CDAC] - (...) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe [821600] [PID.3784]
[MD5.54FEE207354C708BB2BBAD49E647A04A] - (.Raptr, Inc - Raptr Desktop App.) -- C:\Program Files (x86)\Raptr\raptr_im.exe [45840] [PID.5028]
[MD5.E36900591919DB01DF2B963C4CE384E3] - (.Creative Technology Ltd - SPI (Creative X-Fi Module).) -- C:\Windows\SysWOW64\CTXFISPI.exe [1271808] [PID.4320]
[MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8214016] [PID.3412]
[MD5.5CE3D0E1D1B3832EE052CFC442EEE0FA] - (.Creative Technology Ltd - Creative Audio Service.) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720] [PID.1236]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.1964]
[MD5.5C8BC8A28798FD010E7ABC4E0D588CAA] - (.Nero AG - NService Application.) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368] [PID.1980]
[MD5.516E29AD03BDF610CC36A95AE692FE42] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160] [PID.2140]
[MD5.2B983F067AEE3F9EB4DF5E97F45D21D1] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120] [PID.2432]
[MD5.3269323591C8B104C7F77159F7E5ED56] - (.Micro-Star INT'L CO., LTD. - MSI Live Update Service.) -- C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1736872] [PID.2568]
[MD5.F88CCB54F2B917F03DBFC27E93463035] - (.MSI - Super Charger Service.) -- C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280] [PID.2664]
[MD5.446462BBA744DA60379574926FD51EAB] - (.Pas de propriétaire - PassThruSvr Application.) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912] [PID.2716]
[MD5.E98CED53B8E912D19D9F229B0D299F30] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464] [PID.3180]
[MD5.08C42E275557776BE1367B3DE616D0E3] - (.Intel Corporation - Intel(R) ME Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [132896] [PID.5660]
[MD5.CA295D3E5032DDF8A3CBD1A256E646FA] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496] [PID.5716]
[MD5.ED5C8B920F2ACF11A26586B2FA66BF3D] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [409376] [PID.5344]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [Laurent - n2g5rhbh.default\abs@avira.com] [] Segurança do navegador Avira v1.4.9 (..)
M2 - MFEP: Extension [Laurent - n2g5rhbh.default] abs@avira.com
M2 - MFEP: Extension [Laurent - n2g5rhbh.default] {b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
~ Firefox Browser: 22 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [VIAxHCUtl] C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
O4 - HKLM\..\Run: [MBCfg64] . (.Creative Technology Ltd. - Pas de description.) -- C:\Windows\system32\MBCfg64.dll
O4 - HKLM\..\Run: [Launch LCore] . (.Logitech Inc. - Logitech Gaming Framework.) -- C:\Program Files\Logitech Gaming Software\LCore.exe =>.Logitech Inc
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] . (.Logitech, Inc. - Logitech KHAL Main Process.) -- C:\Windows\KHALMNPR.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdReg] . (.Creative Technology Ltd. - Creative UpdReg.) -- C:\Windows\UpdReg.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [Raptr] . (.Raptr, Inc - Raptr Desktop App.) -- C:\Program Files (x86)\Raptr\raptrstub.exe
O4 - HKLM\..\Wow6432Node\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Wow6432Node\Run: [ControlCenter4] . (.Brother Industries, Ltd. - ControlCenter Launcher.) -- C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
O4 - HKLM\..\Wow6432Node\Run: [BrStsMon00] . (.Brother Industries, Ltd. - Status Monitor Application.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
O4 - HKLM\..\Wow6432Node\Run: [Jomantha] . (.Razer USA Ltd. - razerhid MFC Application.) -- C:\Program Files (x86)\n52te\razerhid.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [Live Update] . (.Micro-Star INT'L CO., LTD. - Live Update 6 Application.) -- C:\Program Files (x86)\MSI\Live Update\Live Update.exe
O4 - HKLM\..\Wow6432Node\Run: [Super Charger] . (.MSI - Super Charger.) -- C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Skype for Business Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office 15\root\Office15\lync.exe
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{383F0A92-1CBB-4964-BD36-20FB793E75B5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{76FBB315-9602-4DD8-8436-CE46CEDF9C38}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{383F0A92-1CBB-4964-BD36-20FB793E75B5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{76FBB315-9602-4DD8-8436-CE46CEDF9C38}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{383F0A92-1CBB-4964-BD36-20FB793E75B5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{76FBB315-9602-4DD8-8436-CE46CEDF9C38}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Killer Service V2 (Killer Service V2) . (.Rivet Networks - Killer Network Service.) - C:\Program Files\Killer Networking\Network Manager\KillerService.exe
~ Services: 17 Legitimates Filtered in 00mn 07s
---\\ Tâches planifiées en automatique (O39)
[MD5.EC62720A72C1ACD6AB638C0D7D10F431] [APT] [IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473] (...) -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368]
[MD5.EC62720A72C1ACD6AB638C0D7D10F431] [APT] [IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon] (...) -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368]
[MD5.2A5C656B0A364580E578B26EAE2EE889] [APT] [klcp_update] (...) -- C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1173504]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
~ Scheduled Task: 7 Legitimates Filtered in 00mn 01s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (BfLwf) . (.Rivet Networks, LLC. - Killer Bandwidth Control Filter Driver.) - C:\Windows\System32\DRIVERS\bflwfx64.sys
~ Drivers: 63 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Killer E220x Drivers - (.Rivet Networks.) [HKLM][64Bits] -- {5CF9FE6F-7EBC-4391-8547-C8F9D83890B4}
O42 - Logiciel: Killer Network Manager - (.Rivet Networks.) [HKLM][64Bits] -- {E1635028-06FE-4E4D-B471-A28B429C837C}
O42 - Logiciel: Minion - (.ZAM Network LLC.) [HKCU][64Bits] -- {Minion}}_is1
O42 - Logiciel: Ori and the Blind Forest - (...) [HKLM][64Bits] -- Ori and the Blind Forest_is1
O42 - Logiciel: Timed Shutdown - (.Tinnes Software.) [HKLM][64Bits] -- Timed Shutdown_is1
~ Logic: 31 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Killer]
[HKLM\Software\Wow6432Node\Wow6432Note]
[HKLM\Software\Wow6432Node\Zenimax_Online]
~ Key Software: 318 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/02/2015 - 22:43:22 - [] ----D C:\Program Files (x86)\SafeIP
O43 - CFD: 10/04/2015 - 14:00:16 - [] ----D C:\ProgramData\Elder Scrolls Online
O43 - CFD: 11/06/2015 - 18:05:49 - [] ----D C:\ProgramData\Killer
O43 - CFD: 11/06/2015 - 18:03:55 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
O43 - CFD: 18/05/2015 - 19:55:48 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ori and the Blind Forest
O43 - CFD: 12/04/2011 - 11:27:56 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 21/12/2014 - 23:46:38 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Timed Shutdown
O43 - CFD: 23/03/2015 - 00:13:30 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XXCLONE
O43 - CFD: 21/12/2014 - 15:23:41 - [] ----D C:\Users\Laurent\AppData\Roaming\library_dir
O43 - CFD: 21/12/2014 - 19:22:52 - [] ----D C:\Users\Laurent\AppData\Roaming\rmi
O43 - CFD: 11/06/2015 - 18:33:16 - [0] -SH-D C:\Users\Laurent\AppData\Local\EmieBrowserModeList
O43 - CFD: 19/04/2015 - 16:56:24 - [] ----D C:\Users\Laurent\AppData\Local\Minion
O43 - CFD: 18/05/2015 - 21:49:56 - [] ----D C:\Users\Laurent\AppData\Local\Ori and the Blind Forest
O43 - CFD: 19/04/2015 - 16:56:29 - [] ----D C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZAM Network LLC
~ Program Folder: 247 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.5374B2917238387B27CE17C56BA69E59] - 01/06/2015 - 22:13:32 ---A- . (.SteelSeries ApS - SteelSeries Device Factory Driver.) -- C:\Windows\System32\Drivers\ssdevfactory.sys [32792]
O44 - LFC:[MD5.79D5E84AE99A05E707F2CD4308238AE6] - 01/06/2015 - 22:13:32 ---A- . (.SteelSeries ApS - SteelSeries HID Driver.) -- C:\Windows\System32\Drivers\sshid.sys [43616]
O44 - LFC:[MD5.30FB27DDE4A2A92A459369B1AF974940] - 01/06/2015 - 22:13:32 ---A- . (.Windows (R) Win 7 DDK provider - Filter Driver for HID-KMDF Interface.) -- C:\Windows\System32\Drivers\hidkmdf.sys [8704]
O44 - LFC:[MD5.1C077E50D2E6AB87A7ED48E4A6834763] - 10/06/2015 - 18:47:51 ---A- . (...) -- C:\Windows\DPINST.LOG [51354]
O44 - LFC:[MD5.7839F72821DD28BB7A50E557B0B9CA76] - 10/06/2015 - 18:49:49 ---A- . (...) -- C:\IFRToolLog.txt [1947]
O44 - LFC:[MD5.5772BCDC01DAD5DA962576581AF66B2A] - 10/06/2015 - 21:32:42 ---A- . (...) -- C:\Windows\LDPINST.LOG [22764]
O44 - LFC:[MD5.AD760D102C63628BA796C786AFEF47E7] - 11/06/2015 - 18:18:57 ---A- . (...) -- C:\RHDSetup.log [2309]
O44 - LFC:[MD5.3A9470185B1139774D071DD6D0B905F5] - 11/06/2015 - 18:48:21 ---A- . (...) -- C:\Windows\LkmdfCoInst.log [2763]
O44 - LFC:[MD5.CBF18FA277DF434D9D0468557F119812] - 11/06/2015 - 18:59:45 ---A- . (...) -- C:\Windows\ntbtlog.txt [526746]
~ Files: 91 Legitimates Filtered in 00mn 01s
---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{a0bd6664-c5a5-11e4-b2a2-d8cb8a179111}\AutoRun\command. (...) -- L:\HTC_Sync_Manager_PC.exe (.not file.)
O51 - MPSK:{a98007dd-8dbe-11e4-a33a-806e6f6e6963}\AutoRun\command. (...) -- K:\HTC_Sync_Manager_PC.exe (.not file.)
O51 - MPSK:{bfa04aee-891c-11e4-90f2-d8cb8a179111}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
O51 - MPSK:{ff948191-8da5-11e4-a21f-d8cb8a179111}\AutoRun\command. (...) -- L:\HTC_Sync_Manager_PC.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 12 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:29/01/2015 - 14:56:36 ---A- . (.Rivet Networks, LLC. - Killer Bandwidth Control Filter Driver.) -- C:\Windows\System32\Drivers\bflwfx64.sys [100400]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/05/2013 - 12:13:12 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver.) -- C:\Windows\System32\Drivers\eubakup.sys [59976]
O58 - SDL:10/05/2013 - 12:21:38 ---A- . (...) -- C:\Windows\System32\Drivers\EUBKMON.sys [48200]
O58 - SDL:10/05/2013 - 12:16:22 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver.) -- C:\Windows\System32\Drivers\eudskacs.sys [18504]
O58 - SDL:10/05/2013 - 12:24:48 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver.) -- C:\Windows\System32\Drivers\EuFdDisk.sys [189000]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:01/06/2015 - 22:13:32 ---A- . (.Windows (R) Win 7 DDK provider - Filter Driver for HID-KMDF Interface.) -- C:\Windows\System32\Drivers\hidkmdf.sys [8704]
O58 - SDL:17/10/2013 - 15:27:02 ---A- . (.Windows (R) Win 7 DDK provider - RawPacket NDIS Protocol Driver.) -- C:\Windows\System32\Drivers\htcnprot.sys [36928]
O58 - SDL:29/09/2007 - 01:04:58 ---A- . (...) -- C:\Windows\System32\Drivers\JmtFltr.sys [46464]
O58 - SDL:21/12/2014 - 15:21:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680]
O58 - SDL:01/06/2015 - 22:13:32 ---A- . (.SteelSeries ApS - SteelSeries Device Factory Driver.) -- C:\Windows\System32\Drivers\ssdevfactory.sys [32792]
O58 - SDL:01/06/2015 - 22:13:32 ---A- . (.SteelSeries ApS - SteelSeries HID Driver.) -- C:\Windows\System32\Drivers\sshid.sys [43616]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:29/09/2007 - 01:21:58 ---A- . (.Windows (R) Codename Longhorn DDK provider - Virtual Hid Device.) -- C:\Windows\System32\Drivers\vhidmini.sys [13952]
~ Drivers: 93 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 29/01/2015 - C:\Windows\System32\DRIVERS\bflwfx64.sys (BfLwf) .(.Rivet Networks, LLC. - Killer Bandwidth Control Filter Driver.) - LEGACY_BFLWF
~ Legacy: 90 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 11/06/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 05/06/2012 266240 | (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files (x86)\Browny02\BrYNSvc.exe
SS - | Demand 22/12/2014 79360 | (Creative Audio Engine Licensing Service) . (.Creative Labs.) - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
SS - | Demand 31/01/2014 887232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 09/04/2014 174368 | (iumsvc) . (...) - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
SS - | Demand 10/06/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/06/2015 24576 | (SetupARService) . (.Realtek Semiconductor..) - C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 08/02/2014 569024 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/11/2014 244736 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 12/02/2010 286720 | (CTAudSvcService) . (.Creative Technology Ltd.) - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
SR - | Auto 27/06/2014 87368 | (HTCMonitorService) . (.Nero AG.) - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
SR - | Auto 10/11/2014 132896 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 10/11/2014 158496 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 05/02/2015 386560 | (Killer Service V2) . (.Rivet Networks.) - C:\Program Files\Killer Networking\Network Manager\KillerService.exe
SR - | Auto 10/11/2014 409376 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 14/04/2015 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 14/04/2015 1080120 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 08/06/2015 1736872 | (MSI_LiveUpdate_Service) . (.Micro-Star INT'L CO., LTD..) - C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
SR - | Auto 18/05/2015 163280 | (MSI_SuperCharger) . (.MSI.) - C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
SR - | Auto 17/10/2013 166912 | (PassThru Service) . (...) - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
SR - | Auto 30/03/2015 5448464 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:21/12/2014 - 15:21:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680]
~ Emulateurs: Scanned in 00mn 07s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (31/05/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 263851 Items scanned in 00mn 11s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s
~ 964 Legitimates filtered by white list
End of the scan (438 lines in 00mn 38s)(0.8)