Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2015.3.1.25 - Nicolas Coolman (2015-03-01)
~ Lancé par Eddy P (2015-03-03 16:09:44)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17633
MFIE: Mozilla Firefox 36.0
GCIE: Google Chrome v40.0.2214.115
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
---\\ Logiciels de protection du système
Avast Free Antivirus v10.0.2208
AVG 2011 v10.0.1204
Malwarebytes Anti-Malware version 2.0.4.1028
Secunia PSI
---\\ Logiciels d'optimisation du système
CCleaner v5.03
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 16 NPAPI
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 62 Stepping 4, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 16323 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 173 GB (37%) free of 465 GB
---\\ Mode de connexion au système
~ Computer Name: AMDATHLON
~ User Name: Eddy P
~ All Users Names: Eddy P, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Eddy P\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Eddy P\AppData\Roaming\
~ %Desktop% : C:\Users\Eddy P\Desktop\
~ %Favorites% : C:\Users\Eddy P\Favorites\
~ %LocalAppData% : C:\Users\Eddy P\AppData\Local\
~ %StartMenu% : C:\Users\Eddy P\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 173 Go of 465 Go)
D: Hard drive, Flash drive, Thumb drive (Free 190 Go of 932 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Free 15 Go of 15 Go)
H: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)
I: CD-ROM drive (Free 0 Go of 0 Go)
Z: Hard drive, Flash drive, Thumb drive (Free 232 Go of 932 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.2011-02-25 - 01:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009-07-13 - 20:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9DFE41A69DF70AAB75CB5BA8C1109EA2] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2015-01-11 - 20:27:32.) -- C:\Windows\System32\wininet.dll [2358272]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2014-07-16 - 21:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010-11-20 - 22:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2014-05-30 - 01:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-13 - 20:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-13 - 18:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 22:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.2009-07-13 - 18:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-13 - 19:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-26 - 21:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-20 - 22:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2014-01-23 - 21:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009-07-13 - 19:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2010-11-20 - 22:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2010-11-20 - 22:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-13 - 19:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.2014-11-10 - 20:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/947
~ Mes musiques (My Musics) : 6/120
Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 1/1001
~ Mes Documents (My Documents) : 6/18439
~ Mon Bureau (My Desktop) : 6/3538
~ Menu demarrer (Programs) : 1/81
~ Hidden Files: Scanned in 00mn 03s
---\\ Processus lancés
[MD5.7D6E1809C844B1D2AA02B6DCF1950084] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200] [PID.2740]
[MD5.B5E6433A4CBC10C019BD24452E79D054] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Eddy P\AppData\Roaming\Dropbox\bin\Dropbox.exe [42555824] [PID.1224]
[MD5.1CCCAD1593C1FD46B46F9E705B4EEBF8] - (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe [947712] [PID.1992]
[MD5.067E46B329DC3E6D1A8E82F0769E5BF6] - (.Thought Communications, Inc. - FaxTalk CallControl.) -- C:\Program Files (x86)\FaxTalk\FTclctrl.exe [120672] [PID.3140]
[MD5.44ADDA5FB88EE14F57A246285775AC2F] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [5227112] [PID.3192]
[MD5.6DEF3394D1EE006FAC1B4ABADC1D4793] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800] [PID.3204]
[MD5.0C04D13438560D24EA3A97BD7B26B5B7] - (.RaMMicHaeL - Unchecky Background Process.) -- C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe [402536] [PID.5868]
[MD5.046CA262E8D521A1B050566E330B7178] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504] [PID.5464]
[MD5.11244837251AB1255A80DA14AEB45BD3] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [102088] [PID.7072]
[MD5.E8592697D55B515379F781FAF199C73A] - (.Pelmorex Media Inc. - Pas de description.) -- C:\Users\Eddy P\AppData\Local\MétéoMédia\weathereye.exe [310920] [PID.8920]
[MD5.F79AAB172AC180C9BE0C7A8799B7F18B] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256] [PID.8576]
[MD5.A81733155A2172E9E1DDA9935E088554] - (.Magex Technologies - Proprio Expert.) -- C:\Program Files (x86)\Magex Technologies\Proprio Expert\ProprioExpert.exe [18014208] [PID.5416]
[MD5.B9D6D7E6E5C4FCD8DD7F88EC9D563085] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592] [PID.9480]
[MD5.105C276BB7B43501225C419B062096D0] - (.Apple Inc. - iCloud Photos.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816] [PID.4208]
[MD5.04E66EE5570C1E8C838261BA36681B99] - (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe [5723464] [PID.5756]
[MD5.363BC25BACB34E9D40441968B1B3D5BE] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [815288] [PID.4572]
[MD5.A6D3940CE894FA561EFE1A159B46FB74] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.3112]
[MD5.E8B7FD67DA14A7BE57A5CB80E3139E60] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [309704] [PID.8880]
[MD5.F82DEDD741643B437767BD93C241F8CB] - (.LastPass - LastPass Tray Icon.) -- C:\Users\Eddy P\AppData\LocalLow\LastPass\LastPassBroker.exe [11277880] [PID.7880]
[MD5.1ADAB4A9071A474CAC06509EB901E820] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8182784] [PID.10388]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Eddy P\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@hola.org/vlc,version=1.6.861] - (...) -- (.not file.)
P2 - FPN: [HKCU] [vitzo.com/VDownloader] - (.Vitzo - VDownloader browser plug-in.) -- C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll
~ Firefox Browser: 32 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cyberpresse.ca
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com
~ IE Browser: 24 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (61)
~ Hosts File: Scanned in 00mn 00s
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) [64Bits] - {42ad2408-abba-2408-1972-4706560e817b} Clé orpheline
O2 - BHO: LastPass Vault [64Bits] - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} . (.LastPass - LastPass Toolbar.) -- C:\Program Files (x86)\LastPass\LPToolbar.dll =>Toolbar.LastPass
~ BHO: 23 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Replay Media Catcher 6.lnk . (.Jaksta Technologies Pty Ltd - Replay Media Catcher 6.) -- C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe =>PUP.ApplianTechnologies
O4 - GS\TaskBar [Eddy P]: Replay Media Catcher 6.lnk . (.Jaksta Technologies Pty Ltd - Replay Media Catcher 6.) -- C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe =>PUP.ApplianTechnologies
O4 - GS\Desktop [Eddy P]: Replay Media Catcher 5.lnk . (.Jaksta Technologies Pty Ltd - Replay Media Catcher 5.) -- C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jrmcp.exe =>PUP.ApplianTechnologies
~ Global Startup: 3 Legitimates Filtered in 00mn 01s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [WeatherEye] . (.Pelmorex Media Inc. - Pas de description.) -- C:\Users\Eddy P\AppData\Local\MétéoMédia\WeatherEye.exe
O4 - HKCU\..\Run: [Rainlendar2] . (.Pas de propriétaire - Rainlendar2.) -- C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [agentantidote.exe] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
O4 - HKLM\..\Wow6432Node\Run: [agentantidote64.exe] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe
O4 - HKLM\..\Wow6432Node\Run: [FaxTalk Messenger Pro 8] . (.Thought Communications, Inc. - FaxTalk CallControl.) -- C:\Program Files (x86)\FaxTalk\FTClCtrl.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [WeatherEye] . (.Pelmorex Media Inc. - Pas de description.) -- C:\Users\Eddy P\AppData\Local\MétéoMédia\WeatherEye.exe
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [Rainlendar2] . (.Pas de propriétaire - Rainlendar2.) -- C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~3\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~3\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{55a0fd4e-023d-4a25-af1c-e29b7fffef0e}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9C3F04B-BEB4-4949-9A7E-A94279C84084}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9C3F04B-BEB4-4949-9A7E-A94279C84084}: DhcpDomain = no-domain-set.bellcanada
O17 - HKLM\System\CS1\Services\Tcpip\..\{55a0fd4e-023d-4a25-af1c-e29b7fffef0e}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F9C3F04B-BEB4-4949-9A7E-A94279C84084}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F9C3F04B-BEB4-4949-9A7E-A94279C84084}: DhcpDomain = no-domain-set.bellcanada
O17 - HKLM\System\CS2\Services\Tcpip\..\{55a0fd4e-023d-4a25-af1c-e29b7fffef0e}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F9C3F04B-BEB4-4949-9A7E-A94279C84084}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F9C3F04B-BEB4-4949-9A7E-A94279C84084}: DhcpDomain = no-domain-set.bellcanada
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: video/x-flv [64Bits] - {20C75730-7C25-476B-95DC-C65810F9E489} . (.Advanced Micro Devices - MIME Video Detector for IE.) -- C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Jaksta Technologies Pty Ltd - Jaksta audio capture.) - C:\Windows\Jaksta\AC\x64\jaudcap.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) . (.Foxit Software Inc. - Foxit Cloud Safe Update Service.) - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: HauppaugeTVServer (HauppaugeTVServer) . (.Hauppauge Computer Works - Hauppauge TV Server.) - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
~ Services: 29 Legitimates Filtered in 00mn 10s
---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\Tasks\Defraggler Volume D Task.job [296]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Defraggler Volume D Task [296]
O39 - APT: - (..) -- C:\Windows\Tasks\GBM - GBM Backup all files-Full.job [410]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GBM - GBM Backup all files-Full [410]
O39 - APT: - (..) -- C:\Windows\Tasks\GBM - Weekly backup on F-Full.job [406]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GBM - Weekly backup on F-Full [406]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize [326]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Google Software Updater [1014]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\Tasks\Paragon Archive name Paragon Backup A-sur Disque D.job [904]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Paragon Archive name Paragon Backup A-sur Disque D [904]
O39 - APT: - (..) -- C:\Windows\Tasks\Paragon Archive name Paragon Backup A-sur DisqueZ.job [904]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Paragon Archive name Paragon Backup A-sur DisqueZ [904]
O39 - APT: - (..) -- C:\Windows\Tasks\Paragon Archive name Paragon Backup B-sur Disque D.job [904]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Paragon Archive name Paragon Backup B-sur Disque D [904]
O39 - APT: - (..) -- C:\Windows\Tasks\Paragon Archive name Paragon Backup B-sur Disque Z.job [904]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Paragon Archive name Paragon Backup B-sur Disque Z [904]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 00s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (HWiNFO32) . (.REALiX(tm) - HWiNFO32 Kernel Driver.) - C:\Program Files (x86)\HWiNFO32\HWiNFO64A.sys
O41 - Driver: (PSSDK42) . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.2 64bit.) - C:\Windows\system32\Drivers\pssdk42.sys
O41 - Driver: (PSSDKLBF) . (.microOLAP Technologies LTD - PSSDK Driver LoopBack v4.2 64bit.) - C:\Windows\system32\Drivers\pssdklbf.sys
O41 - Driver: (UimBus) . (...) - C:\Windows\System32\DRIVERS\UimBus.sys
O41 - Driver: (Uim_DEVIM) . (...) - C:\Windows\System32\DRIVERS\uim_devim.sys
O41 - Driver: (Uim_IM) . (...) - C:\Windows\System32\DRIVERS\uim_im.sys
~ Drivers: 123 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Beneton Movie GIF 1.1.2 - (.Beneton Software.) [HKLM][64Bits] -- Beneton Movie GIF_is1
O42 - Logiciel: Digital Video Repair 2.2.4.0 - (.Rising Research.) [HKLM][64Bits] -- DigitalVideoRepair_is1
O42 - Logiciel: OverPlay VPN - (.OverPlay.net, LP..) [HKCU][64Bits] -- 006adc251e9a903c
O42 - Logiciel: PowerOff 1.3.0 - (...) [HKLM][64Bits] -- PowerOff_is1
O42 - Logiciel: SanDiskSecureAccess_Manager.exe - (.DMAILER.) [HKCU][64Bits] -- @@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe
O42 - Logiciel: V.92 PCI Voice Faxmodem - (...) [HKLM][64Bits] -- CXT10B4
~ Logic: 38 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\5a7db446]
[HKCU\Software\APN PIP]
[HKCU\Software\CC]
[HKCU\Software\DebugNano]
[HKCU\Software\MeadCo]
[HKCU\Software\Preview]
[HKCU\Software\Reg]
[HKCU\Software\WezzaR]
[HKCU\Software\Yetisoft]
[HKCU\Software\nanocosmos]
[HKCU\Software\undefined]
[HKLM\Software\Wow6432Node\4e8]
[HKLM\Software\Wow6432Node\AcroPano]
[HKLM\Software\Wow6432Node\DebugNano]
[HKLM\Software\Wow6432Node\Dynasoft]
[HKLM\Software\Wow6432Node\MeadCo]
[HKLM\Software\Wow6432Node\Reg]
[HKLM\Software\Wow6432Node\WezzaR]
~ Key Software: 844 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2012-03-20 - 09:54:56 - [] ----D C:\Program Files (x86)\AcroPano
O43 - CFD: 2014-10-31 - 07:58:21 - [] ----D C:\Program Files (x86)\Alerte Dolphin
O43 - CFD: 2015-02-14 - 23:10:44 - [] ----D C:\Program Files (x86)\Any Video Recorder
O43 - CFD: 2015-01-19 - 22:34:36 - [] ----D C:\Program Files (x86)\Beneton Movie GIF
O43 - CFD: 2014-03-16 - 15:29:29 - [] ----D C:\Program Files (x86)\MEDIADICO
O43 - CFD: 2012-05-07 - 10:44:02 - [] ----D C:\Program Files (x86)\PCsensor
O43 - CFD: 2014-10-31 - 07:58:42 - [] ----D C:\Program Files (x86)\Portable
O43 - CFD: 2014-10-31 - 07:58:42 - [] ----D C:\Program Files (x86)\PowerOff
O43 - CFD: 2015-01-06 - 17:26:25 - [] ----D C:\Program Files (x86)\PrivateVPN
O43 - CFD: 2013-12-06 - 01:57:37 - [0] ----D C:\Program Files (x86)\PSupport
O43 - CFD: 2014-12-10 - 12:08:08 - [] ----D C:\Program Files (x86)\Repair File
O43 - CFD: 2011-01-22 - 16:37:28 - [0] ----D C:\Program Files (x86)\Simple Shutdown Scheduler
O43 - CFD: 2015-03-03 - 14:12:53 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 2015-01-25 - 16:00:45 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 2014-10-31 - 07:58:49 - [] ----D C:\ProgramData\chmview
O43 - CFD: 2014-10-31 - 07:58:49 - [] ----D C:\ProgramData\complexbackup
O43 - CFD: 2014-10-31 - 07:58:49 - [] ----D C:\ProgramData\createpart
O43 - CFD: 2015-02-20 - 14:27:53 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 2014-10-31 - 07:58:49 - [] ----D C:\ProgramData\ftw
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\newbackup
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\newrestore
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\PCFaxTx
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\restore
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\rmbwizard
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\scripts
O43 - CFD: 2014-10-31 - 07:58:53 - [] ----D C:\ProgramData\vmcreate
O43 - CFD: 2014-12-02 - 16:25:00 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ Boot Disk
O43 - CFD: 2015-02-14 - 23:10:44 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Video Recorder
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beneton Movie GIF
O43 - CFD: 2014-12-13 - 00:06:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outil de mise à jour Google
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pilotes de scanneur ISIS
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerOff
O43 - CFD: 2011-04-12 - 04:28:08 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 2014-09-23 - 14:07:20 - [] ----D C:\Users\Eddy P\AppData\Roaming\0F1L1I1P0H1L1E1E1F
O43 - CFD: 2012-02-09 - 16:02:37 - [0] ----D C:\Users\Eddy P\AppData\Roaming\My Streaming Media
O43 - CFD: 2014-10-31 - 07:59:11 - [] ----D C:\Users\Eddy P\AppData\Roaming\OverPlay.net, LP
O43 - CFD: 2011-01-22 - 16:38:10 - [0] ----D C:\Users\Eddy P\AppData\Roaming\SimpleShutdownScheduler
O43 - CFD: 2011-10-10 - 15:46:51 - [] ----D C:\Users\Eddy P\AppData\Roaming\T-App
O43 - CFD: 2014-10-31 - 07:59:14 - [] ----D C:\Users\Eddy P\AppData\Roaming\WMBrowser
O43 - CFD: 2014-10-31 - 07:59:14 - [] ----D C:\Users\Eddy P\AppData\Roaming\YoutubeToMp3Converter
O43 - CFD: 2015-01-18 - 22:52:44 - [] ----D C:\Users\Eddy P\AppData\Local\Arun Programs
O43 - CFD: 2015-01-19 - 14:08:31 - [] ----D C:\Users\Eddy P\AppData\Local\Created_By-___Arun_Yadav_
O43 - CFD: 2014-11-12 - 11:16:57 - [] -SH-D C:\Users\Eddy P\AppData\Local\EmieBrowserModeList
O43 - CFD: 2011-08-16 - 13:13:03 - [] ----D C:\Users\Eddy P\AppData\Local\ICS
O43 - CFD: 2014-10-31 - 07:59:04 - [] ----D C:\Users\Eddy P\AppData\Local\QuickStores
O43 - CFD: 2011-01-22 - 16:38:10 - [0] ----D C:\Users\Eddy P\AppData\Local\SimpleShutdownScheduler
O43 - CFD: 2011-08-16 - 13:13:45 - [] ----D C:\Users\Eddy P\AppData\Local\TheWeatherNetwork
O43 - CFD: 2011-01-25 - 15:41:59 - [0] ----D C:\Users\Eddy P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mead & Company
O43 - CFD: 2014-10-31 - 07:59:11 - [] ----D C:\Users\Eddy P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OverPlay.net, LP
O43 - CFD: 2014-10-31 - 07:59:11 - [] ----D C:\Users\Eddy P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PCradio
O43 - CFD: 2015-02-06 - 14:36:30 - [0] ----D C:\Users\Eddy P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Post in top
O43 - CFD: 2011-07-11 - 15:05:58 - [0] ----D C:\Users\Eddy P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheWeatherNetwork
~ Program Folder: 615 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.AC4319D9F19167D95E7A3B23EAA6ADCD] - 2015-02-18 - 16:11:02 ---A- . (...) -- C:\Windows\ODBC.INI [489]
O44 - LFC:[MD5.72CA12E3AE533B262F488053FE07FA3C] - 2015-02-19 - 15:46:28 ---A- . (...) -- C:\Windows\BRRBCOM.INI [7891]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2015-03-03 - 04:00:03 ---A- . (...) -- C:\Windows\System32\LogMsg.txt [0]
O44 - LFC:[MD5.2C0F45A8507015961F1DA0C12F3E198D] - 2015-03-03 - 04:00:03 ---A- . (...) -- C:\Windows\System32\LogVss.txt [82]
O44 - LFC:[MD5.7737105E83875C5462EF02A225FE45BF] - 2015-03-03 - 04:00:04 -SHA- . (...) -- C:\EUMONBMP.SYS [476672]
O44 - LFC:[MD5.6DFDFB74BB491F8B25ED57D9C96D33B7] - 2015-03-03 - 05:30:05 -SHA- . (...) -- C:\{7D5A1F84-0600-4EC2-B0D2-E98F5D021596}.CBM [480256]
O44 - LFC:[MD5.0007B3CB74A0C6B156A0B303B4D1D10C] - 2015-03-03 - 05:30:05 -SHA- . (...) -- C:\{A3BFB902-31DF-49A1-9A7C-F74E10135DC0}.CBM [4096]
O44 - LFC:[MD5.5DE4E580E49D4E01F0905E39C8399F85] - 2015-03-03 - 12:58:12 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [26784]
O44 - LFC:[MD5.5DE4E580E49D4E01F0905E39C8399F85] - 2015-03-03 - 12:58:12 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [26784]
~ Files: 21 Legitimates Filtered in 00mn 01s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 14 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BitTorrent [Key] . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Eddy P\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O53 - SMSR:HKLM\...\startupreg\CanonSolutionMenu [Key] . (...) -- C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\DriverMax [Key] . (...) -- C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\DriverMax_RESTART [Key] . (...) -- C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\HDD Regenerator [Key] . (...) -- C:\Program Files (x86)\HDD Regenerator\Shell.exe
O53 - SMSR:HKLM\...\startupreg\hpqSRMon [Key] . (...) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\ISUSPM Startup [Key] . (...) -- C:\PROGRA~3\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\nmapp [Key] . (...) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\nmctxth [Key] . (...) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Samsung PanelMgr [Key] . (...) -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
O53 - SMSR:HKLM\...\startupreg\Smart File Advisor [Key] . (...) -- C:\Program Files (x86)\Smart File Advisor\sfa.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\zzzHPSETUP [Key] . (...) -- F:\Setup.exe (.not file.) =>.Nicolas Coolman
~ SMSR Keys: 84 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:2015-01-19 - 16:16:14 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:2015-01-19 - 16:16:14 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:2015-01-19 - 16:16:14 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [267632] =>.ALWIL Software
O58 - SDL:2011-08-08 - 13:13:12 ---A- . (.SysProgs.org - WinCDEmu virtual CDROM bus.) -- C:\Windows\System32\Drivers\BazisVirtualCDBus.sys [198480]
O58 - SDL:2008-12-07 - 11:44:56 ---A- . (...) -- C:\Windows\System32\Drivers\btnetBus.sys [35848]
O58 - SDL:2011-11-04 - 15:00:00 ---A- . (.www.winchiphead.com - WDM_64 for CH341 serial, by W.ch.) -- C:\Windows\System32\Drivers\CH341S64.SYS [58368]
O58 - SDL:2009-07-13 - 20:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:2011-03-06 - 18:26:12 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Driver.) -- C:\Windows\System32\Drivers\emBDA64.sys [683136]
O58 - SDL:2011-03-06 - 18:25:18 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Lower filter.) -- C:\Windows\System32\Drivers\emOEM64.sys [1189504]
O58 - SDL:2014-12-15 - 00:59:40 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver.) -- C:\Windows\System32\Drivers\eubakup.sys [60968]
O58 - SDL:2014-12-15 - 00:59:40 ---A- . (...) -- C:\Windows\System32\Drivers\EUBKMON.sys [48168]
O58 - SDL:2014-12-15 - 00:59:40 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver.) -- C:\Windows\System32\Drivers\eudskacs.sys [18472]
O58 - SDL:2014-12-15 - 00:59:40 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver.) -- C:\Windows\System32\Drivers\EuFdDisk.sys [192040]
O58 - SDL:2010-09-20 - 07:28:42 ---A- . (.Hauppauge Computer Works, Inc - Cx418 Raptor Driver.) -- C:\Windows\System32\Drivers\hcw18bda.sys [912896]
O58 - SDL:2009-06-10 - 15:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:2013-06-20 - 20:07:16 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys [46792]
O58 - SDL:2014-12-08 - 21:58:34 ---A- . (.e2eSoft - Kernel mode WDM driver.) -- C:\Windows\System32\Drivers\jaksta_va.sys [103816]
O58 - SDL:2007-05-11 - 17:29:18 ---A- . (...) -- C:\Windows\System32\Drivers\LVPr2M64.sys [30496]
O58 - SDL:2013-02-28 - 20:49:12 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600]
O58 - SDL:2010-09-01 - 03:30:58 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\Windows\System32\Drivers\psi_mf.sys [17976]
O58 - SDL:2015-02-14 - 16:08:38 ---A- . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.2 64bit.) -- C:\Windows\System32\Drivers\pssdk42.sys [53312]
O58 - SDL:2015-02-14 - 16:08:38 ---A- . (.microOLAP Technologies LTD - PSSDK Driver LoopBack v4.2 64bit.) -- C:\Windows\System32\Drivers\pssdklbf.sys [65600]
O58 - SDL:2014-11-19 - 14:59:00 ---A- . (.Audials AG - Filter Driver.) -- C:\Windows\System32\Drivers\RrNetCapFilterDriver.sys [24744]
O58 - SDL:2012-11-10 - 01:00:08 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
O58 - SDL:2009-07-13 - 20:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:2010-02-18 - 09:28:18 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [31232]
O58 - SDL:2013-06-20 - 20:09:46 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:2010-10-04 - 09:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
O58 - SDL:2014-09-14 - 23:56:44 ---A- . (...) -- C:\Windows\System32\Drivers\UimBus.sys [102664]
O58 - SDL:2014-09-14 - 23:56:44 ---A- . (...) -- C:\Windows\System32\Drivers\UimFIO.sys [556552]
O58 - SDL:2012-09-03 - 17:51:08 ---A- . (.Windows (R) 2000 DDK provider - Image Mounter SCSI Port Driver.) -- C:\Windows\System32\Drivers\uimx64.sys [90960]
O58 - SDL:2014-09-14 - 23:56:44 ---A- . (...) -- C:\Windows\System32\Drivers\uim_devim.sys [25992]
O58 - SDL:2014-09-14 - 23:56:44 ---A- . (...) -- C:\Windows\System32\Drivers\uim_im.sys [700680]
O58 - SDL:2012-12-13 - 12:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:2013-02-25 - 03:12:08 ---A- . (.WinISO.com - WinISO Virtual CD Drive.) -- C:\Windows\System32\Drivers\WinisoCDBus.sys [204032]
O58 - SDL:2013-09-04 - 11:25:12 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Application.) -- C:\Windows\System32\Drivers\xssflt.sys [87112]
O58 - SDL:2014-11-18 - 14:39:06 ---A- . (...) -- C:\Windows\System32\epmntdrv.sys [18528]
O58 - SDL:2014-11-18 - 14:39:06 ---A- . (...) -- C:\Windows\System32\EuGdiDrv.sys [10848]
O58 - SDL:2012-08-20 - 09:48:50 ---A- . (...) -- C:\Windows\System32\pwdrvio.sys [19032]
O58 - SDL:2012-08-20 - 09:48:48 ---A- . (...) -- C:\Windows\System32\pwdspio.sys [12384]
O58 - SDL:2008-01-04 - 00:34:42 ----- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp32.sys [10216]
O58 - SDL:2008-01-04 - 00:34:48 ----- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys [11832]
O58 - SDL:2012-08-22 - 04:54:10 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [15232]
O58 - SDL:2013-01-14 - 21:52:27 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys [14464]
O58 - SDL:2009-04-02 - 07:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
O58 - SDL:2004-11-02 - 03:24:02 ---A- . (.Pas de propriétaire - mtlmnt5 driver.) -- C:\Windows\SysWOW64\drivers\mtlmnt5.sys [229720]
O58 - SDL:2004-11-02 - 03:17:28 ---A- . (.Pas de propriétaire - Data pump driver.) -- C:\Windows\SysWOW64\drivers\mtlstrm.sys [1396048]
O58 - SDL:2004-11-02 - 03:26:38 ---A- . (.Pas de propriétaire - Recorder agent driver.) -- C:\Windows\SysWOW64\drivers\RecAgent.sys [14520]
O58 - SDL:2004-11-02 - 03:27:02 ---A- . (.Pas de propriétaire - slnt7554 driver.) -- C:\Windows\SysWOW64\drivers\slnt7554.sys [224888]
O58 - SDL:2004-11-02 - 03:19:02 ---A- . (.Pas de propriétaire - HAL driver.) -- C:\Windows\SysWOW64\drivers\slnthal.sys [100176]
O58 - SDL:2004-11-02 - 03:07:52 ---A- . (.Pas de propriétaire - SlWdmSup driver.) -- C:\Windows\SysWOW64\drivers\slwdmsup.sys [13216]
O58 - SDL:2007-10-25 - 17:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632]
O58 - SDL:2010-10-04 - 09:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
O58 - SDL:2014-11-18 - 14:39:08 ---A- . (...) -- C:\Windows\SysWOW64\epmntdrv.sys [14944]
O58 - SDL:2014-11-18 - 14:39:08 ---A- . (...) -- C:\Windows\SysWOW64\EuGdiDrv.sys [10208]
~ Drivers: 179 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - www.usbfix.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 2015-01-19 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 2014-12-15 - C:\Windows\System32\drivers\EUBKMON.sys (EUBKMON) .(...) - LEGACY_EUBKMON
O64 - Services: CurCS - 2014-12-15 - C:\Windows\system32\drivers\eudskacs.sys (EUDSKACS) .(.CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver.) - LEGACY_EUDSKACS
O64 - Services: CurCS - 2014-12-15 - C:\Windows\system32\drivers\EuFdDisk.sys (EUFDDISK) .(.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver.) - LEGACY_EUFDDISK
O64 - Services: CurCS - 2009-06-10 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 2013-02-25 - C:\Windows\System32\drivers\WinisoCDBus.sys (WinisoCDBus) .(.WinISO.com - WinISO Virtual CD Drive.) - LEGACY_WINISOCDBUS
~ Legacy: 126 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Users\Eddy P\AppData\Local\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {11BBB4F2-FEE7-49AC-A351-2CF01C2E82C4} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {91A72D8E-CD3C-46C1-943B-D894058EB207} - ((www.google.com) Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.3443667C697FB533C238EB528BDA9B0E] [SPRF][2015-03-03] (...) -- C:\Users\Eddy P\Desktop\Registre Adwcleaner-03-03-15-12.47 h.reg [553528702]
[MD5.8F700DA1A1A75501D6EEF76BC866EB29] [SPRF][2011-01-11] (...) -- C:\Windows\Downloaded Program Files\LMIProxyHelper.exe [70984]
[MD5.8F79F824B63626B4BD32016F61AB15ED] [SPRF][2011-03-21] (...) -- C:\Windows\Downloaded Program Files\RACtrl.dll [4097424]
~ Files: 13 Legitimates Filtered in 00mn 02s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{C4F4DCEE-AE56-4ABF-92E3-FAC5EAC13A7C}C:\program files (x86)\bittorrent\bittorrent.exe" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\program files (x86)\bittorrent\bittorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{4776DD6E-90B2-4BC7-BD6F-F9D4ADC7C587}C:\program files (x86)\bittorrent\bittorrent.exe" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\program files (x86)\bittorrent\bittorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{53DED73A-0944-4560-BB8A-E5375C282A3E}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Eddy P\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{D782ECB5-0E70-4F35-BF7D-2351E7A90886}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Eddy P\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 01s
---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: Photos iCloud - {F0D63F85-37EC-4097-B30D-61B4A8917118}
~ MNS: 1 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2010-03-18 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SS - | Disabled 2010-03-27 1054568 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
SS - | Disabled 2015-02-07 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 2010-12-16 2480048 | (afcdpsrv) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
SS - | Disabled 2009-03-27 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SS - | Disabled 2013-04-29 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SS - | Demand 2013-09-25 282112 | (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files (x86)\Browny02\BrYNSvc.exe
SS - | Disabled 2012-10-02 240584 | (DTSAudioSvc) . (.DTS, Inc.) - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
SS - | Auto 2014-10-18 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2014-10-18 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 2012-08-15 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Disabled 2013-05-08 82144 | (hddrsrv) . (...) - C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
SS - | Disabled 2014-01-08 285795 | (HOSTS Anti-PUPs) . (...) - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
SS - | Demand 2009-07-13 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 2013-08-27 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 2014-03-24 357144 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
SS - | Disabled 2014-12-16 114800 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 2013-02-28 118520 | (rpcapd) . (.Riverbed Technology, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe
SS - | Disabled 2010-12-21 987704 | (Secunia PSI Agent) . (.Secunia.) - C:\Program Files (x86)\Secunia\PSI\psia.exe
SS - | Disabled 2010-12-21 399416 | (Secunia Update Agent) . (.Secunia.) - C:\Program Files (x86)\Secunia\PSI\sua.exe
SS - | Auto 2015-01-02 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 2012-01-18 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SS - | Auto 1658-07-22 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe
SR - | Auto 2009-07-13 27136 | C:\Windows\SysWOW64\ACFXAU64.dll (AcfXAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 2014-12-19 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 2015-01-19 77128 | (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2013-09-17 951936 | (asHmComSvc) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
SR - | Auto 2015-01-19 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 2015-01-19 4012248 | (AvastVBoxSvc) . (.Avast Software.) - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
SR - | Auto 2011-08-30 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 2014-06-12 64624 | (CGVPNCliService) . (.CyberGhost S.R.L.) - C:\Program Files\CyberGhost 5\Service.exe
SR - | Auto 2014-12-15 37416 | (EaseUS Agent) . (.CHENGDU YIWO Tech Development Co., Ltd.) - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
SR - | Auto 2011-09-23 33120 | (FaxTalk Messenger Pro 8) . (.Thought Communications, Inc..) - C:\Program Files (x86)\FaxTalk\FTmsgsvc.exe
SR - | Auto 2014-10-28 244448 | (FoxitCloudUpdateService) . (.Foxit Software Inc..) - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
SR - | Auto 2014-11-13 108032 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SR - | Auto 2014-09-16 1149760 | (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
SR - | Auto 2014-02-04 582144 | (HauppaugeTVServer) . (.Hauppauge Computer Works.) - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
SR - | Auto 2007-07-13 111912 | (hnmsvc) . (.SingleClick Systems.) - C:\Program Files (x86)\SingleClick Systems\HomeNet Manager\hnm_svc.exe
SR - | Auto 2013-11-21 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 2013-08-27 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 2014-07-09 261896 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe
SR - | Demand 2015-02-13 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 2014-06-24 154584 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 2014-06-24 405976 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 2014-10-15 2820424 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 2014-09-16 1796928 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 2014-09-16 19440960 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 2015-02-05 935056 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 2015-02-05 410952 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 2014-11-28 5419792 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
SR - | Auto 2015-01-20 126568 | (Unchecky) . (.RaMMicHaeL.) - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
SR - | Auto 2009-07-13 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 1658-07-22 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 2009-07-13 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:2012-11-10 - 01:00:08 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
~ Emulateurs: Scanned in 00mn 06s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (2015-03-01)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}] =>Toolbar.LastPass^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent] =>P2P.BitTorrent^
[HKCU\Software\APN PIP] =>Toolbar.Ask
~ Additionnel Scan: 552386 Items scanned in 00mn 45s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/33962622-toolbar-lastpass =>Toolbar.LastPass
http://www.nicolascoolman.fr/blog/ =>PUP.ApplianTechnologies
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
~ MSI: 3 link(s) detected in 00mn 00s
~ 1851 Legitimates filtered by white list
End of the scan (685 lines in 01mn 25s)(0.2)
~ Lancé par Eddy P (2015-03-03 16:09:44)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17633
MFIE: Mozilla Firefox 36.0
GCIE: Google Chrome v40.0.2214.115
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
---\\ Logiciels de protection du système
Avast Free Antivirus v10.0.2208
AVG 2011 v10.0.1204
Malwarebytes Anti-Malware version 2.0.4.1028
Secunia PSI
---\\ Logiciels d'optimisation du système
CCleaner v5.03
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 16 NPAPI
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 62 Stepping 4, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 16323 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 173 GB (37%) free of 465 GB
---\\ Mode de connexion au système
~ Computer Name: AMDATHLON
~ User Name: Eddy P
~ All Users Names: Eddy P, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Eddy P\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Eddy P\AppData\Roaming\
~ %Desktop% : C:\Users\Eddy P\Desktop\
~ %Favorites% : C:\Users\Eddy P\Favorites\
~ %LocalAppData% : C:\Users\Eddy P\AppData\Local\
~ %StartMenu% : C:\Users\Eddy P\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 173 Go of 465 Go)
D: Hard drive, Flash drive, Thumb drive (Free 190 Go of 932 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Free 15 Go of 15 Go)
H: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)
I: CD-ROM drive (Free 0 Go of 0 Go)
Z: Hard drive, Flash drive, Thumb drive (Free 232 Go of 932 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.2011-02-25 - 01:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009-07-13 - 20:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9DFE41A69DF70AAB75CB5BA8C1109EA2] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2015-01-11 - 20:27:32.) -- C:\Windows\System32\wininet.dll [2358272]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2014-07-16 - 21:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010-11-20 - 22:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2014-05-30 - 01:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-13 - 20:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-13 - 18:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 22:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.2009-07-13 - 18:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-13 - 19:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-26 - 21:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-20 - 22:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2014-01-23 - 21:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009-07-13 - 19:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2010-11-20 - 22:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2010-11-20 - 22:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-13 - 19:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.2014-11-10 - 20:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/947
~ Mes musiques (My Musics) : 6/120
Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 1/1001
~ Mes Documents (My Documents) : 6/18439
~ Mon Bureau (My Desktop) : 6/3538
~ Menu demarrer (Programs) : 1/81
~ Hidden Files: Scanned in 00mn 03s
---\\ Processus lancés
[MD5.7D6E1809C844B1D2AA02B6DCF1950084] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200] [PID.2740]
[MD5.B5E6433A4CBC10C019BD24452E79D054] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Eddy P\AppData\Roaming\Dropbox\bin\Dropbox.exe [42555824] [PID.1224]
[MD5.1CCCAD1593C1FD46B46F9E705B4EEBF8] - (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe [947712] [PID.1992]
[MD5.067E46B329DC3E6D1A8E82F0769E5BF6] - (.Thought Communications, Inc. - FaxTalk CallControl.) -- C:\Program Files (x86)\FaxTalk\FTclctrl.exe [120672] [PID.3140]
[MD5.44ADDA5FB88EE14F57A246285775AC2F] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [5227112] [PID.3192]
[MD5.6DEF3394D1EE006FAC1B4ABADC1D4793] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800] [PID.3204]
[MD5.0C04D13438560D24EA3A97BD7B26B5B7] - (.RaMMicHaeL - Unchecky Background Process.) -- C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe [402536] [PID.5868]
[MD5.046CA262E8D521A1B050566E330B7178] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504] [PID.5464]
[MD5.11244837251AB1255A80DA14AEB45BD3] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [102088] [PID.7072]
[MD5.E8592697D55B515379F781FAF199C73A] - (.Pelmorex Media Inc. - Pas de description.) -- C:\Users\Eddy P\AppData\Local\MétéoMédia\weathereye.exe [310920] [PID.8920]
[MD5.F79AAB172AC180C9BE0C7A8799B7F18B] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256] [PID.8576]
[MD5.A81733155A2172E9E1DDA9935E088554] - (.Magex Technologies - Proprio Expert.) -- C:\Program Files (x86)\Magex Technologies\Proprio Expert\ProprioExpert.exe [18014208] [PID.5416]
[MD5.B9D6D7E6E5C4FCD8DD7F88EC9D563085] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592] [PID.9480]
[MD5.105C276BB7B43501225C419B062096D0] - (.Apple Inc. - iCloud Photos.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816] [PID.4208]
[MD5.04E66EE5570C1E8C838261BA36681B99] - (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe [5723464] [PID.5756]
[MD5.363BC25BACB34E9D40441968B1B3D5BE] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [815288] [PID.4572]
[MD5.A6D3940CE894FA561EFE1A159B46FB74] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.3112]
[MD5.E8B7FD67DA14A7BE57A5CB80E3139E60] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [309704] [PID.8880]
[MD5.F82DEDD741643B437767BD93C241F8CB] - (.LastPass - LastPass Tray Icon.) -- C:\Users\Eddy P\AppData\LocalLow\LastPass\LastPassBroker.exe [11277880] [PID.7880]
[MD5.1ADAB4A9071A474CAC06509EB901E820] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8182784] [PID.10388]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Eddy P\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@hola.org/vlc,version=1.6.861] - (...) -- (.not file.)
P2 - FPN: [HKCU] [vitzo.com/VDownloader] - (.Vitzo - VDownloader browser plug-in.) -- C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll
~ Firefox Browser: 32 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cyberpresse.ca
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com
~ IE Browser: 24 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (61)
~ Hosts File: Scanned in 00mn 00s
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) [64Bits] - {42ad2408-abba-2408-1972-4706560e817b} Clé orpheline
O2 - BHO: LastPass Vault [64Bits] - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} . (.LastPass - LastPass Toolbar.) -- C:\Program Files (x86)\LastPass\LPToolbar.dll =>Toolbar.LastPass
~ BHO: 23 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Replay Media Catcher 6.lnk . (.Jaksta Technologies Pty Ltd - Replay Media Catcher 6.) -- C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe =>PUP.ApplianTechnologies
O4 - GS\TaskBar [Eddy P]: Replay Media Catcher 6.lnk . (.Jaksta Technologies Pty Ltd - Replay Media Catcher 6.) -- C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe =>PUP.ApplianTechnologies
O4 - GS\Desktop [Eddy P]: Replay Media Catcher 5.lnk . (.Jaksta Technologies Pty Ltd - Replay Media Catcher 5.) -- C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jrmcp.exe =>PUP.ApplianTechnologies
~ Global Startup: 3 Legitimates Filtered in 00mn 01s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [WeatherEye] . (.Pelmorex Media Inc. - Pas de description.) -- C:\Users\Eddy P\AppData\Local\MétéoMédia\WeatherEye.exe
O4 - HKCU\..\Run: [Rainlendar2] . (.Pas de propriétaire - Rainlendar2.) -- C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [agentantidote.exe] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
O4 - HKLM\..\Wow6432Node\Run: [agentantidote64.exe] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe
O4 - HKLM\..\Wow6432Node\Run: [FaxTalk Messenger Pro 8] . (.Thought Communications, Inc. - FaxTalk CallControl.) -- C:\Program Files (x86)\FaxTalk\FTClCtrl.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [WeatherEye] . (.Pelmorex Media Inc. - Pas de description.) -- C:\Users\Eddy P\AppData\Local\MétéoMédia\WeatherEye.exe
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [Rainlendar2] . (.Pas de propriétaire - Rainlendar2.) -- C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3648730043-149949118-2077670278-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~3\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~3\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{55a0fd4e-023d-4a25-af1c-e29b7fffef0e}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9C3F04B-BEB4-4949-9A7E-A94279C84084}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9C3F04B-BEB4-4949-9A7E-A94279C84084}: DhcpDomain = no-domain-set.bellcanada
O17 - HKLM\System\CS1\Services\Tcpip\..\{55a0fd4e-023d-4a25-af1c-e29b7fffef0e}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F9C3F04B-BEB4-4949-9A7E-A94279C84084}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F9C3F04B-BEB4-4949-9A7E-A94279C84084}: DhcpDomain = no-domain-set.bellcanada
O17 - HKLM\System\CS2\Services\Tcpip\..\{55a0fd4e-023d-4a25-af1c-e29b7fffef0e}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F9C3F04B-BEB4-4949-9A7E-A94279C84084}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F9C3F04B-BEB4-4949-9A7E-A94279C84084}: DhcpDomain = no-domain-set.bellcanada
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: video/x-flv [64Bits] - {20C75730-7C25-476B-95DC-C65810F9E489} . (.Advanced Micro Devices - MIME Video Detector for IE.) -- C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Jaksta Technologies Pty Ltd - Jaksta audio capture.) - C:\Windows\Jaksta\AC\x64\jaudcap.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) . (.Foxit Software Inc. - Foxit Cloud Safe Update Service.) - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: HauppaugeTVServer (HauppaugeTVServer) . (.Hauppauge Computer Works - Hauppauge TV Server.) - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
~ Services: 29 Legitimates Filtered in 00mn 10s
---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\Tasks\Defraggler Volume D Task.job [296]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Defraggler Volume D Task [296]
O39 - APT: - (..) -- C:\Windows\Tasks\GBM - GBM Backup all files-Full.job [410]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GBM - GBM Backup all files-Full [410]
O39 - APT: - (..) -- C:\Windows\Tasks\GBM - Weekly backup on F-Full.job [406]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GBM - Weekly backup on F-Full [406]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize [326]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Google Software Updater [1014]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\Tasks\Paragon Archive name Paragon Backup A-sur Disque D.job [904]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Paragon Archive name Paragon Backup A-sur Disque D [904]
O39 - APT: - (..) -- C:\Windows\Tasks\Paragon Archive name Paragon Backup A-sur DisqueZ.job [904]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Paragon Archive name Paragon Backup A-sur DisqueZ [904]
O39 - APT: - (..) -- C:\Windows\Tasks\Paragon Archive name Paragon Backup B-sur Disque D.job [904]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Paragon Archive name Paragon Backup B-sur Disque D [904]
O39 - APT: - (..) -- C:\Windows\Tasks\Paragon Archive name Paragon Backup B-sur Disque Z.job [904]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Paragon Archive name Paragon Backup B-sur Disque Z [904]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 00s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (HWiNFO32) . (.REALiX(tm) - HWiNFO32 Kernel Driver.) - C:\Program Files (x86)\HWiNFO32\HWiNFO64A.sys
O41 - Driver: (PSSDK42) . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.2 64bit.) - C:\Windows\system32\Drivers\pssdk42.sys
O41 - Driver: (PSSDKLBF) . (.microOLAP Technologies LTD - PSSDK Driver LoopBack v4.2 64bit.) - C:\Windows\system32\Drivers\pssdklbf.sys
O41 - Driver: (UimBus) . (...) - C:\Windows\System32\DRIVERS\UimBus.sys
O41 - Driver: (Uim_DEVIM) . (...) - C:\Windows\System32\DRIVERS\uim_devim.sys
O41 - Driver: (Uim_IM) . (...) - C:\Windows\System32\DRIVERS\uim_im.sys
~ Drivers: 123 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Beneton Movie GIF 1.1.2 - (.Beneton Software.) [HKLM][64Bits] -- Beneton Movie GIF_is1
O42 - Logiciel: Digital Video Repair 2.2.4.0 - (.Rising Research.) [HKLM][64Bits] -- DigitalVideoRepair_is1
O42 - Logiciel: OverPlay VPN - (.OverPlay.net, LP..) [HKCU][64Bits] -- 006adc251e9a903c
O42 - Logiciel: PowerOff 1.3.0 - (...) [HKLM][64Bits] -- PowerOff_is1
O42 - Logiciel: SanDiskSecureAccess_Manager.exe - (.DMAILER.) [HKCU][64Bits] -- @@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe
O42 - Logiciel: V.92 PCI Voice Faxmodem - (...) [HKLM][64Bits] -- CXT10B4
~ Logic: 38 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\5a7db446]
[HKCU\Software\APN PIP]
[HKCU\Software\CC]
[HKCU\Software\DebugNano]
[HKCU\Software\MeadCo]
[HKCU\Software\Preview]
[HKCU\Software\Reg]
[HKCU\Software\WezzaR]
[HKCU\Software\Yetisoft]
[HKCU\Software\nanocosmos]
[HKCU\Software\undefined]
[HKLM\Software\Wow6432Node\4e8]
[HKLM\Software\Wow6432Node\AcroPano]
[HKLM\Software\Wow6432Node\DebugNano]
[HKLM\Software\Wow6432Node\Dynasoft]
[HKLM\Software\Wow6432Node\MeadCo]
[HKLM\Software\Wow6432Node\Reg]
[HKLM\Software\Wow6432Node\WezzaR]
~ Key Software: 844 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2012-03-20 - 09:54:56 - [] ----D C:\Program Files (x86)\AcroPano
O43 - CFD: 2014-10-31 - 07:58:21 - [] ----D C:\Program Files (x86)\Alerte Dolphin
O43 - CFD: 2015-02-14 - 23:10:44 - [] ----D C:\Program Files (x86)\Any Video Recorder
O43 - CFD: 2015-01-19 - 22:34:36 - [] ----D C:\Program Files (x86)\Beneton Movie GIF
O43 - CFD: 2014-03-16 - 15:29:29 - [] ----D C:\Program Files (x86)\MEDIADICO
O43 - CFD: 2012-05-07 - 10:44:02 - [] ----D C:\Program Files (x86)\PCsensor
O43 - CFD: 2014-10-31 - 07:58:42 - [] ----D C:\Program Files (x86)\Portable
O43 - CFD: 2014-10-31 - 07:58:42 - [] ----D C:\Program Files (x86)\PowerOff
O43 - CFD: 2015-01-06 - 17:26:25 - [] ----D C:\Program Files (x86)\PrivateVPN
O43 - CFD: 2013-12-06 - 01:57:37 - [0] ----D C:\Program Files (x86)\PSupport
O43 - CFD: 2014-12-10 - 12:08:08 - [] ----D C:\Program Files (x86)\Repair File
O43 - CFD: 2011-01-22 - 16:37:28 - [0] ----D C:\Program Files (x86)\Simple Shutdown Scheduler
O43 - CFD: 2015-03-03 - 14:12:53 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 2015-01-25 - 16:00:45 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 2014-10-31 - 07:58:49 - [] ----D C:\ProgramData\chmview
O43 - CFD: 2014-10-31 - 07:58:49 - [] ----D C:\ProgramData\complexbackup
O43 - CFD: 2014-10-31 - 07:58:49 - [] ----D C:\ProgramData\createpart
O43 - CFD: 2015-02-20 - 14:27:53 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 2014-10-31 - 07:58:49 - [] ----D C:\ProgramData\ftw
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\newbackup
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\newrestore
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\PCFaxTx
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\restore
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\rmbwizard
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\scripts
O43 - CFD: 2014-10-31 - 07:58:53 - [] ----D C:\ProgramData\vmcreate
O43 - CFD: 2014-12-02 - 16:25:00 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ Boot Disk
O43 - CFD: 2015-02-14 - 23:10:44 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Video Recorder
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beneton Movie GIF
O43 - CFD: 2014-12-13 - 00:06:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outil de mise à jour Google
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pilotes de scanneur ISIS
O43 - CFD: 2014-10-31 - 07:58:52 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerOff
O43 - CFD: 2011-04-12 - 04:28:08 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 2014-09-23 - 14:07:20 - [] ----D C:\Users\Eddy P\AppData\Roaming\0F1L1I1P0H1L1E1E1F
O43 - CFD: 2012-02-09 - 16:02:37 - [0] ----D C:\Users\Eddy P\AppData\Roaming\My Streaming Media
O43 - CFD: 2014-10-31 - 07:59:11 - [] ----D C:\Users\Eddy P\AppData\Roaming\OverPlay.net, LP
O43 - CFD: 2011-01-22 - 16:38:10 - [0] ----D C:\Users\Eddy P\AppData\Roaming\SimpleShutdownScheduler
O43 - CFD: 2011-10-10 - 15:46:51 - [] ----D C:\Users\Eddy P\AppData\Roaming\T-App
O43 - CFD: 2014-10-31 - 07:59:14 - [] ----D C:\Users\Eddy P\AppData\Roaming\WMBrowser
O43 - CFD: 2014-10-31 - 07:59:14 - [] ----D C:\Users\Eddy P\AppData\Roaming\YoutubeToMp3Converter
O43 - CFD: 2015-01-18 - 22:52:44 - [] ----D C:\Users\Eddy P\AppData\Local\Arun Programs
O43 - CFD: 2015-01-19 - 14:08:31 - [] ----D C:\Users\Eddy P\AppData\Local\Created_By-___Arun_Yadav_
O43 - CFD: 2014-11-12 - 11:16:57 - [] -SH-D C:\Users\Eddy P\AppData\Local\EmieBrowserModeList
O43 - CFD: 2011-08-16 - 13:13:03 - [] ----D C:\Users\Eddy P\AppData\Local\ICS
O43 - CFD: 2014-10-31 - 07:59:04 - [] ----D C:\Users\Eddy P\AppData\Local\QuickStores
O43 - CFD: 2011-01-22 - 16:38:10 - [0] ----D C:\Users\Eddy P\AppData\Local\SimpleShutdownScheduler
O43 - CFD: 2011-08-16 - 13:13:45 - [] ----D C:\Users\Eddy P\AppData\Local\TheWeatherNetwork
O43 - CFD: 2011-01-25 - 15:41:59 - [0] ----D C:\Users\Eddy P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mead & Company
O43 - CFD: 2014-10-31 - 07:59:11 - [] ----D C:\Users\Eddy P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OverPlay.net, LP
O43 - CFD: 2014-10-31 - 07:59:11 - [] ----D C:\Users\Eddy P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PCradio
O43 - CFD: 2015-02-06 - 14:36:30 - [0] ----D C:\Users\Eddy P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Post in top
O43 - CFD: 2011-07-11 - 15:05:58 - [0] ----D C:\Users\Eddy P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheWeatherNetwork
~ Program Folder: 615 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.AC4319D9F19167D95E7A3B23EAA6ADCD] - 2015-02-18 - 16:11:02 ---A- . (...) -- C:\Windows\ODBC.INI [489]
O44 - LFC:[MD5.72CA12E3AE533B262F488053FE07FA3C] - 2015-02-19 - 15:46:28 ---A- . (...) -- C:\Windows\BRRBCOM.INI [7891]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2015-03-03 - 04:00:03 ---A- . (...) -- C:\Windows\System32\LogMsg.txt [0]
O44 - LFC:[MD5.2C0F45A8507015961F1DA0C12F3E198D] - 2015-03-03 - 04:00:03 ---A- . (...) -- C:\Windows\System32\LogVss.txt [82]
O44 - LFC:[MD5.7737105E83875C5462EF02A225FE45BF] - 2015-03-03 - 04:00:04 -SHA- . (...) -- C:\EUMONBMP.SYS [476672]
O44 - LFC:[MD5.6DFDFB74BB491F8B25ED57D9C96D33B7] - 2015-03-03 - 05:30:05 -SHA- . (...) -- C:\{7D5A1F84-0600-4EC2-B0D2-E98F5D021596}.CBM [480256]
O44 - LFC:[MD5.0007B3CB74A0C6B156A0B303B4D1D10C] - 2015-03-03 - 05:30:05 -SHA- . (...) -- C:\{A3BFB902-31DF-49A1-9A7C-F74E10135DC0}.CBM [4096]
O44 - LFC:[MD5.5DE4E580E49D4E01F0905E39C8399F85] - 2015-03-03 - 12:58:12 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [26784]
O44 - LFC:[MD5.5DE4E580E49D4E01F0905E39C8399F85] - 2015-03-03 - 12:58:12 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [26784]
~ Files: 21 Legitimates Filtered in 00mn 01s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 14 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BitTorrent [Key] . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Eddy P\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O53 - SMSR:HKLM\...\startupreg\CanonSolutionMenu [Key] . (...) -- C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\DriverMax [Key] . (...) -- C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\DriverMax_RESTART [Key] . (...) -- C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\HDD Regenerator [Key] . (...) -- C:\Program Files (x86)\HDD Regenerator\Shell.exe
O53 - SMSR:HKLM\...\startupreg\hpqSRMon [Key] . (...) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\ISUSPM Startup [Key] . (...) -- C:\PROGRA~3\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\nmapp [Key] . (...) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\nmctxth [Key] . (...) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Samsung PanelMgr [Key] . (...) -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
O53 - SMSR:HKLM\...\startupreg\Smart File Advisor [Key] . (...) -- C:\Program Files (x86)\Smart File Advisor\sfa.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\zzzHPSETUP [Key] . (...) -- F:\Setup.exe (.not file.) =>.Nicolas Coolman
~ SMSR Keys: 84 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:2015-01-19 - 16:16:14 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:2015-01-19 - 16:16:14 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:2015-01-19 - 16:16:14 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [267632] =>.ALWIL Software
O58 - SDL:2011-08-08 - 13:13:12 ---A- . (.SysProgs.org - WinCDEmu virtual CDROM bus.) -- C:\Windows\System32\Drivers\BazisVirtualCDBus.sys [198480]
O58 - SDL:2008-12-07 - 11:44:56 ---A- . (...) -- C:\Windows\System32\Drivers\btnetBus.sys [35848]
O58 - SDL:2011-11-04 - 15:00:00 ---A- . (.www.winchiphead.com - WDM_64 for CH341 serial, by W.ch.) -- C:\Windows\System32\Drivers\CH341S64.SYS [58368]
O58 - SDL:2009-07-13 - 20:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:2011-03-06 - 18:26:12 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Driver.) -- C:\Windows\System32\Drivers\emBDA64.sys [683136]
O58 - SDL:2011-03-06 - 18:25:18 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Lower filter.) -- C:\Windows\System32\Drivers\emOEM64.sys [1189504]
O58 - SDL:2014-12-15 - 00:59:40 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver.) -- C:\Windows\System32\Drivers\eubakup.sys [60968]
O58 - SDL:2014-12-15 - 00:59:40 ---A- . (...) -- C:\Windows\System32\Drivers\EUBKMON.sys [48168]
O58 - SDL:2014-12-15 - 00:59:40 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver.) -- C:\Windows\System32\Drivers\eudskacs.sys [18472]
O58 - SDL:2014-12-15 - 00:59:40 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver.) -- C:\Windows\System32\Drivers\EuFdDisk.sys [192040]
O58 - SDL:2010-09-20 - 07:28:42 ---A- . (.Hauppauge Computer Works, Inc - Cx418 Raptor Driver.) -- C:\Windows\System32\Drivers\hcw18bda.sys [912896]
O58 - SDL:2009-06-10 - 15:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:2013-06-20 - 20:07:16 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys [46792]
O58 - SDL:2014-12-08 - 21:58:34 ---A- . (.e2eSoft - Kernel mode WDM driver.) -- C:\Windows\System32\Drivers\jaksta_va.sys [103816]
O58 - SDL:2007-05-11 - 17:29:18 ---A- . (...) -- C:\Windows\System32\Drivers\LVPr2M64.sys [30496]
O58 - SDL:2013-02-28 - 20:49:12 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600]
O58 - SDL:2010-09-01 - 03:30:58 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\Windows\System32\Drivers\psi_mf.sys [17976]
O58 - SDL:2015-02-14 - 16:08:38 ---A- . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.2 64bit.) -- C:\Windows\System32\Drivers\pssdk42.sys [53312]
O58 - SDL:2015-02-14 - 16:08:38 ---A- . (.microOLAP Technologies LTD - PSSDK Driver LoopBack v4.2 64bit.) -- C:\Windows\System32\Drivers\pssdklbf.sys [65600]
O58 - SDL:2014-11-19 - 14:59:00 ---A- . (.Audials AG - Filter Driver.) -- C:\Windows\System32\Drivers\RrNetCapFilterDriver.sys [24744]
O58 - SDL:2012-11-10 - 01:00:08 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
O58 - SDL:2009-07-13 - 20:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:2010-02-18 - 09:28:18 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [31232]
O58 - SDL:2013-06-20 - 20:09:46 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:2010-10-04 - 09:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
O58 - SDL:2014-09-14 - 23:56:44 ---A- . (...) -- C:\Windows\System32\Drivers\UimBus.sys [102664]
O58 - SDL:2014-09-14 - 23:56:44 ---A- . (...) -- C:\Windows\System32\Drivers\UimFIO.sys [556552]
O58 - SDL:2012-09-03 - 17:51:08 ---A- . (.Windows (R) 2000 DDK provider - Image Mounter SCSI Port Driver.) -- C:\Windows\System32\Drivers\uimx64.sys [90960]
O58 - SDL:2014-09-14 - 23:56:44 ---A- . (...) -- C:\Windows\System32\Drivers\uim_devim.sys [25992]
O58 - SDL:2014-09-14 - 23:56:44 ---A- . (...) -- C:\Windows\System32\Drivers\uim_im.sys [700680]
O58 - SDL:2012-12-13 - 12:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:2013-02-25 - 03:12:08 ---A- . (.WinISO.com - WinISO Virtual CD Drive.) -- C:\Windows\System32\Drivers\WinisoCDBus.sys [204032]
O58 - SDL:2013-09-04 - 11:25:12 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Application.) -- C:\Windows\System32\Drivers\xssflt.sys [87112]
O58 - SDL:2014-11-18 - 14:39:06 ---A- . (...) -- C:\Windows\System32\epmntdrv.sys [18528]
O58 - SDL:2014-11-18 - 14:39:06 ---A- . (...) -- C:\Windows\System32\EuGdiDrv.sys [10848]
O58 - SDL:2012-08-20 - 09:48:50 ---A- . (...) -- C:\Windows\System32\pwdrvio.sys [19032]
O58 - SDL:2012-08-20 - 09:48:48 ---A- . (...) -- C:\Windows\System32\pwdspio.sys [12384]
O58 - SDL:2008-01-04 - 00:34:42 ----- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp32.sys [10216]
O58 - SDL:2008-01-04 - 00:34:48 ----- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys [11832]
O58 - SDL:2012-08-22 - 04:54:10 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [15232]
O58 - SDL:2013-01-14 - 21:52:27 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys [14464]
O58 - SDL:2009-04-02 - 07:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
O58 - SDL:2004-11-02 - 03:24:02 ---A- . (.Pas de propriétaire - mtlmnt5 driver.) -- C:\Windows\SysWOW64\drivers\mtlmnt5.sys [229720]
O58 - SDL:2004-11-02 - 03:17:28 ---A- . (.Pas de propriétaire - Data pump driver.) -- C:\Windows\SysWOW64\drivers\mtlstrm.sys [1396048]
O58 - SDL:2004-11-02 - 03:26:38 ---A- . (.Pas de propriétaire - Recorder agent driver.) -- C:\Windows\SysWOW64\drivers\RecAgent.sys [14520]
O58 - SDL:2004-11-02 - 03:27:02 ---A- . (.Pas de propriétaire - slnt7554 driver.) -- C:\Windows\SysWOW64\drivers\slnt7554.sys [224888]
O58 - SDL:2004-11-02 - 03:19:02 ---A- . (.Pas de propriétaire - HAL driver.) -- C:\Windows\SysWOW64\drivers\slnthal.sys [100176]
O58 - SDL:2004-11-02 - 03:07:52 ---A- . (.Pas de propriétaire - SlWdmSup driver.) -- C:\Windows\SysWOW64\drivers\slwdmsup.sys [13216]
O58 - SDL:2007-10-25 - 17:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632]
O58 - SDL:2010-10-04 - 09:40:18 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
O58 - SDL:2014-11-18 - 14:39:08 ---A- . (...) -- C:\Windows\SysWOW64\epmntdrv.sys [14944]
O58 - SDL:2014-11-18 - 14:39:08 ---A- . (...) -- C:\Windows\SysWOW64\EuGdiDrv.sys [10208]
~ Drivers: 179 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - www.usbfix.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 2015-01-19 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 2014-12-15 - C:\Windows\System32\drivers\EUBKMON.sys (EUBKMON) .(...) - LEGACY_EUBKMON
O64 - Services: CurCS - 2014-12-15 - C:\Windows\system32\drivers\eudskacs.sys (EUDSKACS) .(.CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver.) - LEGACY_EUDSKACS
O64 - Services: CurCS - 2014-12-15 - C:\Windows\system32\drivers\EuFdDisk.sys (EUFDDISK) .(.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver.) - LEGACY_EUFDDISK
O64 - Services: CurCS - 2009-06-10 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 2013-02-25 - C:\Windows\System32\drivers\WinisoCDBus.sys (WinisoCDBus) .(.WinISO.com - WinISO Virtual CD Drive.) - LEGACY_WINISOCDBUS
~ Legacy: 126 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {11BBB4F2-FEE7-49AC-A351-2CF01C2E82C4} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {91A72D8E-CD3C-46C1-943B-D894058EB207} - ((www.google.com) Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.3443667C697FB533C238EB528BDA9B0E] [SPRF][2015-03-03] (...) -- C:\Users\Eddy P\Desktop\Registre Adwcleaner-03-03-15-12.47 h.reg [553528702]
[MD5.8F700DA1A1A75501D6EEF76BC866EB29] [SPRF][2011-01-11] (...) -- C:\Windows\Downloaded Program Files\LMIProxyHelper.exe [70984]
[MD5.8F79F824B63626B4BD32016F61AB15ED] [SPRF][2011-03-21] (...) -- C:\Windows\Downloaded Program Files\RACtrl.dll [4097424]
~ Files: 13 Legitimates Filtered in 00mn 02s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{C4F4DCEE-AE56-4ABF-92E3-FAC5EAC13A7C}C:\program files (x86)\bittorrent\bittorrent.exe" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\program files (x86)\bittorrent\bittorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{4776DD6E-90B2-4BC7-BD6F-F9D4ADC7C587}C:\program files (x86)\bittorrent\bittorrent.exe" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\program files (x86)\bittorrent\bittorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{53DED73A-0944-4560-BB8A-E5375C282A3E}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Eddy P\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{D782ECB5-0E70-4F35-BF7D-2351E7A90886}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Eddy P\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 01s
---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: Photos iCloud - {F0D63F85-37EC-4097-B30D-61B4A8917118}
~ MNS: 1 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2010-03-18 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SS - | Disabled 2010-03-27 1054568 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
SS - | Disabled 2015-02-07 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 2010-12-16 2480048 | (afcdpsrv) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
SS - | Disabled 2009-03-27 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SS - | Disabled 2013-04-29 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SS - | Demand 2013-09-25 282112 | (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files (x86)\Browny02\BrYNSvc.exe
SS - | Disabled 2012-10-02 240584 | (DTSAudioSvc) . (.DTS, Inc.) - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
SS - | Auto 2014-10-18 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2014-10-18 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 2012-08-15 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Disabled 2013-05-08 82144 | (hddrsrv) . (...) - C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
SS - | Disabled 2014-01-08 285795 | (HOSTS Anti-PUPs) . (...) - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
SS - | Demand 2009-07-13 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 2013-08-27 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 2014-03-24 357144 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
SS - | Disabled 2014-12-16 114800 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 2013-02-28 118520 | (rpcapd) . (.Riverbed Technology, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe
SS - | Disabled 2010-12-21 987704 | (Secunia PSI Agent) . (.Secunia.) - C:\Program Files (x86)\Secunia\PSI\psia.exe
SS - | Disabled 2010-12-21 399416 | (Secunia Update Agent) . (.Secunia.) - C:\Program Files (x86)\Secunia\PSI\sua.exe
SS - | Auto 2015-01-02 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 2012-01-18 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SS - | Auto 1658-07-22 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe
SR - | Auto 2009-07-13 27136 | C:\Windows\SysWOW64\ACFXAU64.dll (AcfXAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 2014-12-19 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 2015-01-19 77128 | (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2013-09-17 951936 | (asHmComSvc) . (.ASUSTeK Computer Inc..) - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
SR - | Auto 2015-01-19 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 2015-01-19 4012248 | (AvastVBoxSvc) . (.Avast Software.) - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
SR - | Auto 2011-08-30 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 2014-06-12 64624 | (CGVPNCliService) . (.CyberGhost S.R.L.) - C:\Program Files\CyberGhost 5\Service.exe
SR - | Auto 2014-12-15 37416 | (EaseUS Agent) . (.CHENGDU YIWO Tech Development Co., Ltd.) - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
SR - | Auto 2011-09-23 33120 | (FaxTalk Messenger Pro 8) . (.Thought Communications, Inc..) - C:\Program Files (x86)\FaxTalk\FTmsgsvc.exe
SR - | Auto 2014-10-28 244448 | (FoxitCloudUpdateService) . (.Foxit Software Inc..) - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
SR - | Auto 2014-11-13 108032 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SR - | Auto 2014-09-16 1149760 | (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
SR - | Auto 2014-02-04 582144 | (HauppaugeTVServer) . (.Hauppauge Computer Works.) - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
SR - | Auto 2007-07-13 111912 | (hnmsvc) . (.SingleClick Systems.) - C:\Program Files (x86)\SingleClick Systems\HomeNet Manager\hnm_svc.exe
SR - | Auto 2013-11-21 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 2013-08-27 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 2014-07-09 261896 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\Windows\system32\IProsetMonitor.exe
SR - | Demand 2015-02-13 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 2014-06-24 154584 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 2014-06-24 405976 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 2014-10-15 2820424 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 2014-09-16 1796928 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 2014-09-16 19440960 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 2015-02-05 935056 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 2015-02-05 410952 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 2014-11-28 5419792 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
SR - | Auto 2015-01-20 126568 | (Unchecky) . (.RaMMicHaeL.) - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
SR - | Auto 2009-07-13 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 1658-07-22 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 2009-07-13 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:2012-11-10 - 01:00:08 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
~ Emulateurs: Scanned in 00mn 06s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (2015-03-01)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}] =>Toolbar.LastPass^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent] =>P2P.BitTorrent^
[HKCU\Software\APN PIP] =>Toolbar.Ask
~ Additionnel Scan: 552386 Items scanned in 00mn 45s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/33962622-toolbar-lastpass =>Toolbar.LastPass
http://www.nicolascoolman.fr/blog/ =>PUP.ApplianTechnologies
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
~ MSI: 3 link(s) detected in 00mn 00s
~ 1851 Legitimates filtered by white list
End of the scan (685 lines in 01mn 25s)(0.2)