~ Rapport de ZHPDiag v2014.11.19.165 - Nicolas Coolman (19/11/2014) ~ Lancé par Veronique (20/11/2014 10:01:21) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Adresse du Forum http://forum.nicolascoolman.fr ~ Traduit par Nicolas Coolman ~ Etat de la version : Version à jour. ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.17420 GCIE: Google Chrome v39.0.2171.65 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows Operating System - Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : FJQKD Windows License : OK ~ Windows Remaining Initializations Number : 2 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Avast Free Antivirus v10.0.2206 Computer Security 12.83.104.0 Pack Sécurité v1.83.311.0 Pack Sécurité v1.83.311.0 Malwarebytes Anti-Malware version 2.0.3.1025 Windows Defender W7 (Deactivate) ---\\ Logiciels d'optimisation du système CCleaner v4.19 ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 15 Plugin Adobe Reader XI ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3962 MB (25% free) System Restore: Activé (Enable) System drive C: has 757 GB (85%) free of 886 GB ---\\ Mode de connexion au système ~ Computer Name: VERONIQUE-PC ~ User Name: Veronique ~ All Users Names: Veronique, Jean Louis, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Veronique\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Veronique\AppData\Roaming\ ~ %Desktop% : C:\Users\Veronique\Desktop\ ~ %Favorites% : C:\Users\Veronique\Favorites\ ~ %LocalAppData% : C:\Users\Veronique\AppData\Local\ ~ %StartMenu% : C:\Users\Veronique\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 757 Go of 886 Go) D: Hard drive, Flash drive, Thumb drive (Free 22 Go of 25 Go) F: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 49 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.10/10/2011 - 08:52:17.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.6FC2819A4F80AAB2DADEDFC1EFEE3C3F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/11/2014 - 03:17:24.) -- C:\Windows\System32\wininet.dll [2365440] [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.10/10/2011 - 08:53:18.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 03s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 3/33 ~ Mes musiques (My Musics) : 28/375 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/638 ~ Mes Documents (My Documents) : 2/237 ~ Mon Bureau (My Desktop) : 1/36 ~ Menu demarrer (Programs) : 1/52 ~ Hidden Files: Scanned in 00mn 03s ---\\ Processus lancés [MD5.C71BE40B3FCB89117050573E52514AD9] - (.Orange - ma Livebox.) -- C:\Program Files (x86)\Orange\ma Livebox\maLivebox.exe [149728] [PID.2208] [MD5.C56AEF21A76A6E2BB36A384B2C96389F] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104] [PID.4680] [MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488] [PID.4800] [MD5.B8B1A3F5EFA0DBE88EAB41A7110B9A31] - (.NewSoft Technology Corporation - NsWrtMon Microsoft Base Class Application.) -- C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe [26448] [PID.5056] [MD5.15664BEE10AB58C7C835C3DD167CD78E] - (.NewSoft Technology Corporation - Pmsb MFC Application.) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe [214360] [PID.2676] [MD5.0EC83E2DA29365048CBEB9A9A963BDFA] - (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Veronique\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672] [PID.4672] [MD5.197A4DEE4D4043065EF8F2E9A749F916] - (.NewSoft Technology Corporation - NsWrtProc Microsoft Base Clase Application.) -- C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe [54616] [PID.2672] [MD5.35057D04D649685D5E4AF0D4DD277ADE] - (.DVDVideoSoft Ltd. - Free Video Call Recorder for Skype.) -- C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\skyui.exe [914088] [PID.4912] [MD5.607455F564017D25F61436D64D3CFE2A] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [30526056] [PID.3712] [MD5.E07AD3AA0A179D0CD171760BB7C3C71F] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088] [PID.4120] [MD5.2786C13FB0AAB2C424DAD813F8D4342B] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Veronique\AppData\Roaming\Dropbox\bin\Dropbox.exe [36424128] [PID.5580] [MD5.4D1DA8CE5E364D22B4FF00F163194514] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.6068] [MD5.7D6C13D5D2A120BFD0776CB3AB2C6B8F] - (.Pas de propriétaire - LockKey.) -- C:\Program Files (x86)\LockKey\LockKey.exe [337776] [PID.836] [MD5.766AE515B1749F2141E418CC6C08515B] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.3532] [MD5.4F59C918782D978EF68E1FE35E5F38EF] - (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\SFR\Pack Sécurité\apps\ComputerSecurity\Common\FSM32.exe [310208] [PID.2484] [MD5.3A5D0E1BF0D7B954FD3A8BE474FCAABA] - (.Vimicro - VM331 StiMnt.) -- C:\Program Files (x86)\USB Camera2\VM332_STI.exe [548864] [PID.1668] [MD5.F194AB6537FAD3AA38993694F187B6F9] - (.NewSoft Technology Corporation - PMSpeed MFC Application.) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe [116632] [PID.3040] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\RunDll32.exe [0] [PID.3376] [MD5.FBDC0E172AA0D341FF0084A3DBFD00F5] - (.SEIKO EPSON CORPORATION - Fax Reception.) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952] [PID.1280] [MD5.635DFB2E71D6359E07977E74703ED47E] - (.SEIKO EPSON CORPORATION - Fax Transmission.) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400] [PID.2060] [MD5.46D3D19A4745B67DCA6692AFAB0E136D] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912] [PID.5180] [MD5.A876BA917EBD9E629CFD344EEBE240AD] - (.F-Secure Corporation - F-Secure Host Process.) -- C:\Program Files (x86)\SFR\Pack Sécurité\fshoster32.exe [191424] [PID.1616] [MD5.14D6542607ACD4B2D1DDB1A36E0D8813] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744] [PID.1144] [MD5.C2D60F6277707014C1C670A4D27F36E8] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [5223016] [PID.3240] [MD5.A80ACEB51CAF68EFEF0424BF9C2A2523] - (.Broadcom Corporation. - Bluetooth Headset Helper.) -- C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe [150304] [PID.6876] [MD5.734021DF84D1DA30995EA07A16847B0A] - (.Orange - ma Livebox.) -- C:\Program Files (x86)\Orange\ma Livebox\dist\ST2.exe [17678048] [PID.2464] [MD5.F89773DFA9B8C95A3AC2AF1E7D99E483] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.8508] [MD5.15ABBA57923260D4B09A5D5E5754D8B0] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904] [PID.8744] [MD5.8180FF8E683B8A997746143F6286B668] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8129536] [PID.4636] [MD5.5CE4F1E7D1BF789919DC7F2E7603C638] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1380] [MD5.C5679E5186B2FC95BC76A8A9870D5456] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704] [PID.2024] [MD5.6ADDB884025A0D1BCC3AD66E9FC57EFF] - (.Pas de propriétaire - DedicarzService.) -- C:\Program Files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe [1970544] [PID.1460] [MD5.45303CDBC1FD8F8D371E726BF126F771] - (.F-Secure Corporation - F-Secure ORSP Service.) -- C:\Program Files (x86)\SFR\Pack Sécurité\apps\CCF_Reputation\fsorsp.exe [60352] [PID.2348] [MD5.3762A2CACCCADCDAD5B0808160ED7844] - (.F-Secure Corporation - F-Secure Gatekeeper Handler 32-bit.) -- C:\Program Files (x86)\SFR\Pack Sécurité\apps\ComputerSecurity\Anti-Virus\FSGK32.exe [687656] [PID.2456] [MD5.09CA717536671E0896E07D239EE6740F] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560] [PID.2628] [MD5.D6310F79E51D1F997E964E81DD368AEA] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608] [PID.2696] [MD5.F014EC4D8DAF812A5ECB5F667AD6E59C] - (.F-Secure Corporation - F-Secure Management Agent.) -- C:\Program Files (x86)\SFR\Pack Sécurité\apps\ComputerSecurity\Common\FSMA32.exe [216000] [PID.4688] [MD5.3965100C898640D4C36C40EA1D9ED9E8] - (.F-Secure Corporation - F-Secure Scanner Manager 32-bit.) -- C:\Program Files (x86)\SFR\Pack Sécurité\apps\ComputerSecurity\Anti-Virus\fssm32.exe [1236008] [PID.1272] [MD5.7D4B9A48430ED57ACA6373B71D5904CA] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.6456] [MD5.A60D56228FF3EE7EC1A56A908924680E] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.4380] [MD5.A0153CC9D28568A10BDAEE5EC612CFC8] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.4392] ~ Processes Running: Scanned in 00mn 04s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Veronique\AppData\Local\Google\Chrome\User Data\Default\Preferences ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 0 Legitimates Filtered in 00mn 03s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr ~ IE Browser: 24 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;*.local;192.168.*.* =>Hijacker.Proxy R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49246;https=127.0.0.1:49246 =>Hijacker.Proxy R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 00s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Lenovo EE Boot Optimizer] . (.Lenovo - Lenovo EE Boot Optimizer Software.) -- C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.) O4 - HKLM\..\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Battery Management Software Ver 7.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe O4 - HKLM\..\Run: [Energy Management] . (.Lenovo (Beijing) Limited - Lenovo Energy Management Software 7.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe O4 - HKLM\..\Run: [cAudioFilterAgent] . (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe O4 - HKLM\..\Run: [WrtMon.exe] . (.NewSoft Technology Corporation - NsWrtMon Microsoft Base Class Application.) -- C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll O4 - HKCU\..\Run: [Scan Buttons] . (.NewSoft Technology Corporation - Pmsb MFC Application.) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.exe O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Veronique\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe O4 - HKCU\..\Run: [DVSSkypeRecorder] . (.DVDVideoSoft Ltd. - Free Video Call Recorder for Skype.) -- C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\skyui.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_7CF5BF13BC3982AB4ECF516034F7A622] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe O4 - HKCU\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\Veronique\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Veronique\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Veronique\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Veronique\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation O4 - HKLM\..\Wow6432Node\Run: [YouCam Tray] . (.CyberLink Corp. - YouCam.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe O4 - HKLM\..\Wow6432Node\Run: [YouCam Mirage] . (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe O4 - HKLM\..\Wow6432Node\Run: [UpdatePRCShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [LockKey] . (.Pas de propriétaire - LockKey.) -- C:\Program Files (x86)\LockKey\LockKey.exe O4 - HKLM\..\Wow6432Node\Run: [Lenovo Registration] . (.Lenovo, Inc. - Lenovo Registration.) -- C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Wow6432Node\Run: [F-Secure Manager] . (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\SFR\Pack Sécurité\apps\ComputerSecurity\Common\FSM32.exe O4 - HKLM\..\Wow6432Node\Run: [Dolby Advanced Audio v2] . (.Dolby Laboratories Inc. - Dolby Profile Selector.) -- C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe O4 - HKLM\..\Wow6432Node\Run: [332BigDog] . (.Vimicro - VM331 StiMnt.) -- C:\Program Files (x86)\USB Camera2\VM332_STI.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [PMSpeed] . (.NewSoft Technology Corporation - PMSpeed MFC Application.) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe O4 - HKLM\..\Wow6432Node\Run: [FUFAXRCV] . (.SEIKO EPSON CORPORATION - Fax Reception.) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe O4 - HKLM\..\Wow6432Node\Run: [FUFAXSTM] . (.SEIKO EPSON CORPORATION - Fax Transmission.) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe O4 - HKLM\..\Wow6432Node\Run: [F-Secure Hoster (44996)] . (.F-Secure Corporation - F-Secure Host Process.) -- C:\Program Files (x86)\SFR\Pack Sécurité\fshoster32.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-788555336-229832542-2016462868-1001\..\Run: [Scan Buttons] . (.NewSoft Technology Corporation - Pmsb MFC Application.) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.exe O4 - HKUS\S-1-5-21-788555336-229832542-2016462868-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Veronique\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe O4 - HKUS\S-1-5-21-788555336-229832542-2016462868-1001\..\Run: [DVSSkypeRecorder] . (.DVDVideoSoft Ltd. - Free Video Call Recorder for Skype.) -- C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\skyui.exe O4 - HKUS\S-1-5-21-788555336-229832542-2016462868-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-788555336-229832542-2016462868-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-788555336-229832542-2016462868-1001\..\Run: [GoogleChromeAutoLaunch_7CF5BF13BC3982AB4ECF516034F7A622] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - HKUS\S-1-5-21-788555336-229832542-2016462868-1001\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe O4 - HKUS\S-1-5-21-788555336-229832542-2016462868-1001\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe O4 - HKUS\S-1-5-21-788555336-229832542-2016462868-1001\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\Veronique\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe O4 - HKUS\S-1-5-21-788555336-229832542-2016462868-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd O4 - HKUS\S-1-5-21-788555336-229832542-2016462868-1001\..\RunOnce: [Uninstall C:\Users\Veronique\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-788555336-229832542-2016462868-1001\..\RunOnce: [Uninstall C:\Users\Veronique\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-788555336-229832542-2016462868-1001\..\RunOnce: [Uninstall C:\Users\Veronique\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation ~ Application: Scanned in 00mn 04s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{003ED88B-EFB7-45CB-8155-882FC45A5857}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{9C75FAC7-7376-42DB-8040-2DB79B88E61E}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{003ED88B-EFB7-45CB-8155-882FC45A5857}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{9C75FAC7-7376-42DB-8040-2DB79B88E61E}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{003ED88B-EFB7-45CB-8155-882FC45A5857}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{9C75FAC7-7376-42DB-8040-2DB79B88E61E}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 340.) - C:\Windows\system32\nvinitx.dll ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Dedicarz Service (Dedicarz Service) . (.Pas de propriétaire - DedicarzService.) - C:\Program Files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe O23 - Service: HiSuiteOuc64.exe (HiSuiteOuc64.exe) . (.Pas de propriétaire - s.) - C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe ~ Services: 23 Legitimates Filtered in 00mn 17s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{47CA6159-E870-45C5-A40A-BB04F5AA9F28}] (...) -- C:\Program Files (x86)\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe (.not file.) [0] [MD5.6DE5B13C5BFCD14DFA33BF5CBB73FEE2] [APT] [{5676B6A9-F42E-49C9-BC60-CF14507D0F16}] (...) -- C:\Program Files (x86)\Google\Picasa3\Uninstall.exe [171419] [MD5.00000000000000000000000000000000] [APT] [{80B5CB35-2AE4-4308-9699-ABAE538063AF}] (...) -- C:\Users\Veronique\Downloads\GenAge2.0.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{DC81B07F-088B-4FB0-B673-93DA4D31ADB7}] (...) -- C:\Program Files (x86)\IncrediMail\Bin\ImSetup.exe (.not file.) [0] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070] ~ Scheduled Task: 19 Legitimates Filtered in 00mn 07s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (fsvista) . (...) - C:\Program Files (x86)\SFR\Pack Sécurité\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys ~ Drivers: 78 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\IncrediMail] [HKLM\Software\Wow6432Node\LockKey] ~ Key Software: 353 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 04/10/2014 - 16:00:41 - [] ----D C:\Program Files (x86)\HiSuite O43 - CFD: 06/07/2012 - 07:32:26 - [] ----D C:\Program Files (x86)\LockKey O43 - CFD: 04/10/2014 - 16:00:41 - [] ----D C:\ProgramData\HandSetService O43 - CFD: 04/10/2014 - 16:00:34 - [] ----D C:\ProgramData\HiSuiteDataSvc O43 - CFD: 04/10/2014 - 16:00:40 - [] ----D C:\ProgramData\HiSuiteOuc O43 - CFD: 18/04/2013 - 17:50:02 - [] ----D C:\ProgramData\IM O43 - CFD: 18/04/2013 - 17:49:06 - [] ----D C:\ProgramData\IncrediMail O43 - CFD: 31/03/2014 - 10:28:47 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} O43 - CFD: 06/08/2014 - 19:00:46 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ELIE5 O43 - CFD: 04/10/2014 - 16:00:39 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite O43 - CFD: 10/10/2011 - 09:19:45 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 20/11/2014 - 09:00:08 - [] ----D C:\Users\Veronique\AppData\Roaming\.oit O43 - CFD: 06/09/2014 - 08:58:30 - [] ----D C:\Users\Veronique\AppData\Roaming\AnyDesk O43 - CFD: 08/02/2014 - 12:35:57 - [] ----D C:\Users\Veronique\AppData\Roaming\Efficient Calendar Free O43 - CFD: 06/02/2014 - 17:01:27 - [] ----D C:\Users\Veronique\AppData\Roaming\Flo & Seb Engineering O43 - CFD: 13/11/2014 - 19:29:49 - [] -SH-D C:\Users\Veronique\AppData\Local\EmieBrowserModeList O43 - CFD: 18/10/2014 - 13:07:00 - [] ----D C:\Users\Veronique\AppData\Local\HiSuite O43 - CFD: 31/07/2014 - 09:18:36 - [] ----D C:\Users\Veronique\AppData\Local\Howard O43 - CFD: 18/04/2013 - 17:58:26 - [] ----D C:\Users\Veronique\AppData\Local\IM O43 - CFD: 08/05/2014 - 09:34:27 - [] ----D C:\Users\Veronique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter ~ 29 Dossier CLSID vide (CLSID Empty Folder) ~ Program Folder: 340 Legitimates Filtered in 00mn 02s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D156FE5E218FF2C69BDC8ACBFD7A5A78] - 20/11/2014 - 08:52:44 ---A- . (...) -- C:\Windows\System32\fastboot.set [690642] ~ Files: 74 Legitimates Filtered in 00mn 34s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{45841984-52a5-11e4-9b0d-08edb998c938}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 19 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:30/10/2014 - 10:09:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software O58 - SDL:30/10/2014 - 10:09:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software O58 - SDL:30/10/2014 - 10:09:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [267632] =>.ALWIL Software O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:15/01/2012 - 23:21:04 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [208168] O58 - SDL:17/09/2014 - 15:11:13 ---A- . (...) -- C:\Windows\System32\Drivers\fsbts.sys [56016] O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:05/06/2013 - 16:37:39 ---A- . (...) -- C:\Windows\SysWOW64\drivers\fsbts.sys [42248] O58 - SDL:25/10/2007 - 16:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632] O58 - SDL:31/03/2009 - 08:39:36 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16392] ~ Drivers: 101 Legitimates Filtered in 00mn 08s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 14/11/2014 - 10:03:31 ---A- . (...) -- C:\Users\Veronique\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll [146760] O61 - LFC: 19/11/2014 - 10:03:30 ---A- . (...) -- C:\Users\Veronique\AppData\Local\Google\Chrome\User Data\EVWhitelist\4\_platform_specific\all\ev_hashes_whitelist.bin [713907] ~ 5187 Fichiers temporaires (Temporary files) ~ 14 Fichiers cookies (Cookies files) ~ Files: 89 Legitimates Filtered in 01mn 25s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 30/10/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID ~ Legacy: 114 Legitimates Filtered in 00mn 01s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.980F765AD63DA63A59C875BE63695B98] [SPRF][27/03/2013] (.Kevin Schneider - Easy Image Modifier 4.72.) -- C:\Program Files (x86)\EasyImageModifier.exe [1219584] ~ Files: 1 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 12/11/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 02/03/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Disabled 26/03/2012 572976 | (DamageGuardSvc) . (.Lenovo (Beijing) Limited.) - C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe SS - | Auto 19/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 19/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 11/03/2014 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 08/08/2013 30184 | (LSCWinService) . (...) - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe SS - | Auto 15/09/2014 729608 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 30/10/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 01/02/2012 945440 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe SR - | Auto 17/12/2010 198784 | (CxAudMsg) . (.Conexant Systems Inc..) - C:\Windows\system32\CxAudMsg64.exe SR - | Auto 18/03/2014 1970544 | (Dedicarz Service) . (...) - C:\Program Files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe SR - | Auto 12/12/2011 135824 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\system32\EscSvc64.exe SR - | Auto 27/02/2012 151648 | (EPSON_PM_RPCV4_05) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.exe SR - | Auto 15/05/2013 191424 | (fshoster) . (.F-Secure Corporation.) - C:\Program Files (x86)\SFR\Pack Sécurité\fshoster32.exe SR - | Demand 14/08/2013 216000 | (FSMA) . (.F-Secure Corporation.) - C:\Program Files (x86)\SFR\Pack Sécurité\apps\ComputerSecurity\Common\FSMA32.exe SR - | Auto 25/06/2013 60352 | (FSORSPClient) . (.F-Secure Corporation.) - C:\Program Files (x86)\SFR\Pack Sécurité\apps\CCF_Reputation\fsorsp.exe SR - | Auto 05/09/2014 138272 | (HiSuiteOuc64.exe) . (...) - C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe SR - | Auto 05/09/2014 219680 | (HuaweiHiSuiteService64.exe) . (...) - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe SR - | Auto 29/11/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 02/02/2012 628448 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 28/02/2012 161560 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 28/02/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 25/07/2014 1720608 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe SR - | Auto 25/07/2014 18956064 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe SR - | Auto 02/07/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 28/02/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 10s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by Veronique at 20/11/2014 10:07:13 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Veronique at 20/11/2014 10:07:15 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13026 - (19/11/2014) Clés trouvées (Keys found) : 1 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange C:\Users\Veronique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^ ~ Additionnel Scan: 256520 Items scanned in 00mn 31s ---\\ Informations complémentaires sur les modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4) ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51) ~ AMI: 3 Legitimates Filtered in 00mn 00s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy http://nicolascoolman.fr/crapware-spyhunter =>Crapware.SpyHunter ~ MSI: 2 link(s) detected in 00mn 00s ---\\ Alert Messages WARNING : Hijacker Proxy found, Clean with ZHPCleaner Tool ~ 1191 Legitimates filtered by white list End of the scan (531 lines in 06mn 26s)(0)