cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.5.8.47 - Nicolas Coolman (05/05/2015)
~ Lancé par devje (25/12/2015 17:55:35)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.20.10586.0 (Defaut)
GCIE: Google Chrome v47.0.2526.106

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows(R) Operating System, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : 8HVX7
Windows License : OK
~ Windows Remaining Initializations Number : 1001
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 10 Home, 64-bit (Build 10586)

---\\ Logiciels de protection du système
Avast Internet Security v11.1.2245
Emsisoft Anti-Malware
Malwarebytes Anti-Malware version 2.2.0.1024

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 20 PPAPI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6076 MB (21% free)
System Restore: Activé (Enable)
System drive C: has 494 GB (72%) free of 677 GB

---\\ Mode de connexion au système
~ Computer Name: DEVJEA
~ User Name: devje
~ All Users Names: HomeGroupUser$, devje, DefaultAccount, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\devje\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\devje\AppData\Roaming\
~ %Desktop% : C:\Users\devje\Desktop\
~ %Favorites% : C:\Users\devje\Favorites\
~ %LocalAppData% : C:\Users\devje\AppData\Local\
~ %StartMenu% : C:\Users\devje\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 494 Go of 677 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 20 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Hard drive, Flash drive, Thumb drive (Free 1236 Go of 1863 Go)
I: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)
J: Hard drive, Flash drive, Thumb drive (Free 197 Go of 932 Go)
M: Hard drive, Flash drive, Thumb drive (Free 403 Go of 1863 Go)
N: Hard drive, Flash drive, Thumb drive (Free 389 Go of 1863 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.4572EB3DDBD2DFA10DE7A037A6CC6D53] - (.Microsoft Corporation - Explorateur Windows.) (.30/10/2015 - 11:18:10.) -- C:\Windows\Explorer.exe [4502864]
[MD5.CAD491DD9EC00BB841EA407D9C498C4A] - (.Microsoft Corporation - Application de démarrage de Windows.) (.30/10/2015 - 11:17:53.) -- C:\Windows\System32\Wininit.exe [290856]
[MD5.AB4C1A9F37C0B8467AC923ED4AD727D6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/12/2015 - 12:47:17.) -- C:\Windows\System32\wininet.dll [2647552]
[MD5.46C8E60DEDBDA95C102D1B2E74676578] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.30/10/2015 - 11:17:53.) -- C:\Windows\System32\Winlogon.exe [584704]
[MD5.9EEAA1B69DC3FD620AE576CC8F4147DC] - (.Microsoft Corporation - Bibliothèque de licences.) (.30/10/2015 - 11:17:52.) -- C:\Windows\System32\sppcomapi.dll [430592]
[MD5.70148EFA9A562E7185B75BBE7D376BF7] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.12/12/2015 - 12:47:23.) -- C:\Windows\system32\Drivers\AFD.sys [578912]
[MD5.492B99D2E3D5D7BFD5F0AE1BE7BD37DD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.30/10/2015 - 11:17:23.) -- C:\Windows\system32\Drivers\atapi.sys [28512]
[MD5.7F9C7226D743B232907ED2537B8A574F] - (.Microsoft Corporation - CD-ROM File System Driver.) (.30/10/2015 - 11:18:09.) -- C:\Windows\system32\Drivers\Cdfs.sys [92672]
[MD5.82D97776BF982AA143BDC7DFB5054EA8] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.30/10/2015 - 11:17:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [173568]
[MD5.C9478D7DB7BE5D7ACE65CB1167F07320] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.30/10/2015 - 11:17:58.) -- C:\Windows\system32\Drivers\DfsC.sys [148480]
[MD5.84BC034B6BB763733C1949B7B9BAF976] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.30/10/2015 - 11:17:18.) -- C:\Windows\system32\Drivers\HDAudBus.sys [79872]
[MD5.53FDD9E69189E546DE4740F8C4D8AB2F] - (.Microsoft Corporation - Pilote de port i8042.) (.30/10/2015 - 11:17:23.) -- C:\Windows\system32\Drivers\i8042prt.sys [114688]
[MD5.9E5E8F2A1996F23B7E9687846AA81B01] - (.Microsoft Corporation - IP Network Address Translator.) (.30/10/2015 - 11:17:43.) -- C:\Windows\system32\Drivers\IpNat.sys [143360]
[MD5.61F9F27A8C3D7BCD287FE98A440421CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.30/10/2015 - 11:17:58.) -- C:\Windows\system32\Drivers\MRxSmb.sys [430944]
[MD5.F51C02D992A8D6BC5EC4D990F227D4C7] - (.Microsoft Corporation - MBT Transport driver.) (.30/10/2015 - 11:18:08.) -- C:\Windows\system32\Drivers\netBT.sys [279552]
[MD5.EFEFC245B884B1BE0401931398DCD707] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/12/2015 - 12:47:23.) -- C:\Windows\system32\Drivers\ntfs.sys [2152800]
[MD5.7D0FC96264C0F8F2C1321E33E8EB646C] - (.Microsoft Corporation - Pilote de port parallèle.) (.30/10/2015 - 11:17:23.) -- C:\Windows\system32\Drivers\Parport.sys [96768]
[MD5.381B8F2311A0375676B635EA5E7C8AB0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.30/10/2015 - 11:17:41.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [104960]
[MD5.1DC2CC74B51E4DC4CD5A20C1021E4010] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/10/2015 - 23:02:52.) -- C:\Windows\system32\Drivers\rdpdr.sys [173056]
[MD5.91D3F2A6253EF83EFBD7903028F58C4D] - (.Microsoft Corporation - TDI Translation Driver.) (.12/12/2015 - 12:47:24.) -- C:\Windows\system32\Drivers\tdx.sys [118624]
[MD5.E1F91A727A04C9F8199D04FF3BBBF63C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.30/10/2015 - 11:17:22.) -- C:\Windows\system32\Drivers\volsnap.sys [414560]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1415
~ Mes musiques (My Musics) : 3/1811
~ Mes Videos (My Videos) : 1/295
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/21244
~ Mon Bureau (My Desktop) : 1/46
~ Menu demarrer (Programs) : 1/47
~ Hidden Files: Scanned in 01mn 09s



---\\ Processus lancés
[MD5.BABBBDEF9DBB5E012EE5210FCB47C33B] - (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [9832760] [PID.7564]
[MD5.A7BFC2C5D570EC93720DABC8B85ADEF9] - (...) -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe [144384] [PID.7316]
[MD5.463C40BFC0FB8FF59049E2CA78695A40] - (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872] [PID.10012]
[MD5.F1023087ACFE52D0D206F9E2E161C7A7] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224] [PID.4172]
[MD5.D1C8B0DC04347B6B9B5B3B9204DF6756] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904] [PID.2952]
[MD5.C044E34992803F3748F4284871E124C0] - (.Pas de propriétaire - MeraGana Service.) -- C:\Program Files (x86)\MeraGana\MeraGanaService.exe [25600] [PID.6540]
[MD5.8A312D5764B4FC4C55CEDDEED4652CF1] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880] [PID.8304]
[MD5.C3907C84263959C2C31A41F72C6B06F6] - (.Pas de propriétaire - CPMonitor Application.) -- C:\Program Files (x86)\Roxio Creator 2009\5.0\CPMonitor.exe [80368] [PID.10444]
[MD5.9B6AEA1992775510CB9014AD6860D146] - (.Dropbox, Inc. - Dropbox.) -- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456] [PID.10352]
[MD5.CF5B864769B0EF13555A5ADD665DAA39] - (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe [509216] [PID.9144]
[MD5.793D7221E5EC69EA615349A13B702B8C] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528] [PID.10516]
[MD5.116DEB71DF3EADB8D82163EA565E1320] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hp\HP System Event\HPMSGSVC.exe [657424] [PID.10736]
[MD5.F3546CB6B3994CF4D3668C6D096D34E7] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [50137728] [PID.14932]
[MD5.20989BBD2114539B5C21948E94F6E11E] - (.Pas de propriétaire - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192] [PID.9944]
[MD5.E8DEC4C2DD3F88F49ECA9808189DD763] - (.Apowersoft - Streaming Video Recorder.) -- C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe [3694416] [PID.13492]
[MD5.2727208EA26F6B6DA898AB6890417214] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8208384] [PID.2684]
[MD5.F5CB8703A4F51EE30E5C090C78073AA4] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440] [PID.1756]
[MD5.21144F53F79975801AB9A9A027707A85] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [109520] [PID.2332]
[MD5.CFD58DC283A0DE682B5247230D03B092] - (.Hewlett-Packard Development Company, L.P. - HP WMI Service.) -- C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224] [PID.2756]
[MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.2780]
[MD5.68BD23A0AD9E934F037A1D8A1929D1E2] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216] [PID.2788]
[MD5.A9E8091F1990D2E3FAC552AA3F51BE39] - (.Nalpeiron Ltd. - This service enables products that use the.) -- C:\WINDOWS\SysWOW64\NLSSRV32.exe [71832] [PID.2812]
[MD5.590DE2C0FF4E367050239BD1DDC912C1] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568] [PID.2840]
[MD5.40C126CB15FAB7D6C66490DCA9C1AED2] - (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416] [PID.660]
[MD5.E605F35F03C881DC46902E0E2F5985B3] - (.SEIKO EPSON CORPORATION - MyEpson Portal Service.) -- C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984] [PID.2744]
[MD5.2AA61246A5B813C1B12BCCFAA6F23DD8] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416] [PID.3076]
[MD5.72DD6225BA6055472522195F96473639] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504] [PID.3096]
[MD5.13297729C696656F990A5DBA53023129] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696] [PID.3140]
[MD5.A650FA927A4D1D71C53E317A0DDD6B7E] - (...) -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856] [PID.3172]
[MD5.AC36A47C010100B7EDFB2A70114D3E89] - (.RealNetworks, Inc. - RealPlayer Cloud Service.) -- c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848] [PID.3264]
[MD5.B64E1D5BABD095C13A382838F9DCC77F] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720] [PID.6724]
[MD5.57739E742ABC085C2A4340D4404B4A8B] - (.Intel Corporation - Intel(R) ME Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544] [PID.7140]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.6312]
[MD5.B16F2A40E738277AB75515D4B024305E] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [390616] [PID.6180]
[MD5.AB176B9E59C0435499D83047D84EDD59] - (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784] [PID.9040]
[MD5.7B7DE6B3DC30F3246958F42C67A6F7BB] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [1102472] [PID.9400]
~ Processes Running: Scanned in 00mn 06s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\devje\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (24)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer [64Bits] - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealDownloader - RealPlayer Video Downloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [IgfxTray] . (...) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [SimplePass] . (.Hewlett-Packard - HP SimplePass Application.) -- C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
O4 - HKLM\..\Run: [OPBHOBroker] . (.Hewlett-Packard - HP SimplePass BHO Broker.) -- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
O4 - HKLM\..\Run: [OPBHOBrokerDesktop] . (.Hewlett-Packard - HP SimplePass BHO Broker.) -- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\WINDOWS\system32\nvspcap64.dll
O4 - HKLM\..\Run: [ACUW09FR] . (.ACD Systems - acdID InTouch2.) -- C:\Program Files\ACD Systems\ACDSee Ultimate\9.0\acdIDInTouch2.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [emsisoft anti-malware] . (.Emsisoft Ltd - Emsisoft Real-Time Protection.) -- c:\program files\emsisoft anti-malware\a2guard.exe
O4 - HKCU\..\Run: [Avanquest message] . (.Avanquest Software - Avanquest Message.) -- C:\Program Files (x86)\Avanquest\Avanquest message\AQNotif.exe
O4 - HKCU\..\Run: [ultracopier] . (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files\Supercopier\supercopier.exe
O4 - HKCU\..\Run: [ACDSeeCommanderUltimate9] . (...) -- C:\Program Files\ACD Systems\ACDSee Ultimate\9.0\ACDSeeCommanderUltimate9.exe
O4 - HKCU\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - Glary Utilities StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\devje\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\WINDOWS\system32\cmd.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [RoxWatchTray] . (.Sonic Solutions - RoxMMTrayApp Module.) -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe =>.Sonic Solutions
O4 - HKLM\..\Wow6432Node\Run: [CPMonitor] . (.Pas de propriétaire - CPMonitor Application.) -- C:\Program Files (x86)\Roxio Creator 2009\5.0\CPMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files (x86)\real\realplayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [RealDownloader] . (.Pas de propriétaire - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Wow6432Node\Run: [AccelerometerSysTrayApplet] . (.Hewlett-Packard Company - Hp Accelerometer System Tray.) -- C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Wow6432Node\Run: [Dropbox] . (.Dropbox, Inc. - Dropbox.) -- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
O4 - HKLM\..\Wow6432Node\Run: [KeyScrambler] . (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files (x86)\KeyScrambler\keyscrambler.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
O4 - HKUS\.DEFAULT\..\Run: [EPSON PX720WD Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGYE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-18\..\Run: [EPSON PX720WD Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGYE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe
O4 - HKUS\S-1-5-21-3459455889-3125121319-4259865059-1002\..\Run: [Avanquest message] . (.Avanquest Software - Avanquest Message.) -- C:\Program Files (x86)\Avanquest\Avanquest message\AQNotif.exe
O4 - HKUS\S-1-5-21-3459455889-3125121319-4259865059-1002\..\Run: [ultracopier] . (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files\Supercopier\supercopier.exe
O4 - HKUS\S-1-5-21-3459455889-3125121319-4259865059-1002\..\Run: [ACDSeeCommanderUltimate9] . (...) -- C:\Program Files\ACD Systems\ACDSee Ultimate\9.0\ACDSeeCommanderUltimate9.exe
O4 - HKUS\S-1-5-21-3459455889-3125121319-4259865059-1002\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - Glary Utilities StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
O4 - HKUS\S-1-5-21-3459455889-3125121319-4259865059-1002\..\RunOnce: [Uninstall C:\Users\devje\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\WINDOWS\system32\cmd.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3b17fc96-e55d-4255-ab61-5b41e1f2f4ed}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{0a6b9a07-4074-4a9b-84d2-0a257b8e12d1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3b17fc96-e55d-4255-ab61-5b41e1f2f4ed}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3b17fc96-e55d-4255-ab61-5b41e1f2f4ed}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{0a6b9a07-4074-4a9b-84d2-0a257b8e12d1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3b17fc96-e55d-4255-ab61-5b41e1f2f4ed}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service Mise à jour Dropbox (dbupdate) (dbupdate) . (.Dropbox, Inc. - Dropbox Update.) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: NitroUpdateService (NitroUpdateService) . (...) - C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) . (...) - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
~ Services: 44 Legitimates Filtered in 00mn 49s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [arp_flush] (...) -- C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [CreateChoiceProcessTask] (...) -- C:\Windows\BrowserChoice\browserchoice.exe (.not file.) [0]
[MD5.33BFEC2B102B196B62ABB9947C7D7E23] [APT] [DropboxUpdateTaskMachineCore] (.Dropbox, Inc..) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048]
[MD5.33BFEC2B102B196B62ABB9947C7D7E23] [APT] [DropboxUpdateTaskMachineUA] (.Dropbox, Inc..) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048]
[MD5.00000000000000000000000000000000] [APT] [{81B98D2E-23BC-494E-BE7E-941B1D51FD1B}] (...) -- C:\Program Files (x86)\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AEB0C848-3091-4D73-82F5-25B0CD6ACCB7}] (...) -- C:\NeroPortable\NeroInfoToolPortable.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job [1064]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier [1064]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: DropboxUpdateTaskMachineCore - (.Dropbox, Inc..) -- C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job [1194]
O39 - APT: DropboxUpdateTaskMachineCore - (.Dropbox, Inc..) -- C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore [1194]
O39 - APT: DropboxUpdateTaskMachineUA - (.Dropbox, Inc..) -- C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job [1198]
O39 - APT: DropboxUpdateTaskMachineUA - (.Dropbox, Inc..) -- C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA [1198]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1086]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1090]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleFordevje [346]
~ Scheduled Task: 43 Legitimates Filtered in 00mn 10s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: oem52.inf (Eve) . (...) - C:\Windows\system32\DRIVERS\eve.sys
~ Drivers: 50 Legitimates Filtered in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: All Video Sound Extractor 1.0.2 - (.Zealotsoft,Inc..) [HKLM][64Bits] -- All Video Sound Extractor_is1
O42 - Logiciel: CDRIPMP3 - (...) [HKLM][64Bits] -- CDRIPMP3
O42 - Logiciel: DVD X Player 4.1 Professional - (...) [HKLM][64Bits] -- DVD X Player 4.1 Professional_is1
O42 - Logiciel: TotalDocConverter - (.Softplicity, Inc..) [HKLM][64Bits] -- Total Doc Converter_is1
O42 - Logiciel: Verbix 2008 - (.Verbix.) [HKLM][64Bits] -- Verbix2008_is1
O42 - Logiciel: WowApp - (.WowApp.) [HKCU][64Bits] -- WowApp
~ Logic: 37 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Cocotron]
[HKCU\Software\MeraGana]
[HKCU\Software\SyncEngines]
[HKCU\Software\Verbix]
[HKLM\Software\Wow6432Node\KSW]
[HKLM\Software\Wow6432Node\MaxPower]
~ Key Software: 536 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/12/2014 - 17:33:05 - [] ----D C:\Program Files (x86)\All Video Sound Extractor
O43 - CFD: 21/12/2015 - 17:07:07 - [] ----D C:\Program Files (x86)\CDRIPMP3
O43 - CFD: 05/12/2015 - 15:31:16 - [] ----D C:\Program Files (x86)\MARLIVE
O43 - CFD: 17/11/2015 - 15:07:23 - [] ----D C:\Program Files (x86)\MeraGana
O43 - CFD: 12/12/2014 - 18:10:46 - [] ----D C:\Program Files (x86)\TotalDocConverter
O43 - CFD: 16/12/2014 - 14:31:10 - [] ----D C:\Program Files (x86)\Verbix2008
O43 - CFD: 16/12/2014 - 14:31:12 - [] ----D C:\Program Files (x86)\Common Files\verbix
O43 - CFD: 30/10/2015 - 11:24:24 - [0] ----D C:\ProgramData\Comms
O43 - CFD: 29/06/2015 - 11:14:40 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 12/12/2015 - 10:16:14 - [] ----D C:\ProgramData\USOPrivate
O43 - CFD: 12/12/2015 - 10:16:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All Video Sound Extractor
O43 - CFD: 12/12/2015 - 10:16:02 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS Media
O43 - CFD: 12/12/2015 - 10:16:03 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD X Player 4.1 Professional
O43 - CFD: 12/12/2015 - 10:16:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeraGana
O43 - CFD: 12/12/2015 - 10:16:07 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
O43 - CFD: 12/12/2015 - 10:16:08 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
O43 - CFD: 12/12/2015 - 10:16:09 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
O43 - CFD: 30/10/2015 - 23:03:03 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 12/12/2015 - 10:16:10 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Doc Converter
O43 - CFD: 12/12/2015 - 10:16:10 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verbix 2008
O43 - CFD: 17/03/2015 - 17:44:56 - [] ----D C:\Users\devje\AppData\Roaming\CocotronLibrary
O43 - CFD: 16/12/2014 - 14:32:24 - [] ----D C:\Users\devje\AppData\Roaming\verbix2008
O43 - CFD: 01/12/2015 - 09:24:17 - [] ----D C:\Users\devje\AppData\Roaming\WowApp
O43 - CFD: 12/12/2015 - 11:04:49 - [0] ----D C:\Users\devje\AppData\Local\ActiveSync
O43 - CFD: 13/08/2015 - 23:09:32 - [] ----D C:\Users\devje\AppData\Local\Comms
O43 - CFD: 29/07/2015 - 15:15:12 - [0] -SH-D C:\Users\devje\AppData\Local\EmieBrowserModeList
O43 - CFD: 11/08/2015 - 12:43:56 - [0] ----D C:\Users\devje\AppData\Local\FotoCanvas
O43 - CFD: 01/06/2015 - 16:08:33 - [] ----D C:\Users\devje\AppData\Local\GWX
O43 - CFD: 10/08/2015 - 12:09:06 - [0] ----D C:\Users\devje\AppData\Local\NetworkTiles
O43 - CFD: 09/02/2015 - 12:04:43 - [] ----D C:\Users\devje\AppData\Local\Photo Explosion
O43 - CFD: 01/12/2015 - 09:13:07 - [] ----D C:\Users\devje\AppData\Local\WowApp
O43 - CFD: 21/12/2015 - 17:07:05 - [] ----D C:\Users\devje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CDRIPMP3
O43 - CFD: 12/12/2015 - 10:12:19 - [] ----D C:\Users\devje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WowApp
~ Program Folder: 421 Legitimates Filtered in 00mn 07s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0B83128B1D3DA99914F3F8BC0D594241] - 12/12/2015 - 09:58:35 ---A- . (...) -- C:\Windows\System32\NetSetupMig.log [43770]
O44 - LFC:[MD5.1373F6562D5E4C715D5D3583E350093E] - 12/12/2015 - 10:04:00 ---A- . (...) -- C:\Windows\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat [200]
O44 - LFC:[MD5.2893C0C2283BF82487C818C9EAD10F47] - 12/12/2015 - 10:04:28 ---A- . (...) -- C:\Windows\System32\nvcoproc.bin [5231082]
O44 - LFC:[MD5.9B773E17F57FF0D634DBA06CF299FEDE] - 12/12/2015 - 10:23:58 ---A- . (...) -- C:\Windows\System32\DREAMWORKS.XML [42508]
O44 - LFC:[MD5.4DB832701EA2D47F325ED11F012F7338] - 12/12/2015 - 10:23:58 ---A- . (...) -- C:\Windows\System32\bltinmic.ico [3774]
O44 - LFC:[MD5.E3F76DF0119A00413579025C0CB319B6] - 12/12/2015 - 10:23:58 ---A- . (...) -- C:\Windows\System32\hpbeats.ico [69462]
O44 - LFC:[MD5.937CF6954D64AF5811EC1BE4ECBF60E8] - 12/12/2015 - 10:23:58 ---A- . (...) -- C:\Windows\System32\nbspkrsbeats.ico [13942]
O44 - LFC:[MD5.AE92792B1164906F2A2E9574B34EF2B6] - 12/12/2015 - 10:40:48 ---A- . (...) -- C:\Windows\System32\emptyregdb.dat [23208]
O44 - LFC:[MD5.F955ACDA319098480A9387D86E179232] - 12/12/2015 - 10:49:59 ---A- . (...) -- C:\Windows\diagerr.xml [19053]
O44 - LFC:[MD5.F955ACDA319098480A9387D86E179232] - 12/12/2015 - 10:49:59 ---A- . (...) -- C:\Windows\diagwrn.xml [19053]
O44 - LFC:[MD5.294BD6D65CE93F7B709DBB38F96759DA] - 12/12/2015 - 12:47:12 ---A- . (...) -- C:\Windows\System32\CoreUIComponents.dll [2653816]
O44 - LFC:[MD5.F98AD5D07A39430EFE8B22B7997A2809] - 20/12/2015 - 15:39:06 ---A- . (...) -- C:\Windows\NAVIGMA.INI [127]
O44 - LFC:[MD5.5C5A797761421CF9B72087F3BC8A5259] - 25/12/2015 - 09:48:19 ---A- . (...) -- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [180]
O44 - LFC:[MD5.87CC9EDCBBBC57ACB62F7C344BCF9057] - 25/12/2015 - 15:26:02 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [36608]
~ Files: 298 Legitimates Filtered in 01mn 59s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "DSCAutomationHostEnabled"=2
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInstrumentation"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:02/06/2013 - 07:56:58 ---A- . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys [31920]
O58 - SDL:11/12/2014 - 14:23:16 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\aswTap.sys [44640]
O58 - SDL:30/10/2015 - 11:17:22 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn.sys [9728]
O58 - SDL:30/10/2015 - 11:17:22 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [9728]
O58 - SDL:21/01/2015 - 18:22:26 ---A- . (...) -- C:\Windows\System32\Drivers\eve.sys [41304]
O58 - SDL:04/09/2013 - 13:57:42 ---A- . (.ThreatTrack Security - GFI Utility driver.) -- C:\Windows\System32\Drivers\gfiutil.sys [31264]
O58 - SDL:30/10/2015 - 11:17:23 ---A- . (.Mellanox - InfiniBand Fabric Bus Driver.) -- C:\Windows\System32\Drivers\ibbus.sys [424800]
O58 - SDL:08/08/2013 - 20:06:40 ---A- . (.Pas de propriétaire - Intel Keyboard Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\ikbevent.sys [21408]
O58 - SDL:08/08/2013 - 20:06:40 ---A- . (.Pas de propriétaire - Intel Mouse Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\imsevent.sys [21920]
O58 - SDL:03/02/2014 - 11:46:42 ---A- . (.Pas de propriétaire - Intel(R) Smart Connect Technology Device Driver.) -- C:\Windows\System32\Drivers\ISCTD.sys [44744]
O58 - SDL:07/08/2013 - 20:01:32 ---A- . (.Pas de propriétaire - Intel(R) Smart Connect Technology Device Driver.) -- C:\Windows\System32\Drivers\ISCTD64.sys [46568]
O58 - SDL:02/08/2012 - 11:22:48 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:30/10/2015 - 11:17:23 ---A- . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas3i.sys [99168]
O58 - SDL:30/10/2015 - 11:17:23 ---A- . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\Drivers\megasas.sys [59744]
O58 - SDL:30/10/2015 - 11:17:23 ---A- . (.Mellanox - MLX4 Bus Driver.) -- C:\Windows\System32\Drivers\mlx4_bus.sys [705376]
O58 - SDL:30/10/2015 - 11:17:23 ---A- . (.Mellanox - NetworkDirect Support Filter Driver.) -- C:\Windows\System32\Drivers\ndfltr.sys [76128]
O58 - SDL:18/04/2014 - 08:31:50 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600]
O58 - SDL:30/10/2015 - 11:17:23 ---A- . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\Drivers\percsas3i.sys [58720]
O58 - SDL:01/12/2010 - 08:52:58 ---A- . (...) -- C:\Windows\System32\Drivers\rp24msdrv.sys [28416]
O58 - SDL:30/10/2015 - 11:17:23 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:05/12/2013 - 01:32:36 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [551936]
O58 - SDL:25/12/2015 - 15:26:02 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [36608]
O58 - SDL:15/08/2014 - 22:35:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:30/10/2015 - 11:17:23 ---A- . (.Mellanox - Kernel WinMad.) -- C:\Windows\System32\Drivers\winmad.sys [26976]
O58 - SDL:30/10/2015 - 11:17:23 ---A- . (.Mellanox - Kernel WinVerbs.) -- C:\Windows\System32\Drivers\winverbs.sys [59232]
O58 - SDL:11/08/2015 - 11:28:21 ---A- . (.Padus, Inc. - Padus(R) ASPI Shell.) -- C:\Windows\SysWOW64\drivers\pfc.sys [9856]
O58 - SDL:20/03/2002 - 22:01:06 ---A- . (...) -- C:\Windows\SysWOW64\Digita.sys [6688]
O58 - SDL:10/01/2015 - 09:05:16 ---A- . (...) -- C:\Windows\SysWOW64\SystemInfo32.sys [14]
~ Drivers: 106 Legitimates Filtered in 00mn 08s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {B6916A40-E38F-4396-9A46-61B424A4F9D1} - (Propositions de recherche Amazon.fr) - http://www.amazon.fr
~ Keys: Scanned in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{DB95DA02-0188-45D4-902B-269A32B4B8E7}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\devje\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{EE718EEB-F32A-484E-8DAD-81D7320070C0}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\devje\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{11C492C5-F1DF-4295-91AA-BAE282927EA2}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\devje\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{9AEB8A43-4444-44A0-BBFF-896D298FD593}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\devje\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 08s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 22/12/2015 269504 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 05/12/2012 67584 | (cbVSCService11) . (.CobianSoft, Luis Cobian.) - C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
SS - | Demand 04/09/2015 282216 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 24/08/2015 136048 | (dbupdate) . (.Dropbox, Inc..) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
SS - | Demand 24/08/2015 136048 | (dbupdatem) . (.Dropbox, Inc..) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
SS - | Auto 28/08/2015 144200 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/08/2015 144200 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 11/05/2013 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 09/07/2015 268192 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Demand 14/08/2008 313840 | (Roxio UPnP Renderer 11) . (.Sonic Solutions.) - C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
SS - | Auto 14/08/2008 367088 | (Roxio Upnp Server 11) . (.Sonic Solutions.) - C:\Program Files (x86)\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
SS - | Auto 14/08/2008 309744 | (RoxLiveShare11) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
SS - | Demand 14/08/2008 1124848 | (RoxMediaDB11) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
SS - | Auto 14/08/2008 170480 | (RoxWatch11) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
SS - | Auto 09/07/2015 327296 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/11/2015 10768560 | (a2AntiMalware) . (.Emsisoft Ltd.) - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
SR - | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
SR - | Auto 19/01/2015 77128 | (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 21/12/2015 226440 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/12/2015 109520 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 14/09/2009 166400 | (EPSON_EB_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.exe
SR - | Auto 14/09/2009 128512 | (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.exe
SR - | Auto 09/07/2015 640928 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 27/08/2015 1155192 | (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
SR - | Demand 28/04/2015 1102472 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 11/07/2015 54448 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 28/09/2015 25800 | (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
SR - | Auto 03/09/2015 606224 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
SR - | Auto 30/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 09/06/2015 150256 | (ibtsiva) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
SR - | Auto 04/09/2015 350312 | (igfxCUIService2.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe
SR - | Auto 11/05/2013 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 09/08/2013 131544 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 30/08/2013 157128 | (Intel(R) Wireless Bluetooth(R) 4.0 Radio Management) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
SR - | Auto 09/08/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 09/08/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 05/10/2015 1513784 | (MBAMScheduler) . (.Malwarebytes.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 05/10/2015 1135416 | (MBAMService) . (.Malwarebytes.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 22/09/2014 703984 | (MyEpson Portal Service) . (.SEIKO EPSON CORPORATION.) - C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
SR - | Auto 21/03/2011 341312 | (NitroDriverReadSpool) . (.Nitro PDF Software.) - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
SR - | Auto 31/07/2015 326296 | (NitroDriverReadSpool10) . (.Nitro PDF Software.) - C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
SR - | Auto 31/07/2015 417944 | (NitroUpdateService) . (...) - C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
SR - | Auto 31/07/2015 71832 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\WINDOWS\SysWOW64\NLSSRV32.exe
SR - | Auto 27/08/2015 1872504 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 27/08/2015 5544568 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
SR - | Auto 14/09/2015 937776 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 27/10/2014 39568 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 16/12/2014 1141848 | (RealPlayer Cloud Service) . (.RealNetworks, Inc..) - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
SR - | Auto 30/10/2014 31856 | (RealPlayerUpdateSvc) . (...) - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
SR - | Auto 09/07/2015 157088 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 11/09/2015 5702416 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
SR - | Auto 21/08/2015 61968 | (valWBFPolicyService) . (.Synaptics Incorporated.) - C:\Windows\System32\valWBFPolicyService.exe
SR - | Demand 22/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 22/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Demand 30/10/2015 43944 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 09/07/2015 3831712 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 23s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (05/05/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 431112 Items scanned in 02mn 20s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy
~ MSI: 1 link(s) detected in 00mn 00s



---\\ Alert Messages
WARNING : Hijacker Proxy found, Clean with ZHPCleaner Tool

~ 1445 Legitimates filtered by white list
End of the scan (575 lines in 08mn 23s)(0.10)

Publicité


Signaler le contenu de ce document

Publicité