~ Rapport de ZHPDiag v2014.12.13.173 - Nicolas Coolman (13/12/2014) ~ Lancé par soufiane (16/12/2014 08:51:06) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Adresse du Forum http://forum.nicolascoolman.fr ~ Traduit par Nicolas Coolman ~ Etat de la version : Nouvelle version disponible ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.17498 MFIE: Mozilla Firefox 34.0.5 GCIE: Google Chrome v39.0.2171.71 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8.1 Pro, 64-bit (Build 9600) Windows Server License Manager Script : OK ~ Windows(R) Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : T6MD2 Windows License : OK ~ Windows Remaining Initializations Number : 1000 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Malwarebytes Anti-Malware version 2.0.4.1028 Windows Defender W8 (Deactivate) ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 69 Stepping 1, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 8097 MB (54% free) System Restore: Activé (Enable) System drive C: has 43 GB (43%) free of 98 GB ---\\ Mode de connexion au système ~ Computer Name: SOUF ~ User Name: soufiane ~ All Users Names: soufiane, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\soufiane\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\soufiane\AppData\Roaming\ ~ %Desktop% : C:\Users\soufiane\Desktop\ ~ %Favorites% : C:\Users\soufiane\Favorites\ ~ %LocalAppData% : C:\Users\soufiane\AppData\Local\ ~ %StartMenu% : C:\Users\soufiane\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 43 Go of 98 Go) D: Hard drive, Flash drive, Thumb drive (Free 132 Go of 360 Go) X: Hard drive, Flash drive, Thumb drive (Free 0 Go of 1 Go) Y: Hard drive, Flash drive, Thumb drive (Free 1 Go of 7 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.ACDBE1ED38167C8B01B8F63161BB2CEA] - (.Microsoft Corporation - Explorateur Windows.) (.23/08/2014 - 07:48:28.) -- C:\Windows\Explorer.exe [2374784] [MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 09:58:29.) -- C:\Windows\System32\Wininit.exe [144384] [MD5.4AF089160FE082E5EA5C4AA72782DCA2] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/11/2014 - 01:28:21.) -- C:\Windows\System32\wininet.dll [2358272] [MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.18/03/2014 - 10:14:17.) -- C:\Windows\System32\Winlogon.exe [562176] [MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.18/03/2014 - 10:14:17.) -- C:\Windows\System32\sppcomapi.dll [447488] [MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.30/05/2014 - 03:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200] [MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 12:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464] [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 11:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576] [MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 08:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352] [MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/07/2014 - 17:55:12.) -- C:\Windows\system32\Drivers\DfsC.sys [134144] [MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/07/2014 - 11:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800] [MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 11:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520] [MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 10:14:21.) -- C:\Windows\system32\Drivers\IpNat.sys [142848] [MD5.7A1A3F213CDB3363D179D5014272025D] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.30/04/2014 - 06:41:46.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432] [MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 11:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624] [MD5.038C77D577900EE39410662478BB0D50] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/07/2014 - 15:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [2009920] [MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 11:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208] [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 11:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832] [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.18/03/2014 - 09:41:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584] [MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 13:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520] [MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/06/2014 - 02:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/3 ~ Mes musiques (My Musics) : 1/9 ~ Mes Videos (My Videos) : 1/3 ~ Mes Favoris (My Favorites) : 1/5 ~ Mes Documents (My Documents) : 1/23 ~ Mon Bureau (My Desktop) : 1/996 ~ Menu demarrer (Programs) : 1/41 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.3C13F26A4766752314A5413038BD86B4] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.3400] [MD5.F95CD920750D67AA904F5FEA406835B7] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [30524520] [PID.5564] [MD5.24ECFD962F8226400282A009A32E8D92] - (.Pas de propriétaire - Viber.) -- C:\Users\soufiane\AppData\Local\Viber\Viber.exe [936656] [PID.4584] [MD5.AB0C872B1FFE283D20C91C8E575E2F67] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\soufiane\AppData\Roaming\Dropbox\bin\Dropbox.exe [35419192] [PID.5328] [MD5.87261B9C4D3474ADE8ABE907781EEBBB] - (.Mindjet - MindManager Topic Alerts.) -- C:\Program Files (x86)\Mindjet\MindManager 11\MmReminderService.exe [42312] [PID.1844] [MD5.3CB07566302BCEEB898DE270A0BEC175] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352] [PID.6672] [MD5.0502F5FB0731B5AFC694F3EB683DFE97] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [3478752] [PID.7056] [MD5.0EF0822810009D58118CCDFD098FA9F4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480] [PID.6700] [MD5.F93E4DC33900B8F2A82BD22FFAF21C96] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.5048] [MD5.2991C495CF25B9AD4E05002222A1E3B0] - (.SoftThinks - Dell - Dell Backup And Recovery Update Launcher.) -- C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.exe [493072] [PID.5596] [MD5.C15C29EA66E0695D6E053B8AC751A949] - (.SoftThinks - Dell - Dell Backup And Recovery Toaster.) -- C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.exe [4163552] [PID.7632] [MD5.3CFB25DB09EB90FD2BD4C89D75611E6D] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904] [PID.8288] [MD5.BCEB6836486FB978F25A8D6FF30B3619] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8140288] [PID.4500] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\soufiane\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] Google Slides v.0.8 (Activé) G2 - GCE: Preference [User Data\Default] [alelhddbbhepgpmgidjdcjakblofbmce] Superbe capture d'écran : capturer et annoter v.3.7.20, (Activé) G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé) G2 - GCE: Preference [User Data\Default] [bepbmhgboaologfdajaanbcjmnhjmhfn] Google Voice Search Hotword (Beta) v.0.1.1.5023, (Désactivé) G2 - GCE: Preference [User Data\Default] [boadgeojelhgndaghljhdicfkmllpafd] Google Cast v.14.1113.0.3, (Activé) G2 - GCE: Preference [User Data\Default] [dnhpdliibojhegemfjheidglijccjfmc] hotword helper v.0.0.2.0 (Activé) G2 - GCE: Preference [User Data\Default] [dpaegjhcljgkgogdfgdnacblbneimcol] Contacts Sort v.2.1.0, (Activé) G2 - GCE: Preference [User Data\Default] [fdcgdnkidjaadafnichfpabhfomcebme] ZenMate v.3.8, (Activé) G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] Google Sheets v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [gppongmhjkpfnbhagpmjfkannfbllamg] Wappalyzer v.2.35, (Activé) G2 - GCE: Preference [User Data\Default] [jccocffecajimkdjgfpjhlpiimcnadhb] Panel View for Keep v.2.1, (Activé) G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.8.64 (Activé) G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé) G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé) G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé) ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 43 Legitimates Filtered in 00mn 04s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\soufiane\AppData\Roaming\Mozilla\Firefox\Profiles\tjrliwp3.default\prefs.js ~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (22) ~ Hosts File: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\QuickLaunch [soufiane]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\soufiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Global Startup: 1 Legitimates Filtered in 00mn 01s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe O4 - HKLM\..\Run: [WavesSvc] . (.Waves Audio Ltd. - Waves MaxxAudio Service Application.) -- C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe O4 - HKLM\..\Run: [RtHDVBg_PushButton] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [IntelPROSet] . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Framework.) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe O4 - HKLM\..\Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [ACPW08EN] . (.ACD Systems - acdID InTouch2.) -- C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_33CF14D5128E62F639C91DC909186F91] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - HKCU\..\Run: [ACDSeeCommanderPro8] . (...) -- C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe O4 - HKCU\..\Run: [Viber] . (.Pas de propriétaire - Viber.) -- C:\Users\soufiane\AppData\Local\Viber\Viber.exe O4 - HKCU\..\Run: [microsoft] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe O4 - HKCU\..\Run: [AirDroid 3] . (.Sand Studio - AirDroid 3.) -- C:\Program Files (x86)\AirDroid\AirDroid.exe O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe O4 - HKLM\..\Wow6432Node\Run: [MMReminderService] . (.Mindjet - MindManager Topic Alerts.) -- C:\Program Files (x86)\Mindjet\MindManager 11\MMReminderService.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [microsoft] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe O4 - HKUS\S-1-5-21-2772296983-1439077872-403135500-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-2772296983-1439077872-403135500-1001\..\Run: [GoogleChromeAutoLaunch_33CF14D5128E62F639C91DC909186F91] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - HKUS\S-1-5-21-2772296983-1439077872-403135500-1001\..\Run: [ACDSeeCommanderPro8] . (...) -- C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe O4 - HKUS\S-1-5-21-2772296983-1439077872-403135500-1001\..\Run: [Viber] . (.Pas de propriétaire - Viber.) -- C:\Users\soufiane\AppData\Local\Viber\Viber.exe O4 - HKUS\S-1-5-21-2772296983-1439077872-403135500-1001\..\Run: [microsoft] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe O4 - HKUS\S-1-5-21-2772296983-1439077872-403135500-1001\..\Run: [AirDroid 3] . (.Sand Studio - AirDroid 3.) -- C:\Program Files (x86)\AirDroid\AirDroid.exe ~ Application: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{2FA934BC-2F4B-4CC8-AA6A-A92D2F5081DD}: DhcpNameServer = 10.192.0.2 10.192.0.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{7695DED2-F78E-460F-92EE-D340A684B358}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{99AB2534-C2CF-4E27-BE34-B3ED69FBF10C}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{DA31192B-A715-4E17-85DF-29499313D70E}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{2FA934BC-2F4B-4CC8-AA6A-A92D2F5081DD}: DhcpDomain = MCC.DOMAIN O17 - HKLM\System\CS1\Services\Tcpip\..\{2FA934BC-2F4B-4CC8-AA6A-A92D2F5081DD}: DhcpNameServer = 10.192.0.2 10.192.0.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{7695DED2-F78E-460F-92EE-D340A684B358}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{99AB2534-C2CF-4E27-BE34-B3ED69FBF10C}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{DA31192B-A715-4E17-85DF-29499313D70E}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{2FA934BC-2F4B-4CC8-AA6A-A92D2F5081DD}: DhcpDomain = MCC.DOMAIN O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Dell.PowerManager.Service (Dell.PowerManager.Service) . (. - .) - C:\Windows\system32\dllhost.exe /Processid:{A7D7D2B5-48C3-46E1-8811-E089C12CB35E} ~ Services: 25 Legitimates Filtered in 00mn 05s ---\\ Tâches planifiées en automatique (O39) [MD5.3F0EC9683BC7C2409C419FD0EEBA525C] [APT] [Dell Product Registration] (.Aviata Inc.) -- C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157248] [MD5.3F0EC9683BC7C2409C419FD0EEBA525C] [APT] [Dell Product Registration Update] (.Aviata Inc.) -- C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157248] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1082] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1086] ~ Scheduled Task: 8 Legitimates Filtered in 00mn 01s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (MpKsl9a06bb17) . (. - .) - C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DF16DBE7-4400-4BA3-AD9E-2018A9B9DA43}\MpKsl9a06bb17.sys (.not file.) ~ Drivers: 40 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: AirDroid 3.0.1 - (.Sand Studio.) [HKLM][64Bits] -- AirDroid O42 - Logiciel: Axure RP Pro 7.0 - (.Axure Software Solutions, Inc..) [HKLM][64Bits] -- Axure RP Pro 7.0 O42 - Logiciel: Axure RP Pro 7.0 - (.Axure Software Solutions, Inc..) [HKLM][64Bits] -- {030F3DD4-D90D-40FD-946A-D775C2DD8A98} ~ Logic: 25 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Axure RP 4] [HKLM\Software\Wow6432Node\Aviata] ~ Key Software: 265 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 11/12/2014 - 17:09:36 - [] ----D C:\Program Files (x86)\AirDroid O43 - CFD: 17/10/2014 - 18:03:51 - [] ----D C:\Program Files (x86)\Axure O43 - CFD: 21/07/2014 - 18:10:36 - [] ----D C:\ProgramData\Aviata O43 - CFD: 17/10/2014 - 18:04:28 - [] ----D C:\ProgramData\Axure O43 - CFD: 28/11/2014 - 23:10:08 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 O43 - CFD: 17/10/2014 - 18:03:57 - [] --H-D C:\ProgramData\{92A21CA8-7484-498F-9071-498F4669CF9F} O43 - CFD: 11/12/2014 - 17:05:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid O43 - CFD: 17/10/2014 - 18:03:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axure O43 - CFD: 18/03/2014 - 09:41:55 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 28/10/2014 - 14:31:34 - [] ----D C:\Users\soufiane\AppData\Roaming\AdbDriverInstaller O43 - CFD: 17/10/2014 - 18:04:22 - [] ----D C:\Users\soufiane\AppData\Roaming\Axure O43 - CFD: 16/10/2014 - 11:41:10 - [] ----D C:\Users\soufiane\AppData\Local\Aviata O43 - CFD: 15/12/2014 - 09:13:39 - [] ----D C:\Users\soufiane\AppData\Local\Axure O43 - CFD: 11/12/2014 - 16:45:01 - [] -SH-D C:\Users\soufiane\AppData\Local\EmieBrowserModeList O43 - CFD: 17/10/2014 - 18:05:58 - [] ----D C:\Users\soufiane\AppData\Local\{4BEA4A60-63F1-4492-9FBC-285674848BDD} ~ Program Folder: 205 Legitimates Filtered in 00mn 00s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 3 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:12/08/2013 - 23:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624] O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800] O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080] O58 - SDL:13/07/2012 - 14:31:18 ---A- . (.ST Microelectronics - Disk Class Filter Driver for Accelerometer.) -- C:\Windows\System32\Drivers\stdcfltn.sys [22168] O58 - SDL:22/08/2013 - 12:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072] O58 - SDL:05/08/2013 - 06:24:36 ---A- . (.STMicroelectronics - STM Accelerometer Device Driver.) -- C:\Windows\System32\Drivers\ST_Accel.sys [93432] O58 - SDL:28/07/2014 - 14:52:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] ~ Drivers: 62 Legitimates Filtered in 00mn 01s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.9E7E31AB085B63666C2F96CED1F350AD] [SPRF][16/12/2014] (.Pas de propriétaire - ZHPCleaner.) -- C:\Users\soufiane\Desktop\ZHPCleaner.exe [1414656] ~ Files: 1 Legitimates Filtered in 00mn 00s ---\\ Enumère les données de la clé NameSpace (MNS) (O92) O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE} O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B} O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA} O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C} O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0} O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} ~ MNS: 6 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 31/01/2014 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Auto 10/04/2014 202248 | (DellDigitalDelivery) . (.Dell Products, LP..) - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe SS - | Demand 01/04/2014 293440 | (DellProdRegManager) . (.Aviata, Inc..) - C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe SS - | Auto 16/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 16/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe SS - | Demand 11/12/2014 114800 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 17/01/2014 284912 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe SS - | Auto 11/02/2007 65536 | (O2FLASH) . (.O2Micro International.) - C:\Windows\System32\drivers\o2flash.exe SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 07/10/2014 60744 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 03/02/2014 1198456 | (Bluetooth Device Monitor) . (.Motorola Solutions, Inc..) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe SR - | Auto 13/01/2014 1161592 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 01/10/2014 1349576 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe SR - | Auto 17/01/2014 632048 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe SR - | Auto 30/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 04/04/2014 120016 | (iBtSiva) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe SR - | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 07/03/2014 259848 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe SR - | Demand 15/10/2014 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 13/11/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 13/11/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 21/11/2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe SR - | Auto 21/11/2014 969016 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe SR - | Auto 17/01/2014 154864 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe SR - | Auto 19/06/2013 246488 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe SR - | Auto 04/04/2014 1915920 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe SR - | Auto 12/09/2014 4799760 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 17/01/2014 3816176 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe ~ Services: Scanned in 00mn 07s ---\\ Scan Additionnel (O88) Database Version : 13026 - (13/12/2014) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 ~ Additionnel Scan: 327660 Items scanned in 00mn 25s ---\\ Informations complémentaires sur les modules ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4) ~ AMI: 3 Legitimates Filtered in 00mn 00s ~ 713 Legitimates filtered by white list End of the scan (453 lines in 00mn 59s)(0)