Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014)
~ Lancé par Jalliffier (01/11/2014 16:38:38)
~ Adresse du Site Web http://nicolascoolman.fr
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17239
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
Malwarebytes Anti-Malware version 2.0.3.1025
Windows Defender W7 (Activate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 10 ActiveX
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2927 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 76 GB (26%) free of 281 GB
---\\ Mode de connexion au système
~ Computer Name: JALLIFFIER-HP
~ User Name: Jalliffier
~ All Users Names: Jalliffier, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Jalliffier\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Jalliffier\AppData\Roaming\
~ %Desktop% : C:\Users\Jalliffier\Desktop\
~ %Favorites% : C:\Users\Jalliffier\Favorites\
~ %LocalAppData% : C:\Users\Jalliffier\AppData\Local\
~ %StartMenu% : C:\Users\Jalliffier\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 76 Go of 281 Go)
F: Hard drive, Flash drive, Thumb drive (Free 1 Go of 2 Go)
G: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8E71A5CB5312B8392D4DA4CA37BB5868] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/07/2014 - 11:52:06.) -- C:\Windows\System32\wininet.dll [2266624]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/116
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/590
~ Mon Bureau (My Desktop) : 3/7432
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 16s
---\\ Processus lancés
[MD5.B18DD75D9A482A56A1E61D8512EB4206] - (.DigitalPersona, Inc. - DigitalPersona Local Agent.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe [634192] [PID.2296]
[MD5.CCF2234A35077CA217A61C9CACC48198] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392] [PID.4108]
[MD5.270B6BFFDE7A8199DFEB9735BBB1918F] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Jalliffier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968] [PID.4240]
[MD5.A66B6FF26F6651796A9B2E525CD9604E] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160] [PID.4256]
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.4384]
[MD5.709D5D20E51073B63F90D0CE645DBB3F] - (.Hewlett-Packard - File Sanitizer for HP ProtectTools.) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe [11265536] [PID.4464]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.4544]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4556]
[MD5.1A69BFFC814E701036041F244F95F28D] - (.Cisco Systems, Inc. - Cisco AnyConnect User Interface.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472] [PID.4576]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\RunDll32.exe [0] [PID.3944]
[MD5.CCC250711E6B5F998DC1B7393233A755] - (.Broadcom Corporation. - Bluetooth Headset Skype Proxy.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe [13600] [PID.4404]
[MD5.A57C8C7D1533BFF493FB2BBF07FBBEB3] - (.Portrait Displays, Inc - PDI SDK COM Server for x64/x86 interop.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe [70256] [PID.1280]
[MD5.66A4A7C7802E0968E07647999FFC87E2] - (.Google Inc. - Google Chrome.) -- C:\Users\Jalliffier\AppData\Local\Google\Chrome\Application\chrome.exe [854344] [PID.4640]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8099328] [PID.7476]
[MD5.C9D858E20AE696E7A0D9A05B595F850A] - (.Hewlett-Packard - HPFSService Application.) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984] [PID.852]
[MD5.5AFB3F9B74553BD933555E1C800D2CE1] - (.McAfee, Inc. - Drive Encryption for HP ProtectTools Servic.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192] [PID.888]
[MD5.0B0772247B85FC844A06498386E32F59] - (.Cisco Systems, Inc. - VPN Agent Service.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [560528] [PID.1444]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1544]
[MD5.C5679E5186B2FC95BC76A8A9870D5456] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704] [PID.1392]
[MD5.657E81DF0625198C97F91C09AE9611FC] - (.Hewlett-Packard Development Company, L.P - PTChangeFilterService.) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768] [PID.2128]
[MD5.94C74D758E0F7B1D962DA452B4D28C91] - (.Hewlett-Packard Company - HP DayStarter service.) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112] [PID.2716]
[MD5.83D8BE94E1CBCBE2EA8372DB1A95A159] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2892]
[MD5.BB4E55778D8DE3885E1CDAC795DE7BCE] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.2916]
[MD5.4A8CC4D25525F456069887D5E8C53225] - (.Portrait Displays, Inc. - pdisrvc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [113264] [PID.2956]
[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\windows\SysWOW64\PnkBstrA.exe [76888] [PID.2788]
[MD5.9EEA84226ED2A028BC3FDFDDE03FE95C] - (.ArcSoft, Inc. - ArcVCapture.) -- C:\windows\system\uArcCapture.exe [506472] [PID.1452]
[MD5.E6E9610D76418357A7EC725989687CB4] - (.McAfee, Inc. - Drive Encryption for HP ProtectTools Plugin.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512] [PID.3304]
[MD5.D2946D9F020AE76E9CEF9B4A6DF838C0] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [1129760] [PID.3348]
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.4844]
[MD5.44AA8D5D3B3B5610FEF46CA8A9C52D8C] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.6376]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Jalliffier\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com
~ IE Browser: 19 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [HPPowerAssistant] . (.Hewlett-Packard Company, L.P. - DelayedAppStarter.) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [orangeinside] . (...) -- C:\Users\Jalliffier\AppData\Roaming\Orange\OrangeInside\two\OrangeInside.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Jalliffier\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (.not file.)
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Jalliffier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [Wahoo] C:\Users\Jalliffier\AppData\Local\WahOO\Wahoo.exe (.not file.)
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Jalliffier\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [File Sanitizer] . (.Hewlett-Packard - File Sanitizer for HP ProtectTools.) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Wow6432Node\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [QLBController] . (.Hewlett-Packard Company - QLBController.) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] . (.Cisco Systems, Inc. - Cisco AnyConnect User Interface.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [orangeinside] . (...) -- C:\Users\Jalliffier\AppData\Roaming\Orange\OrangeInside\two\OrangeInside.exe
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Jalliffier\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (.not file.)
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Jalliffier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [Wahoo] C:\Users\Jalliffier\AppData\Local\WahOO\Wahoo.exe (.not file.)
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Jalliffier\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD430554-BB79-4E9D-805A-393849E89DD3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CD430554-BB79-4E9D-805A-393849E89DD3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CD430554-BB79-4E9D-805A-393849E89DD3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1281447494-601060173-2627765126-1002Core [926]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1281447494-601060173-2627765126-1002UA [948]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1281447494-601060173-2627765126-1002Core [1046]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1281447494-601060173-2627765126-1002UA [1098]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForJalliffier [352]
~ Scheduled Task: 22 Legitimates Filtered in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: LudoColl - (.FdSoft.) [HKLM][64Bits] -- LUDOCOLL
O42 - Logiciel: Torrent2Exe - (.www.torrent2exe.com.) [HKCU][64Bits] -- Torrent2Exe
~ Logic: 25 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\FFWorld]
[HKCU\Software\Torrent2Exe.com]
[HKCU\Software\virtual_audio_capture]
~ Key Software: 284 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/01/2014 - 10:17:42 - [] ----D C:\Program Files (x86)\LudoColl
O43 - CFD: 29/01/2014 - 10:18:09 - [] ----D C:\ProgramData\LudoColl
O43 - CFD: 23/01/2014 - 18:12:52 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 18/10/2014 - 11:22:56 - [] ----D C:\Users\Jalliffier\AppData\Roaming\FFWorld Triple Triad
O43 - CFD: 16/10/2013 - 17:38:28 - [] ----D C:\Users\Jalliffier\AppData\Roaming\Torrent2Exe
O43 - CFD: 16/10/2013 - 17:38:28 - [0] ----D C:\Users\Jalliffier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent2Exe
~ 1170 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 1394 Legitimates Filtered in 00mn 22s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7314C4A6D884135969DF81004A95BA40] - 30/10/2014 - 23:49:02 ---A- . (...) -- C:\log_Naruto Shippuden Intégrale des Films (HD 720p Mkv).log [163538236]
O44 - LFC:[MD5.DEBF509C4CF1A3F7424F4D87F0E87584] - 30/10/2014 - 23:49:03 ---A- . (...) -- C:\log_Furtif.Truefrench.Dvdrip.Xvid.AC3-FwD.avi.log [10485089]
O44 - LFC:[MD5.B8F5984031BCC470D369424419DC1F58] - 30/10/2014 - 23:49:03 ---A- . (...) -- C:\log_Maroon 5 - V [Deluxe Edition] (2014) FLAC.log [4848837]
O44 - LFC:[MD5.2E657087C27CEEE56F79E7800B8B5BEB] - 30/10/2014 - 23:49:07 ---A- . (...) -- C:\log_Naruto Shippuden - Saison 14 - Episode 333 a 356.log [41016446]
O44 - LFC:[MD5.1B0B6D9E9CFFFBCCA0035629FB8FBA79] - 30/10/2014 - 23:49:08 ---A- . (...) -- C:\log_Fiston.2014.RERiP.FRENCH.DVDRip.XviD-DesTroY.log [5257223]
O44 - LFC:[MD5.76E330842631DF7ABBE94FE02A068723] - 30/10/2014 - 23:49:09 ---A- . (...) -- C:\log_Once.Upon.A.Time.S02.FRENCH.LD.BDRip.XviD-MiND.log [59433938]
O44 - LFC:[MD5.0B438245ACF4D9F3B8392AE803296615] - 30/10/2014 - 23:49:14 ---A- . (...) -- C:\log_Casseurs Flowters – Orelsan Et Gringe Sont Les Casseur (2013).log [1160772]
O44 - LFC:[MD5.D5F3FA331FB9EFECF67054FE733954D5] - 30/10/2014 - 23:49:18 ---A- . (...) -- C:\log_Ellie Goulding - Lights (2010).log [3355449]
O44 - LFC:[MD5.4CB65BB12758A529D5E92CE9C015F8A1] - 30/10/2014 - 23:49:18 ---A- . (...) -- C:\log_Renaud - L'intégrale 1975-2003.log [10701158]
O44 - LFC:[MD5.28E3885554A2C0F08762A10C784599D9] - 30/10/2014 - 23:49:19 ---A- . (...) -- C:\log_Halcyon Days (Deluxe Edition).log [3066171]
O44 - LFC:[MD5.91DBE31E98DA8DAE8B34B4C6EE7E835D] - 30/10/2014 - 23:49:19 ---A- . (...) -- C:\log_Kyo - Integrale (2000 - 2007) [mp3 320Kbps].log [4958183]
O44 - LFC:[MD5.026B06128C19473484E94B94064E5EC3] - 30/10/2014 - 23:49:19 ---A- . (...) -- C:\log_VA - Divergent (Deluxe Edition) (2014, mp3).log [2112839]
O44 - LFC:[MD5.DF600656D042BE5362578E764BB19D20] - 30/10/2014 - 23:49:20 ---A- . (...) -- C:\log_Your Songs - VA (2014).log [3283072]
O44 - LFC:[MD5.37EECA1589A32640C0E565809238031A] - 30/10/2014 - 23:49:21 ---A- . (...) -- C:\log_FAUVE - VIEUX FRÈRES - PARTIE 1.log [737350]
O44 - LFC:[MD5.7F2446D70C33BB9B00E6BBD51724B3A9] - 30/10/2014 - 23:49:22 ---A- . (...) -- C:\log_Luc Arbogast - Odysseus (2013) FLAC.log [2773031]
O44 - LFC:[MD5.79CC1D7BC130DF539FA271BFEFC60168] - 31/10/2014 - 20:03:16 ---A- . (...) -- C:\log_Sam Smith - In the Lonely Hour (Deluxe Edition 2014).log [904617]
O44 - LFC:[MD5.2A7BFF6365AC7F5823823EF5853BDE6E] - 31/10/2014 - 20:03:22 ---A- . (...) -- C:\log_FAUVE - BLIZZARD [EP - 2013].log [740276]
O44 - LFC:[MD5.0324B9C50EF443B5086715ABAA6B8003] - 31/10/2014 - 20:03:37 ---A- . (...) -- C:\log_Luc arbogast - Oreflam [MP3][320KBPS].log [1988375]
O44 - LFC:[MD5.669D3E113423A359577889A8F1B7ABE6] - 31/10/2014 - 20:03:37 ---A- . (...) -- C:\log_saison 11.log [43787772]
O44 - LFC:[MD5.7F9FE0E9F53CFC816EF78957392B5A8E] - 31/10/2014 - 20:04:05 ---A- . (...) -- C:\log_Le Loup De Wall Street.mkv.log [5167000]
O44 - LFC:[MD5.0ADEFB210EE5C13AB216BAC8B8A355AA] - 31/10/2014 - 20:04:26 ---A- . (...) -- C:\log_Thor.Le.Monde.des.Ténèbres.(The.Dark.World).2013.BDRip.{x264+HE-AAC}{Fr-Eng-Com}{Sub.Fr-Eng-Ara-Com}-™.mkv.log [5318504]
O44 - LFC:[MD5.D04001B6305D6085DBEE8F12E6855091] - 31/10/2014 - 20:04:28 ---A- . (...) -- C:\log_Insanity Asylum Workout.log [38230786]
O44 - LFC:[MD5.F1D191E4EE41E0829D5D83EF1FB49F7E] - 31/10/2014 - 20:04:58 ---A- . (...) -- C:\log_Garou - Au Milieu De Ma Vie 2013 (Version Deluxe) Maxx.log [1888195]
O44 - LFC:[MD5.EE6B117111F9A43E196C02085F683897] - 31/10/2014 - 20:05:04 ---A- . (...) -- C:\log_le jour le plus long.avi.log [5254624]
O44 - LFC:[MD5.0B21936D6C76938F21DEA12800F013AB] - 31/10/2014 - 20:05:19 ---A- . (...) -- C:\log_9 Mois Ferme 2013 FRENCH BRRiP XviD-CARPEDIEM.log [6003463]
O44 - LFC:[MD5.C20880CFDCF9462BA87790E97C0C3D17] - 31/10/2014 - 20:07:58 ---A- . (...) -- C:\log_Perception.S01.FRENCH.LD.HDTV.XviD-MiND.log [27380344]
O44 - LFC:[MD5.AFDA8BF85E5C7C570B9B65D24E22FB93] - 31/10/2014 - 20:08:14 ---A- . (...) -- C:\log_Naruto Shippuden Saison 11.log [55282212]
O44 - LFC:[MD5.1ECAB5E7E2D3EA6A96F673EA68920691] - 31/10/2014 - 20:08:19 ---A- . (...) -- C:\log_Kyo - L'équilibre (2014).log [1634401]
O44 - LFC:[MD5.2AB1386DA73EEFD3C9EA4D719F254FCD] - 31/10/2014 - 20:08:38 ---A- . (...) -- C:\log_47 Ronin 2013 FRENCH BRRiP x264-CARPEDIEM.log [6096600]
O44 - LFC:[MD5.890A1FEE15A160390B034D05FC46441F] - 31/10/2014 - 20:09:59 ---A- . (...) -- C:\log_Naruto Shippuuden VOSTFR - S13 par Fansub-Resistance.log [44413183]
O44 - LFC:[MD5.32D42337060960D9FCD247EC7E9181FC] - 31/10/2014 - 20:10:00 ---A- . (...) -- C:\log_Frankenweenie 2012 TRUEFRENCH DVDRiP XViD-AViTECH.avi.log [5348657]
O44 - LFC:[MD5.839C0E13F5306854ADF0E172CB4099C3] - 31/10/2014 - 20:10:19 ---A- . (...) -- C:\log_naruto fansub resistance.log [44089525]
O44 - LFC:[MD5.29D3E19CBAB2F52DBFB4F7DAFF569DE9] - 31/10/2014 - 20:11:04 ---A- . (...) -- C:\log_Naruto Shippuden Saison 9.log [36959430]
O44 - LFC:[MD5.BD9B9A338EE9875BE051BED3551372A2] - 31/10/2014 - 20:11:33 ---A- . (...) -- C:\log_The Hobbit.The Desolation of Smaug-2013-TRUEFRENCH-BRRip.Xvid-h@mster(Le Hobbit.La désolation de Smaug).avi.log [7692996]
O44 - LFC:[MD5.4996C5D6648D9BBB64A075D21369F738] - 31/10/2014 - 20:11:50 ---A- . (...) -- C:\log_Snowpiercer-2013-FRENCH-BRRip.Xvid-h@mster.avi.log [6147196]
O44 - LFC:[MD5.B2EE1370B8AFC28AD9175B5D1C3138C5] - 31/10/2014 - 20:11:55 ---A- . (...) -- C:\log_Insanity Deluxe.log [61857031]
O44 - LFC:[MD5.2540F7D5F9E0D049B61DAC3B2F73A091] - 31/10/2014 - 20:12:02 ---A- . (...) -- C:\log_Naruto Shippuden Saison 12 VF 720p.log [49212416]
O44 - LFC:[MD5.70C2B8E022B3A09050F0965CD9CD2CB4] - 31/10/2014 - 20:12:31 ---A- . (...) -- C:\log_Albator Corsaire de l'espace-2013-TRUEFRENCH-BRRip.Xvid-h@mster(Space Pirate Captain Harlock).avi.log [5427459]
O44 - LFC:[MD5.A116AB907F3BE67199A7F72AB4E05A0B] - 31/10/2014 - 20:12:31 ---A- . (...) -- C:\log_Hunger Games.L'embrasement-2013-FRENCH-BRRip.Xvid-h@mster(The Hunger Games-Catching Fire).avi.log [6422615]
O44 - LFC:[MD5.459440A08AA7F8B238C75C1F4BEBBAE4] - 31/10/2014 - 20:12:37 ---A- . (...) -- C:\log_DRAGONS (2010).avi.log [5298295]
O44 - LFC:[MD5.FC91CDD642368D9CE9842D6FCFB8D93D] - 31/10/2014 - 20:12:45 ---A- . (...) -- C:\T2Exe.log [223558933]
~ Files: 58 Legitimates Filtered in 06mn 49s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{3bfd97f5-96cf-11e2-b043-e02a82d4122f}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:30/08/2013 - 08:48:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336] =>.ALWIL Software
O58 - SDL:28/06/2013 - 09:41:23 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:28/06/2013 - 09:41:23 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:30/08/2013 - 08:48:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [204880] =>.ALWIL Software
O58 - SDL:28/06/2013 - 09:41:23 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:24/08/2011 - 18:54:15 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [515584]
O58 - SDL:14/01/2013 - 11:26:00 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [36736]
O58 - SDL:07/12/2010 - 13:41:09 ---A- . (...) -- C:\Windows\System32\Drivers\wdfdfgc.sys [3120]
O58 - SDL:07/12/2010 - 13:41:09 ---A- . (...) -- C:\Windows\SysWOW64\drivers\wdfdfgc.sys [3120]
~ Drivers: 97 Legitimates Filtered in 00mn 08s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Jalliffier\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.0E922BE6BC537BA106076ACBA6AFBC6E] [SPRF][17/09/2011] (...) -- C:\ProgramData\EB9B4F7F1D.sys [88]
[MD5.37B6D67A53AD829E29E50914BDC0F8A0] [SPRF][20/02/2012] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.FCD6C695C95BD74E0906BA44AFD39CC7] [SPRF][17/09/2011] (...) -- C:\ProgramData\KGyGaAvL.sys [2516]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 17/11/2009 362040 | (FLCDLOCK) . (.Hewlett-Packard Ltd.) - c:\Windows\SysWOW64\flcdlock.exe
SS - | Auto 27/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 27/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 13/05/2013 270624 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
SS - | Auto 01/10/2010 280120 | (hpHotkeyMonitor) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 14/12/2009 2019120 | (vcsFPService) . (.Validity Sensors, Inc..) - C:\windows\system32\vcsFPService.exe
SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 24/08/2011 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe
SR - | Auto 02/11/2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 09/06/2010 952096 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Demand 01/02/2010 704512 | (DEBridge) . (.McAfee, Inc..) - C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
SR - | Auto 16/07/2010 462160 | (DpHost) . (.DigitalPersona, Inc..) - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
SR - | Auto 17/08/2011 133176 | (HP Power Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
SR - | Auto 19/10/2010 32768 | (HP ProtectTools Service) . (.Hewlett-Packard Development Company, L.P.) - C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 05/04/2010 103992 | (HP Wireless Assistant Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
SR - | Auto 10/05/2010 90112 | (HPDayStarterService) . (.Hewlett-Packard Company.) - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
SR - | Auto 01/02/2010 281192 | (HpFkCryptService) . (.McAfee, Inc..) - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
SR - | Auto 12/12/2009 297984 | (HPFSService) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
SR - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 13/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 04/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 17/06/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/11/2009 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 16/03/2011 113264 | (PdiService) . (.Portrait Displays, Inc..) - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\windows\system32\PnkBstrA.exe
SR - | Auto 24/08/2011 271360 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 04/12/2009 506472 | (uArcCapture) . (.ArcSoft, Inc..) - C:\windows\system\uArcCapture.exe
SR - | Auto 04/11/2009 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 12/12/2013 560528 | (vpnagent) . (.Cisco Systems, Inc..) - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 14s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 287307 Items scanned in 00mn 50s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s
~ 2042 Legitimates filtered by white list
End of the scan (491 lines in 09mn 31s)(0)
~ Lancé par Jalliffier (01/11/2014 16:38:38)
~ Adresse du Site Web http://nicolascoolman.fr
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17239
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
Malwarebytes Anti-Malware version 2.0.3.1025
Windows Defender W7 (Activate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 10 ActiveX
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2927 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 76 GB (26%) free of 281 GB
---\\ Mode de connexion au système
~ Computer Name: JALLIFFIER-HP
~ User Name: Jalliffier
~ All Users Names: Jalliffier, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Jalliffier\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Jalliffier\AppData\Roaming\
~ %Desktop% : C:\Users\Jalliffier\Desktop\
~ %Favorites% : C:\Users\Jalliffier\Favorites\
~ %LocalAppData% : C:\Users\Jalliffier\AppData\Local\
~ %StartMenu% : C:\Users\Jalliffier\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 76 Go of 281 Go)
F: Hard drive, Flash drive, Thumb drive (Free 1 Go of 2 Go)
G: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8E71A5CB5312B8392D4DA4CA37BB5868] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/07/2014 - 11:52:06.) -- C:\Windows\System32\wininet.dll [2266624]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/116
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/590
~ Mon Bureau (My Desktop) : 3/7432
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 16s
---\\ Processus lancés
[MD5.B18DD75D9A482A56A1E61D8512EB4206] - (.DigitalPersona, Inc. - DigitalPersona Local Agent.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe [634192] [PID.2296]
[MD5.CCF2234A35077CA217A61C9CACC48198] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392] [PID.4108]
[MD5.270B6BFFDE7A8199DFEB9735BBB1918F] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Jalliffier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968] [PID.4240]
[MD5.A66B6FF26F6651796A9B2E525CD9604E] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160] [PID.4256]
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.4384]
[MD5.709D5D20E51073B63F90D0CE645DBB3F] - (.Hewlett-Packard - File Sanitizer for HP ProtectTools.) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe [11265536] [PID.4464]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.4544]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4556]
[MD5.1A69BFFC814E701036041F244F95F28D] - (.Cisco Systems, Inc. - Cisco AnyConnect User Interface.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472] [PID.4576]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\RunDll32.exe [0] [PID.3944]
[MD5.CCC250711E6B5F998DC1B7393233A755] - (.Broadcom Corporation. - Bluetooth Headset Skype Proxy.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe [13600] [PID.4404]
[MD5.A57C8C7D1533BFF493FB2BBF07FBBEB3] - (.Portrait Displays, Inc - PDI SDK COM Server for x64/x86 interop.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe [70256] [PID.1280]
[MD5.66A4A7C7802E0968E07647999FFC87E2] - (.Google Inc. - Google Chrome.) -- C:\Users\Jalliffier\AppData\Local\Google\Chrome\Application\chrome.exe [854344] [PID.4640]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8099328] [PID.7476]
[MD5.C9D858E20AE696E7A0D9A05B595F850A] - (.Hewlett-Packard - HPFSService Application.) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984] [PID.852]
[MD5.5AFB3F9B74553BD933555E1C800D2CE1] - (.McAfee, Inc. - Drive Encryption for HP ProtectTools Servic.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192] [PID.888]
[MD5.0B0772247B85FC844A06498386E32F59] - (.Cisco Systems, Inc. - VPN Agent Service.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [560528] [PID.1444]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1544]
[MD5.C5679E5186B2FC95BC76A8A9870D5456] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704] [PID.1392]
[MD5.657E81DF0625198C97F91C09AE9611FC] - (.Hewlett-Packard Development Company, L.P - PTChangeFilterService.) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768] [PID.2128]
[MD5.94C74D758E0F7B1D962DA452B4D28C91] - (.Hewlett-Packard Company - HP DayStarter service.) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [90112] [PID.2716]
[MD5.83D8BE94E1CBCBE2EA8372DB1A95A159] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2892]
[MD5.BB4E55778D8DE3885E1CDAC795DE7BCE] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.2916]
[MD5.4A8CC4D25525F456069887D5E8C53225] - (.Portrait Displays, Inc. - pdisrvc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [113264] [PID.2956]
[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\windows\SysWOW64\PnkBstrA.exe [76888] [PID.2788]
[MD5.9EEA84226ED2A028BC3FDFDDE03FE95C] - (.ArcSoft, Inc. - ArcVCapture.) -- C:\windows\system\uArcCapture.exe [506472] [PID.1452]
[MD5.E6E9610D76418357A7EC725989687CB4] - (.McAfee, Inc. - Drive Encryption for HP ProtectTools Plugin.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512] [PID.3304]
[MD5.D2946D9F020AE76E9CEF9B4A6DF838C0] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [1129760] [PID.3348]
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.4844]
[MD5.44AA8D5D3B3B5610FEF46CA8A9C52D8C] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.6376]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Jalliffier\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com
~ IE Browser: 19 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [HPPowerAssistant] . (.Hewlett-Packard Company, L.P. - DelayedAppStarter.) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [orangeinside] . (...) -- C:\Users\Jalliffier\AppData\Roaming\Orange\OrangeInside\two\OrangeInside.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Jalliffier\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (.not file.)
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Jalliffier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [Wahoo] C:\Users\Jalliffier\AppData\Local\WahOO\Wahoo.exe (.not file.)
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Jalliffier\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [File Sanitizer] . (.Hewlett-Packard - File Sanitizer for HP ProtectTools.) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Wow6432Node\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [QLBController] . (.Hewlett-Packard Company - QLBController.) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] . (.Cisco Systems, Inc. - Cisco AnyConnect User Interface.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [orangeinside] . (...) -- C:\Users\Jalliffier\AppData\Roaming\Orange\OrangeInside\two\OrangeInside.exe
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Jalliffier\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (.not file.)
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Jalliffier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [Wahoo] C:\Users\Jalliffier\AppData\Local\WahOO\Wahoo.exe (.not file.)
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKUS\S-1-5-21-1281447494-601060173-2627765126-1002\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Jalliffier\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD430554-BB79-4E9D-805A-393849E89DD3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CD430554-BB79-4E9D-805A-393849E89DD3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CD430554-BB79-4E9D-805A-393849E89DD3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1281447494-601060173-2627765126-1002Core [926]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1281447494-601060173-2627765126-1002UA [948]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1281447494-601060173-2627765126-1002Core [1046]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1281447494-601060173-2627765126-1002UA [1098]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForJalliffier [352]
~ Scheduled Task: 22 Legitimates Filtered in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: LudoColl - (.FdSoft.) [HKLM][64Bits] -- LUDOCOLL
O42 - Logiciel: Torrent2Exe - (.www.torrent2exe.com.) [HKCU][64Bits] -- Torrent2Exe
~ Logic: 25 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\FFWorld]
[HKCU\Software\Torrent2Exe.com]
[HKCU\Software\virtual_audio_capture]
~ Key Software: 284 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/01/2014 - 10:17:42 - [] ----D C:\Program Files (x86)\LudoColl
O43 - CFD: 29/01/2014 - 10:18:09 - [] ----D C:\ProgramData\LudoColl
O43 - CFD: 23/01/2014 - 18:12:52 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 18/10/2014 - 11:22:56 - [] ----D C:\Users\Jalliffier\AppData\Roaming\FFWorld Triple Triad
O43 - CFD: 16/10/2013 - 17:38:28 - [] ----D C:\Users\Jalliffier\AppData\Roaming\Torrent2Exe
O43 - CFD: 16/10/2013 - 17:38:28 - [0] ----D C:\Users\Jalliffier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent2Exe
~ 1170 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 1394 Legitimates Filtered in 00mn 22s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7314C4A6D884135969DF81004A95BA40] - 30/10/2014 - 23:49:02 ---A- . (...) -- C:\log_Naruto Shippuden Intégrale des Films (HD 720p Mkv).log [163538236]
O44 - LFC:[MD5.DEBF509C4CF1A3F7424F4D87F0E87584] - 30/10/2014 - 23:49:03 ---A- . (...) -- C:\log_Furtif.Truefrench.Dvdrip.Xvid.AC3-FwD.avi.log [10485089]
O44 - LFC:[MD5.B8F5984031BCC470D369424419DC1F58] - 30/10/2014 - 23:49:03 ---A- . (...) -- C:\log_Maroon 5 - V [Deluxe Edition] (2014) FLAC.log [4848837]
O44 - LFC:[MD5.2E657087C27CEEE56F79E7800B8B5BEB] - 30/10/2014 - 23:49:07 ---A- . (...) -- C:\log_Naruto Shippuden - Saison 14 - Episode 333 a 356.log [41016446]
O44 - LFC:[MD5.1B0B6D9E9CFFFBCCA0035629FB8FBA79] - 30/10/2014 - 23:49:08 ---A- . (...) -- C:\log_Fiston.2014.RERiP.FRENCH.DVDRip.XviD-DesTroY.log [5257223]
O44 - LFC:[MD5.76E330842631DF7ABBE94FE02A068723] - 30/10/2014 - 23:49:09 ---A- . (...) -- C:\log_Once.Upon.A.Time.S02.FRENCH.LD.BDRip.XviD-MiND.log [59433938]
O44 - LFC:[MD5.0B438245ACF4D9F3B8392AE803296615] - 30/10/2014 - 23:49:14 ---A- . (...) -- C:\log_Casseurs Flowters – Orelsan Et Gringe Sont Les Casseur (2013).log [1160772]
O44 - LFC:[MD5.D5F3FA331FB9EFECF67054FE733954D5] - 30/10/2014 - 23:49:18 ---A- . (...) -- C:\log_Ellie Goulding - Lights (2010).log [3355449]
O44 - LFC:[MD5.4CB65BB12758A529D5E92CE9C015F8A1] - 30/10/2014 - 23:49:18 ---A- . (...) -- C:\log_Renaud - L'intégrale 1975-2003.log [10701158]
O44 - LFC:[MD5.28E3885554A2C0F08762A10C784599D9] - 30/10/2014 - 23:49:19 ---A- . (...) -- C:\log_Halcyon Days (Deluxe Edition).log [3066171]
O44 - LFC:[MD5.91DBE31E98DA8DAE8B34B4C6EE7E835D] - 30/10/2014 - 23:49:19 ---A- . (...) -- C:\log_Kyo - Integrale (2000 - 2007) [mp3 320Kbps].log [4958183]
O44 - LFC:[MD5.026B06128C19473484E94B94064E5EC3] - 30/10/2014 - 23:49:19 ---A- . (...) -- C:\log_VA - Divergent (Deluxe Edition) (2014, mp3).log [2112839]
O44 - LFC:[MD5.DF600656D042BE5362578E764BB19D20] - 30/10/2014 - 23:49:20 ---A- . (...) -- C:\log_Your Songs - VA (2014).log [3283072]
O44 - LFC:[MD5.37EECA1589A32640C0E565809238031A] - 30/10/2014 - 23:49:21 ---A- . (...) -- C:\log_FAUVE - VIEUX FRÈRES - PARTIE 1.log [737350]
O44 - LFC:[MD5.7F2446D70C33BB9B00E6BBD51724B3A9] - 30/10/2014 - 23:49:22 ---A- . (...) -- C:\log_Luc Arbogast - Odysseus (2013) FLAC.log [2773031]
O44 - LFC:[MD5.79CC1D7BC130DF539FA271BFEFC60168] - 31/10/2014 - 20:03:16 ---A- . (...) -- C:\log_Sam Smith - In the Lonely Hour (Deluxe Edition 2014).log [904617]
O44 - LFC:[MD5.2A7BFF6365AC7F5823823EF5853BDE6E] - 31/10/2014 - 20:03:22 ---A- . (...) -- C:\log_FAUVE - BLIZZARD [EP - 2013].log [740276]
O44 - LFC:[MD5.0324B9C50EF443B5086715ABAA6B8003] - 31/10/2014 - 20:03:37 ---A- . (...) -- C:\log_Luc arbogast - Oreflam [MP3][320KBPS].log [1988375]
O44 - LFC:[MD5.669D3E113423A359577889A8F1B7ABE6] - 31/10/2014 - 20:03:37 ---A- . (...) -- C:\log_saison 11.log [43787772]
O44 - LFC:[MD5.7F9FE0E9F53CFC816EF78957392B5A8E] - 31/10/2014 - 20:04:05 ---A- . (...) -- C:\log_Le Loup De Wall Street.mkv.log [5167000]
O44 - LFC:[MD5.0ADEFB210EE5C13AB216BAC8B8A355AA] - 31/10/2014 - 20:04:26 ---A- . (...) -- C:\log_Thor.Le.Monde.des.Ténèbres.(The.Dark.World).2013.BDRip.{x264+HE-AAC}{Fr-Eng-Com}{Sub.Fr-Eng-Ara-Com}-™.mkv.log [5318504]
O44 - LFC:[MD5.D04001B6305D6085DBEE8F12E6855091] - 31/10/2014 - 20:04:28 ---A- . (...) -- C:\log_Insanity Asylum Workout.log [38230786]
O44 - LFC:[MD5.F1D191E4EE41E0829D5D83EF1FB49F7E] - 31/10/2014 - 20:04:58 ---A- . (...) -- C:\log_Garou - Au Milieu De Ma Vie 2013 (Version Deluxe) Maxx.log [1888195]
O44 - LFC:[MD5.EE6B117111F9A43E196C02085F683897] - 31/10/2014 - 20:05:04 ---A- . (...) -- C:\log_le jour le plus long.avi.log [5254624]
O44 - LFC:[MD5.0B21936D6C76938F21DEA12800F013AB] - 31/10/2014 - 20:05:19 ---A- . (...) -- C:\log_9 Mois Ferme 2013 FRENCH BRRiP XviD-CARPEDIEM.log [6003463]
O44 - LFC:[MD5.C20880CFDCF9462BA87790E97C0C3D17] - 31/10/2014 - 20:07:58 ---A- . (...) -- C:\log_Perception.S01.FRENCH.LD.HDTV.XviD-MiND.log [27380344]
O44 - LFC:[MD5.AFDA8BF85E5C7C570B9B65D24E22FB93] - 31/10/2014 - 20:08:14 ---A- . (...) -- C:\log_Naruto Shippuden Saison 11.log [55282212]
O44 - LFC:[MD5.1ECAB5E7E2D3EA6A96F673EA68920691] - 31/10/2014 - 20:08:19 ---A- . (...) -- C:\log_Kyo - L'équilibre (2014).log [1634401]
O44 - LFC:[MD5.2AB1386DA73EEFD3C9EA4D719F254FCD] - 31/10/2014 - 20:08:38 ---A- . (...) -- C:\log_47 Ronin 2013 FRENCH BRRiP x264-CARPEDIEM.log [6096600]
O44 - LFC:[MD5.890A1FEE15A160390B034D05FC46441F] - 31/10/2014 - 20:09:59 ---A- . (...) -- C:\log_Naruto Shippuuden VOSTFR - S13 par Fansub-Resistance.log [44413183]
O44 - LFC:[MD5.32D42337060960D9FCD247EC7E9181FC] - 31/10/2014 - 20:10:00 ---A- . (...) -- C:\log_Frankenweenie 2012 TRUEFRENCH DVDRiP XViD-AViTECH.avi.log [5348657]
O44 - LFC:[MD5.839C0E13F5306854ADF0E172CB4099C3] - 31/10/2014 - 20:10:19 ---A- . (...) -- C:\log_naruto fansub resistance.log [44089525]
O44 - LFC:[MD5.29D3E19CBAB2F52DBFB4F7DAFF569DE9] - 31/10/2014 - 20:11:04 ---A- . (...) -- C:\log_Naruto Shippuden Saison 9.log [36959430]
O44 - LFC:[MD5.BD9B9A338EE9875BE051BED3551372A2] - 31/10/2014 - 20:11:33 ---A- . (...) -- C:\log_The Hobbit.The Desolation of Smaug-2013-TRUEFRENCH-BRRip.Xvid-h@mster(Le Hobbit.La désolation de Smaug).avi.log [7692996]
O44 - LFC:[MD5.4996C5D6648D9BBB64A075D21369F738] - 31/10/2014 - 20:11:50 ---A- . (...) -- C:\log_Snowpiercer-2013-FRENCH-BRRip.Xvid-h@mster.avi.log [6147196]
O44 - LFC:[MD5.B2EE1370B8AFC28AD9175B5D1C3138C5] - 31/10/2014 - 20:11:55 ---A- . (...) -- C:\log_Insanity Deluxe.log [61857031]
O44 - LFC:[MD5.2540F7D5F9E0D049B61DAC3B2F73A091] - 31/10/2014 - 20:12:02 ---A- . (...) -- C:\log_Naruto Shippuden Saison 12 VF 720p.log [49212416]
O44 - LFC:[MD5.70C2B8E022B3A09050F0965CD9CD2CB4] - 31/10/2014 - 20:12:31 ---A- . (...) -- C:\log_Albator Corsaire de l'espace-2013-TRUEFRENCH-BRRip.Xvid-h@mster(Space Pirate Captain Harlock).avi.log [5427459]
O44 - LFC:[MD5.A116AB907F3BE67199A7F72AB4E05A0B] - 31/10/2014 - 20:12:31 ---A- . (...) -- C:\log_Hunger Games.L'embrasement-2013-FRENCH-BRRip.Xvid-h@mster(The Hunger Games-Catching Fire).avi.log [6422615]
O44 - LFC:[MD5.459440A08AA7F8B238C75C1F4BEBBAE4] - 31/10/2014 - 20:12:37 ---A- . (...) -- C:\log_DRAGONS (2010).avi.log [5298295]
O44 - LFC:[MD5.FC91CDD642368D9CE9842D6FCFB8D93D] - 31/10/2014 - 20:12:45 ---A- . (...) -- C:\T2Exe.log [223558933]
~ Files: 58 Legitimates Filtered in 06mn 49s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{3bfd97f5-96cf-11e2-b043-e02a82d4122f}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:30/08/2013 - 08:48:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336] =>.ALWIL Software
O58 - SDL:28/06/2013 - 09:41:23 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:28/06/2013 - 09:41:23 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:30/08/2013 - 08:48:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [204880] =>.ALWIL Software
O58 - SDL:28/06/2013 - 09:41:23 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:24/08/2011 - 18:54:15 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [515584]
O58 - SDL:14/01/2013 - 11:26:00 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [36736]
O58 - SDL:07/12/2010 - 13:41:09 ---A- . (...) -- C:\Windows\System32\Drivers\wdfdfgc.sys [3120]
O58 - SDL:07/12/2010 - 13:41:09 ---A- . (...) -- C:\Windows\SysWOW64\drivers\wdfdfgc.sys [3120]
~ Drivers: 97 Legitimates Filtered in 00mn 08s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.0E922BE6BC537BA106076ACBA6AFBC6E] [SPRF][17/09/2011] (...) -- C:\ProgramData\EB9B4F7F1D.sys [88]
[MD5.37B6D67A53AD829E29E50914BDC0F8A0] [SPRF][20/02/2012] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.FCD6C695C95BD74E0906BA44AFD39CC7] [SPRF][17/09/2011] (...) -- C:\ProgramData\KGyGaAvL.sys [2516]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 17/11/2009 362040 | (FLCDLOCK) . (.Hewlett-Packard Ltd.) - c:\Windows\SysWOW64\flcdlock.exe
SS - | Auto 27/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 27/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 13/05/2013 270624 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
SS - | Auto 01/10/2010 280120 | (hpHotkeyMonitor) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 14/12/2009 2019120 | (vcsFPService) . (.Validity Sensors, Inc..) - C:\windows\system32\vcsFPService.exe
SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 24/08/2011 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe
SR - | Auto 02/11/2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 09/06/2010 952096 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Demand 01/02/2010 704512 | (DEBridge) . (.McAfee, Inc..) - C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
SR - | Auto 16/07/2010 462160 | (DpHost) . (.DigitalPersona, Inc..) - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
SR - | Auto 17/08/2011 133176 | (HP Power Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
SR - | Auto 19/10/2010 32768 | (HP ProtectTools Service) . (.Hewlett-Packard Development Company, L.P.) - C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 05/04/2010 103992 | (HP Wireless Assistant Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
SR - | Auto 10/05/2010 90112 | (HPDayStarterService) . (.Hewlett-Packard Company.) - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
SR - | Auto 01/02/2010 281192 | (HpFkCryptService) . (.McAfee, Inc..) - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
SR - | Auto 12/12/2009 297984 | (HPFSService) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
SR - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 13/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 04/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 17/06/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/11/2009 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 16/03/2011 113264 | (PdiService) . (.Portrait Displays, Inc..) - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\windows\system32\PnkBstrA.exe
SR - | Auto 24/08/2011 271360 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 04/12/2009 506472 | (uArcCapture) . (.ArcSoft, Inc..) - C:\windows\system\uArcCapture.exe
SR - | Auto 04/11/2009 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 12/12/2013 560528 | (vpnagent) . (.Cisco Systems, Inc..) - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 14s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 287307 Items scanned in 00mn 50s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s
~ 2042 Legitimates filtered by white list
End of the scan (491 lines in 09mn 31s)(0)