Publicité
Publicité
Format du document : text/plain
Prévisualisation
[MD5.BD9C7A068C46053F8747CEA73B5930AB] - (.Microsoft Corporation - DNS Client API DLL.) () -- C:\WINDOWS\Syswow64\dnsapi.dll [498688] ©
[MD5.E3991000CCB56570294236D11A3C19BE] - (.VMware, Inc. - VMware NAT Service.) -- C:\WINDOWS\SysWOW64\vmnat.exe [436304] [PID.1512] ©
[MD5.8285080A268210D8CE9BA96B210E2013] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\WINDOWS\SysWOW64\vmnetdhcp.exe [357456] [PID.1376] ©
P2 - FPN: [HKLM] [@microsoft.com/Lync,version=15.0] - (.Microsoft.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll ©
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1
F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.)
F2 - REG:system.ini: VMApplet=C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.)
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe ©
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ©
O4 - HKUS\S-1-5-21-3785648691-151480824-1680477625-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe ©
O23 - Service: Arp Intelligent Protection Service (AIPS) . (...) - C:\Program Files (x86)\netcut\services\AIPS.exe (.not file.)
O23 - Service: VMware DHCP Service (VMnetDHCP) . (...) - C:\WINDOWS\System32\vmnetdhcp.exe (.not file.)
O23 - Service: VMware NAT Service (VMware NAT Service) . (...) - C:\WINDOWS\System32\vmnat.exe (.not file.)
O23 - Service: @C:\Program Files (x86)\Windows Defender\MpAsDesc.dll,-310 (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (.not file.)
O42 - Logiciel: HP LaserJet 1020 Series - (...) [HKLM][64Bits] -- HP LaserJet 1020 Series
HKLM\SOFTWARE\Wow6432Node\AppDataLow
HKLM\SOFTWARE\Wow6432Node\Arcai
HKLM\SOFTWARE\Wow6432Node\BenVista
HKLM\SOFTWARE\Wow6432Node\Disc Soft
HKLM\SOFTWARE\Wow6432Node\Electronic Arts
HKLM\SOFTWARE\Wow6432Node\Freemake
HKLM\SOFTWARE\Wow6432Node\GNU
HKLM\SOFTWARE\Wow6432Node\GOG.com
HKLM\SOFTWARE\Wow6432Node\Google
HKLM\SOFTWARE\Wow6432Node\Intel
HKLM\SOFTWARE\Wow6432Node\Internet Download Manager
HKLM\SOFTWARE\Wow6432Node\JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics
HKLM\SOFTWARE\Wow6432Node\Khronos
HKLM\SOFTWARE\Wow6432Node\Macromedia
HKLM\SOFTWARE\Wow6432Node\Macrovision
HKLM\SOFTWARE\Wow6432Node\Malwarebytes Anti-Exploit
HKLM\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
HKLM\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware (Trial)
HKLM\SOFTWARE\Wow6432Node\MC2
HKLM\SOFTWARE\Wow6432Node\Mozilla
HKLM\SOFTWARE\Wow6432Node\mozilla.org
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\MVL
HKLM\SOFTWARE\Wow6432Node\ODBC
HKLM\SOFTWARE\Wow6432Node\Panda Security
HKLM\SOFTWARE\Wow6432Node\Panda Software
HKLM\SOFTWARE\Wow6432Node\PostgreSQL
HKLM\SOFTWARE\Wow6432Node\PostgreSQL Global Development Group
HKLM\SOFTWARE\Wow6432Node\PowerPivot
HKLM\SOFTWARE\Wow6432Node\Rebellion
HKLM\SOFTWARE\Wow6432Node\Skype
HKLM\SOFTWARE\Wow6432Node\TechSmith
HKLM\SOFTWARE\Wow6432Node\ThinPrint
HKLM\SOFTWARE\Wow6432Node\VMware, Inc.
HKLM\SOFTWARE\Wow6432Node\Wise Solutions
HKLM\SOFTWARE\Wow6432Node\Wow6432Node
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications
HKCU\SOFTWARE\BenVista
HKCU\SOFTWARE\Bitdefender
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\Wow6432Node
O43 - CFD: 2014/07/12 23:55:02 - [] D -- C:\ProgramData\DAEMON Tools Lite
O43 - CFD: 2014/06/17 16:13:52 - [] D -- C:\ProgramData\Internet Mobile
O43 - CFD: 2014/02/12 17:16:24 - [] D -- C:\ProgramData\Internet Mobile+
O43 - CFD: 2014/05/30 18:29:08 - [] D -- C:\ProgramData\RogueKiller
O43 - CFD: 2014/07/01 17:05:17 - [] D -- C:\ProgramData\Ubisoft
O43 - CFD: 2015/07/08 18:07:27 - [] D -- C:\Users\Yassin\AppData\Roaming\Mozilla
O43 - CFD: 2015/03/24 00:50:39 - [] D -- C:\Users\Yassin\AppData\Roaming\Process Hacker 2
O43 - CFD: 2014/05/30 17:03:39 - [] D -- C:\Users\Yassin\AppData\Roaming\QuickScan
O43 - CFD: 2014/05/14 11:18:45 - [] D -- C:\Users\Yassin\AppData\Roaming\ViperSettingsFolder
O43 - CFD: 2014/05/14 11:18:46 - [] SHD -- C:\Users\Yassin\AppData\Roaming\ViperUpdate AU
O43 - CFD: 2015/07/08 18:07:18 - [] D -- C:\Users\Yassin\AppData\Local\Mozilla
O43 - CFD: 2015/05/29 17:10:00 - [] D -- C:\Users\Yassin\AppData\Local\OpenERP S.A
O43 - CFD: 2015/04/23 22:00:13 - [] D -- C:\Users\Yassin\AppData\Local\Rockstar Games
O43 - CFD: 2014/07/18 00:00:04 - [] D -- C:\Users\Yassin\AppData\Local\Sniper3
O43 - CFD: 2014/07/15 02:18:27 - [] D -- C:\Users\Yassin\AppData\Local\The Witcher 2
O43 - CFD: 2015/09/01 04:03:57 - [] D -- C:\Users\Yassin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
O58 - SDL:2013/08/22 12:43:31 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\WINDOWS\System32\drivers\nvraid.sys [150368] ©
O58 - SDL:2013/08/22 12:43:32 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\WINDOWS\System32\drivers\nvstor.sys [168288] ©
O87 - FAEL: "TCP Query User{3B00ACC7-51FD-4E73-9B2D-D58D2DDBEA57}C:\program files (x86)\skype\phone\skype.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\skype\phone\skype.exe (.not file.)
[MD5.E3991000CCB56570294236D11A3C19BE] - (.VMware, Inc. - VMware NAT Service.) -- C:\WINDOWS\SysWOW64\vmnat.exe [436304] [PID.1512] ©
[MD5.8285080A268210D8CE9BA96B210E2013] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\WINDOWS\SysWOW64\vmnetdhcp.exe [357456] [PID.1376] ©
P2 - FPN: [HKLM] [@microsoft.com/Lync,version=15.0] - (.Microsoft.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll ©
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1
F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.)
F2 - REG:system.ini: VMApplet=C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe (.Microsoft Corporation.)
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe ©
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ©
O4 - HKUS\S-1-5-21-3785648691-151480824-1680477625-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe ©
O23 - Service: Arp Intelligent Protection Service (AIPS) . (...) - C:\Program Files (x86)\netcut\services\AIPS.exe (.not file.)
O23 - Service: VMware DHCP Service (VMnetDHCP) . (...) - C:\WINDOWS\System32\vmnetdhcp.exe (.not file.)
O23 - Service: VMware NAT Service (VMware NAT Service) . (...) - C:\WINDOWS\System32\vmnat.exe (.not file.)
O23 - Service: @C:\Program Files (x86)\Windows Defender\MpAsDesc.dll,-310 (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (.not file.)
O42 - Logiciel: HP LaserJet 1020 Series - (...) [HKLM][64Bits] -- HP LaserJet 1020 Series
HKLM\SOFTWARE\Wow6432Node\AppDataLow
HKLM\SOFTWARE\Wow6432Node\Arcai
HKLM\SOFTWARE\Wow6432Node\BenVista
HKLM\SOFTWARE\Wow6432Node\Disc Soft
HKLM\SOFTWARE\Wow6432Node\Electronic Arts
HKLM\SOFTWARE\Wow6432Node\Freemake
HKLM\SOFTWARE\Wow6432Node\GNU
HKLM\SOFTWARE\Wow6432Node\GOG.com
HKLM\SOFTWARE\Wow6432Node\Google
HKLM\SOFTWARE\Wow6432Node\Intel
HKLM\SOFTWARE\Wow6432Node\Internet Download Manager
HKLM\SOFTWARE\Wow6432Node\JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics
HKLM\SOFTWARE\Wow6432Node\Khronos
HKLM\SOFTWARE\Wow6432Node\Macromedia
HKLM\SOFTWARE\Wow6432Node\Macrovision
HKLM\SOFTWARE\Wow6432Node\Malwarebytes Anti-Exploit
HKLM\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
HKLM\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware (Trial)
HKLM\SOFTWARE\Wow6432Node\MC2
HKLM\SOFTWARE\Wow6432Node\Mozilla
HKLM\SOFTWARE\Wow6432Node\mozilla.org
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\MVL
HKLM\SOFTWARE\Wow6432Node\ODBC
HKLM\SOFTWARE\Wow6432Node\Panda Security
HKLM\SOFTWARE\Wow6432Node\Panda Software
HKLM\SOFTWARE\Wow6432Node\PostgreSQL
HKLM\SOFTWARE\Wow6432Node\PostgreSQL Global Development Group
HKLM\SOFTWARE\Wow6432Node\PowerPivot
HKLM\SOFTWARE\Wow6432Node\Rebellion
HKLM\SOFTWARE\Wow6432Node\Skype
HKLM\SOFTWARE\Wow6432Node\TechSmith
HKLM\SOFTWARE\Wow6432Node\ThinPrint
HKLM\SOFTWARE\Wow6432Node\VMware, Inc.
HKLM\SOFTWARE\Wow6432Node\Wise Solutions
HKLM\SOFTWARE\Wow6432Node\Wow6432Node
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications
HKCU\SOFTWARE\BenVista
HKCU\SOFTWARE\Bitdefender
HKCU\SOFTWARE\BitTorrent
HKCU\SOFTWARE\Mozilla
HKCU\SOFTWARE\MozillaPlugins
HKCU\SOFTWARE\Wow6432Node
O43 - CFD: 2014/07/12 23:55:02 - [] D -- C:\ProgramData\DAEMON Tools Lite
O43 - CFD: 2014/06/17 16:13:52 - [] D -- C:\ProgramData\Internet Mobile
O43 - CFD: 2014/02/12 17:16:24 - [] D -- C:\ProgramData\Internet Mobile+
O43 - CFD: 2014/05/30 18:29:08 - [] D -- C:\ProgramData\RogueKiller
O43 - CFD: 2014/07/01 17:05:17 - [] D -- C:\ProgramData\Ubisoft
O43 - CFD: 2015/07/08 18:07:27 - [] D -- C:\Users\Yassin\AppData\Roaming\Mozilla
O43 - CFD: 2015/03/24 00:50:39 - [] D -- C:\Users\Yassin\AppData\Roaming\Process Hacker 2
O43 - CFD: 2014/05/30 17:03:39 - [] D -- C:\Users\Yassin\AppData\Roaming\QuickScan
O43 - CFD: 2014/05/14 11:18:45 - [] D -- C:\Users\Yassin\AppData\Roaming\ViperSettingsFolder
O43 - CFD: 2014/05/14 11:18:46 - [] SHD -- C:\Users\Yassin\AppData\Roaming\ViperUpdate AU
O43 - CFD: 2015/07/08 18:07:18 - [] D -- C:\Users\Yassin\AppData\Local\Mozilla
O43 - CFD: 2015/05/29 17:10:00 - [] D -- C:\Users\Yassin\AppData\Local\OpenERP S.A
O43 - CFD: 2015/04/23 22:00:13 - [] D -- C:\Users\Yassin\AppData\Local\Rockstar Games
O43 - CFD: 2014/07/18 00:00:04 - [] D -- C:\Users\Yassin\AppData\Local\Sniper3
O43 - CFD: 2014/07/15 02:18:27 - [] D -- C:\Users\Yassin\AppData\Local\The Witcher 2
O43 - CFD: 2015/09/01 04:03:57 - [] D -- C:\Users\Yassin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
O58 - SDL:2013/08/22 12:43:31 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\WINDOWS\System32\drivers\nvraid.sys [150368] ©
O58 - SDL:2013/08/22 12:43:32 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\WINDOWS\System32\drivers\nvstor.sys [168288] ©
O87 - FAEL: "TCP Query User{3B00ACC7-51FD-4E73-9B2D-D58D2DDBEA57}C:\program files (x86)\skype\phone\skype.exe" [In-None-P6-TRUE] .(...) -- C:\program files (x86)\skype\phone\skype.exe (.not file.)