Rapport de ZHPDiag v2013.3.29.112 par Nicolas Coolman, Update du 29/03/2013 Run by Pierre at 25/04/2016 08:30:15 State : Problème connexion internet High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v11.212.10586.0 MFIE: Mozilla Firefox 45.0.2 v45.0.2 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 8 Home Premium Edition, 64-bit (Build 9200) Windows Server License Manager Script : OK ~ ion : Windows(R) Operating System, RETAIL channel Windows ID Activation : OK ~ Windows Partial Key : 8HVX7 Windows License : OK ~ Windows Remaining Initializations Number : 1001 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Information ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4076 MB (43% free) System Restore: Activé (Enable) System drive C: has 773 GB (84%) free of 918 GB ---\\ Logged in mode ~ Computer Name: PIERRE-HP ~ User Name: Pierre ~ All Users Names: Pierre, HomeGroupUser$, DefaultAccount, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Pierre\AppData\Roaming\ ~ %Desktop% : C:\Users\Pierre\Desktop\ ~ %Favorites% : C:\Users\Pierre\hpremote\Favorites\ ~ %LocalAppData% : C:\Users\Pierre\AppData\Local\ ~ %StartMenu% : C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 773 Go of 918 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go) E:\ CD-ROM drive (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.95D730526EF81792CD6848D8D10FAA1C] - (.Microsoft Corporation - Explorateur Windows.) (.19/04/2016 - 22:48:54.) -- C:\Windows\Explorer.exe [4502352] [MD5.CAD491DD9EC00BB841EA407D9C498C4A] - (.Microsoft Corporation - Application de démarrage de Windows.) (.30/10/2015 - 08:17:53.) -- C:\Windows\System32\Wininit.exe [290856] [MD5.AE6A68A065D4C26AF4BEFAA53623B266] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.19/04/2016 - 22:48:48.) -- C:\Windows\System32\wininet.dll [2755584] [MD5.7B24B823404D53DA4748F21AD2BF04C9] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.19/04/2016 - 22:48:48.) -- C:\Windows\System32\Winlogon.exe [584704] [MD5.9EEAA1B69DC3FD620AE576CC8F4147DC] - (.Microsoft Corporation - Bibliothèque de licences.) (.30/10/2015 - 08:17:52.) -- C:\Windows\System32\sppcomapi.dll [430592] [MD5.70148EFA9A562E7185B75BBE7D376BF7] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.19/04/2016 - 22:49:01.) -- C:\Windows\system32\Drivers\AFD.sys [578912] [MD5.492B99D2E3D5D7BFD5F0AE1BE7BD37DD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.30/10/2015 - 08:17:23.) -- C:\Windows\system32\Drivers\atapi.sys [28512] [MD5.7F9C7226D743B232907ED2537B8A574F] - (.Microsoft Corporation - CD-ROM File System Driver.) (.30/10/2015 - 08:18:09.) -- C:\Windows\system32\Drivers\Cdfs.sys [92672] [MD5.82D97776BF982AA143BDC7DFB5054EA8] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.30/10/2015 - 08:17:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [173568] [MD5.935823F79CBEDB91637B63D37E3A5A36] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.19/04/2016 - 22:48:56.) -- C:\Windows\system32\Drivers\DfsC.sys [148480] [MD5.84BC034B6BB763733C1949B7B9BAF976] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.30/10/2015 - 08:17:18.) -- C:\Windows\system32\Drivers\HDAudBus.sys [79872] [MD5.53FDD9E69189E546DE4740F8C4D8AB2F] - (.Microsoft Corporation - Pilote de port i8042.) (.30/10/2015 - 08:17:23.) -- C:\Windows\system32\Drivers\i8042prt.sys [114688] [MD5.9E5E8F2A1996F23B7E9687846AA81B01] - (.Microsoft Corporation - IP Network Address Translator.) (.30/10/2015 - 08:17:43.) -- C:\Windows\system32\Drivers\IpNat.sys [143360] [MD5.0B3B0C1D86050355676640488FA897D3] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.19/04/2016 - 22:48:56.) -- C:\Windows\system32\Drivers\MRxSmb.sys [430944] [MD5.F51C02D992A8D6BC5EC4D990F227D4C7] - (.Microsoft Corporation - MBT Transport driver.) (.30/10/2015 - 08:18:08.) -- C:\Windows\system32\Drivers\netBT.sys [279552] [MD5.19BD8A88AAC580592668B070AC0727D9] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.19/04/2016 - 22:49:01.) -- C:\Windows\system32\Drivers\ntfs.sys [2152280] [MD5.7D0FC96264C0F8F2C1321E33E8EB646C] - (.Microsoft Corporation - Pilote de port parallèle.) (.30/10/2015 - 08:17:23.) -- C:\Windows\system32\Drivers\Parport.sys [96768] [MD5.E3C82823B22463BC38AA4F8ADA852624] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/04/2016 - 22:48:54.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [104960] [MD5.1DC2CC74B51E4DC4CD5A20C1021E4010] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/10/2015 - 20:02:52.) -- C:\Windows\system32\Drivers\rdpdr.sys [173056] [MD5.91D3F2A6253EF83EFBD7903028F58C4D] - (.Microsoft Corporation - TDI Translation Driver.) (.19/04/2016 - 22:49:08.) -- C:\Windows\system32\Drivers\tdx.sys [118624] [MD5.E1F91A727A04C9F8199D04FF3BBBF63C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.30/10/2015 - 08:17:22.) -- C:\Windows\system32\Drivers\volsnap.sys [414560] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 4/14200 ~ Mes musiques (My Musics) : 4/75 ~ Mes Videos (My Videos) : 2/250 ~ Mes Favoris (My Favorites) : 1/9 ~ Mes Documents (My Documents) : 3/788 ~ Mon Bureau (My Desktop) : 1/1181 ~ Menu demarrer (Programs) : 1/39 ~ Hidden Files: Scanned in 00mn 19s ---\\ Processus lancés [MD5.455E1076802F2BE732AC2C066359A9F6] - (.HP - TouchControl.) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe [653128] [PID.496] [MD5.81829A75BF31F54FB619EF8E19840ED6] - (.RaMMicHaeL - Unchecky Background Process.) -- C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe [569784] [PID.4332] [MD5.EE73B56ED71EB6383F25FA5468923BB2] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144] [PID.4244] [MD5.488EEBAF1862551C7C9CF127A5AAB2A9] - (.HP - BioMonitor.) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe [142664] [PID.4012] [MD5.91DD4AD85BB341CC8CF5187EA06FD171] - (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Pierre\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382144] [PID.5372] [MD5.CF8BC90EFB85B870CBC967E3117FCB50] - (.Pas de propriétaire - WlanCU MFC Application.) -- C:\Program Files\TRENDnet\TEW-649UB\WlanCU.exe [581632] [PID.5216] [MD5.9C52D679C44539A7BB6694CA0166D84C] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608] [PID.5680] [MD5.C9B67BCB8E384064A8C2263740B0C437] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480] [PID.4260] [MD5.0F94A01B4306FC4877C2BDA2C536B843] - (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [491464] [PID.468] [MD5.C3EF139378171D8BB852BEB6E759B7F1] - (...) -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe [144384] [PID.2052] [MD5.D068DA81E1AB27DC330AF91BFFD36E6B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [392136] [PID.7040] [MD5.B17404D208C4B20518592AA43B81E04B] - (.Oracle Corporation - Java Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [927256] [PID.8232] [MD5.F3069D7809F3C39CDF0EB982C6C45D95] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6223360] [PID.6252] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) M1 - SPR:Search Page Redirection - C:\Program Files (x86)\Mozilla FireFox\extensions\adblocker@avast.com.xpi M0 - MFSP: prefs.js [Pierre - u0t86kig.default-1461127257242] http://www.lepoint.fr P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll P2 - FPN: [HKLM] [@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf] - (.Tracker Software Products (Canada) Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) -- C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.41212.0.) -- c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.2.2] - (.VideoLAN - VLC media player Web Plugin.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll P2 - FPN: [HKCU] [@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf] - (.Tracker Software Products (Canada) Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) -- C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll ~ Firefox Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (11.00.10586.17 (th2_release.151121-2308)) -- C:\Windows\SysWOW64\ieframe.dll ~ IE Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) O1 - Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com O1 - Hosts: 0.0.0.0 media.opencandy.com O1 - Hosts: 0.0.0.0 cdn.opencandy.com O1 - Hosts: 0.0.0.0 tracking.opencandy.com O1 - Hosts: 0.0.0.0 api.opencandy.com O1 - Hosts: 0.0.0.0 api.recommendedsw.com O1 - Hosts: 0.0.0.0 installer.betterinstaller.com O1 - Hosts: 0.0.0.0 installer.filebulldog.com O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net O1 - Hosts: 0.0.0.0 inno.bisrv.com O1 - Hosts: 0.0.0.0 nsis.bisrv.com O1 - Hosts: 0.0.0.0 cdn.file2desktop.com O1 - Hosts: 0.0.0.0 cdn.goateastcach.us O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us O1 - Hosts: 0.0.0.0 cdn.montiera.com O1 - Hosts: 0.0.0.0 cdn.msdwnld.com O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com O1 - Hosts: 0.0.0.0 cdn.ppdownload.com O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us O1 - Hosts: 0.0.0.0 cdn.shyapotato.us O1 - Hosts: 0.0.0.0 cdn.solimba.com O1 - Hosts: 0.0.0.0 cdn.tuto4pc.com O1 - Hosts: 0.0.0.0 cdn.appround.biz O1 - Hosts: 0.0.0.0 cdn.bigspeedpro.com O1 - Hosts: 0.0.0.0 cdn.bispd.com O1 - Hosts: 0.0.0.0 cdn.bisrv.com O1 - Hosts: 0.0.0.0 cdn.cdndp.com O1 - Hosts: 0.0.0.0 cdn.download.sweetpacks.com O1 - Hosts: 0.0.0.0 cdn.dpdownload.com O1 - Hosts: 0.0.0.0 cdn.visualbee.net ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 60 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Java(tm) Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll O2 - BHO: TSBHO Class [64Bits] - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} . (.HP - Website Log On.) -- C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll O2 - BHO: Logitech SetPoint [64Bits] - {AF949550-9094-4807-95EC-D1C317803333} . (.Logitech, Inc. - Logitech SetPoint.) -- C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper [64Bits] - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} . (.Hewlett-Packard - HP Network Check IE Plug-in.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll ~ BHO: Scanned in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe O4 - HKCU\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Pierre\AppData\Local\Microsoft\OneDrive\OneDrive.exe O4 - HKCU\..\Run: [TrayStatus] . (.Binary Fortress Software - TrayStatus.) -- C:\Program Files (x86)\TrayStatus\TrayStatus.exe O4 - HKCU\..\Run: [EPSON Stylus DX7000F Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIBKE.exe O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe O4 - HKUS\S-1-5-21-2909650137-964930955-994819844-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe O4 - HKUS\S-1-5-21-2909650137-964930955-994819844-1000\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Pierre\AppData\Local\Microsoft\OneDrive\OneDrive.exe O4 - HKUS\S-1-5-21-2909650137-964930955-994819844-1000\..\Run: [TrayStatus] . (.Binary Fortress Software - TrayStatus.) -- C:\Program Files (x86)\TrayStatus\TrayStatus.exe O4 - HKUS\S-1-5-21-2909650137-964930955-994819844-1000\..\Run: [EPSON Stylus DX7000F Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIBKE.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop: Mahjong.lnk . (.Macromedia, Inc. - Macromedia Flash Player 8.0 r22.) -- C:\Program Files (x86)\Absolutist.com\Mahjong\Mahjongg.exe O4 - GS\Desktop: Acrylic Wi-Fi Home.lnk . (...) -- C:\Program Files (x86)\Acrylic Wi-Fi Free\Acrylic.exe (.not file.) O4 - GS\Desktop: AM-DeadLink.lnk . (.Aignesberger Software GmbH - AM-DeadLink.) -- C:\Program Files (x86)\AM-DeadLink\deadlink.exe O4 - GS\Desktop: CrystalDiskInfo.lnk . (.Crystal Dew World - CrystalDiskInfo.) -- C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe O4 - GS\Desktop: GodMode.lnk . (...) -- C:\Users\Pierre\Documents\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} O4 - Global Startup: C:\Documents And Settings\Pierre\Desktop\Open Outlook.url . (...) -- C:\Documents And Settings\Pierre\Desktop\Open Outlook.url O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe O4 - GS\Desktop: Scrabble3D.lnk . (...) -- C:\Users\Pierre\Downloads\Téléchargements\Scrabble3D-win32.msi O4 - GS\Desktop: Start Unlocker.lnk . (...) -- C:\Program Files (x86)\Unlocker\Unlocker.exe (.not file.) O4 - GS\Desktop: xmsol.lnk . (...) -- C:\Users\Pierre\Downloads\xmsol ~ Global Startup: Scanned in 00mn 00s ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5) ~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) ~ Winsock: 6 Legitimates Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.geoportail.fr O15 - Trusted Zone: [HKLM\...\Domains] http.geoportail.fr ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5de92513-1d3c-4595-b92d-f31f77ff9af9}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{5de92513-1d3c-4595-b92d-f31f77ff9af9}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) ~ SSODL: 1 Legitimates Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 21.0 r0.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation - Pas de description.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Network Service (NvNetworkService) . (.NVIDIA Corporation - NVIDIA Network Service.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) . (.NVIDIA Corporation - NVIDIA Streamer Service.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: Unchecky (Unchecky) . (.RaMMicHaeL - Unchecky Service.) - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe O23 - Service: WlanWpsSvc (WlanWpsSvc) . (.Pas de propriétaire - WlanSvc Application.) - C:\Program Files\TRENDnet\TEW-649UB\WlanWpsSvc.exe ~ Services: 20 Legitimates Scanned in 00mn 09s ---\\ Enumération Active Desktop & MHTML Editor (O24) ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ BootExecute (O34) ~ BEX: 1 Legitimates Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job [1002] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1066] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1070] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\HPCeeScheduleForPierre.job [336] [MD5.4EAF6F8F0B3BE33A0E3877EB7FFD48D4] [APT] [Adobe Acrobat Update Task] (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656] [MD5.28FFB14117CCEDD7D2F124596AA9B785] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269504] [MD5.4EAF6F8F0B3BE33A0E3877EB7FFD48D4] [APT] [Adobe Reader and Acrobat Manager] (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656] [MD5.0BF84F46C0A4F32FEEDA179283ABAA5A] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [1517200] [MD5.EC7BF707FBE2C766A567E47515D7F746] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [6667992] [MD5.690FF806F9DF3F28270CE057D1170DD3] [APT] [GarminUpdaterTask] (...) -- C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [25512] [MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] [MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] [MD5.AF51D4FE088A3EFA5303B36FFFD0581B] [APT] [HPCeeScheduleForPierre] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [91704] [MD5.48482E663D68713C2181700517E0954E] [APT] [SafeZone scheduled Autoupdate 1458711666] (.Avast Software.) -- C:\Program Files\AVAST Software\SZBrowser\launcher.exe [735736] [MD5.DA17803791C335E35942584ACD0BDD4D] [APT] [ServicePlan] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [38456] [MD5.00000000000000000000000000000000] [APT] [SpyHunter4Startup] (...) -- C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{1918EEA5-9FEE-4686-8B09-FDAF879B3ED5}] (...) -- C:\Users\Pierre\Downloads\T‚l‚chargements\setpoint460.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{7B6AA11F-F2FB-43D4-BEA9-37594FB5E697}] (...) -- C:\Users\Pierre\Downloads\Clipbrd_add-1(2).exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{B9D56CA4-B7DA-4D4A-B171-E2ABC8AEA0C7}] (...) -- C:\Users\Pierre\Downloads\Clipbrd_add-1(1).exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{D07C5829-FB59-447E-AF55-A465AFB98473}] (...) -- C:\Users\Pierre\Downloads\Clipbrd_add-1.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [Start BoostSpeed ?n Pierre logon] (...) -- C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe (.not file.) [0] [MD5.0AE2C218A9AB6C16D79160CCE55B35FC] [APT] [HP Support Assistant Quick Start] (.Hewlett-Packard Company.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [525728] [MD5.C18285E7876AC106D0D2DB687E5EFFC3] [APT] [HP Support Solutions Framework Report] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [88120] [MD5.0AE2C218A9AB6C16D79160CCE55B35FC] [APT] [PC Health Analysis] (.Hewlett-Packard Company.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [525728] [MD5.25B3907F2577FD6B363BFBACB5A74B68] [APT] [Update Check] (.Hewlett-Packard.) -- C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [617536] [MD5.AA45EE18D9C6B31310A194F3D7173ABD] [APT] [WarrantyChecker_DeviceScan] (.HP Inc..) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1051200] ~ Scheduled Task: Scanned in 00mn 02s ---\\ Composants installés (ActiveSetup Installed Components) (O40) ~ Active Setup: 9 Legitimates Scanned in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: C:\Windows\System32\drivers\ahcache.sys (ahcache) . (.Microsoft Corporation - Application Compatibility Cache.) - C:\Windows\System32\DRIVERS\ahcache.sys O41 - Driver: (aswKbd) . (.AVAST Software - avast! Keyboard Filter Driver.) - C:\Windows\system32\drivers\aswKbd.sys O41 - Driver: (aswSnx) . (.AVAST Software - avast! Virtualization Driver.) - C:\Windows\system32\drivers\aswSnx.sys O41 - Driver: (aswSP) . (.AVAST Software - avast! self protection module.) - C:\Windows\system32\drivers\aswSP.sys O41 - Driver: C:\Windows\System32\drivers\filecrypt.sys (FileCrypt) . (.Microsoft Corporation - Windows sandboxing and encryption filter.) - C:\Windows\System32\drivers\filecrypt.sys O41 - Driver: C:\Windows\System32\drivers\gpuenergydrv.sys (GpuEnergyDrv) . (.Microsoft Corporation - GPU Energy Kernel Driver.) - C:\Windows\System32\drivers\gpuenergydrv.sys O41 - Driver: (HWiNFO32) . (.REALiX(tm) - HWiNFO AMD64 Kernel Driver.) - C:\Windows\system32\drivers\HWiNFO64A.sys O41 - Driver: (RDPDISPM) . (.Microsoft Corporation - rdpdispm.SYS.) - C:\Windows\system32\DRIVERS\rdpdispm.sys O41 - Driver: oem64.inf (UimBus) . (.Windows (R) 2000 DDK provider - Image Mounter SCSI Port Driver.) - C:\Windows\system32\drivers\uimx64.sys ~ Drivers: 54 Legitimates Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: AM-DeadLink 4.6 - (.www.aignes.com.) [HKLM][64Bits] -- aignesamdeadlink_is1 O42 - Logiciel: ANT Drivers Installer x64 - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] -- {D47EDA73-1251-4020-93E5-A7AF8B7D3FB5} O42 - Logiciel: Acrylic Wi-Fi Home v3.0 - (.Tarlogic Security S.L..) [HKCU][64Bits] -- {3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1 O42 - Logiciel: Adobe Flash Player 21 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player NPAPI O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-0804-1033-1959-001824166751} O42 - Logiciel: Avast Antivirus Gratuit - (.AVAST Software.) [HKLM][64Bits] -- avast O42 - Logiciel: Comptabilité Personnelle - (.Emjysoft.) [HKLM][64Bits] -- {2369DC9E-11A7-4BAE-A43E-7A4CB477574F}_is1 O42 - Logiciel: Digital Photo Navigator 1.5 - (...) [HKLM][64Bits] -- {CF9CD37C-E29A-11D5-AE3D-005004B8E30C} O42 - Logiciel: Disk SpeedUp 5.0.1.59 - (.Glarysoft Ltd.) [HKLM][64Bits] -- Disk SpeedUp O42 - Logiciel: DriversCloud.com (64 bits) - (.Cybelsoft.) [HKLM][64Bits] -- {A7964621-50FB-4581-80FC-091FE4A605CE} O42 - Logiciel: Elevated Installer - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] -- {519CFDE8-7A41-4A5F-8A13-D3897EDAC23E} O42 - Logiciel: Everio MediaBrowser HD Edition - (.PIXELA.) [HKLM][64Bits] -- {548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD} O42 - Logiciel: Java 8 Update 77 - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83218077F0} O42 - Logiciel: Mahjong 1.1 - (.Absolutist Ltd..) [HKLM][64Bits] -- Mahjong_is1 O42 - Logiciel: SafeZone Stable 1.48.2066.98 - (.Avast Software.) [HKLM][64Bits] -- SafeZone 1.48.2066.98 O42 - Logiciel: TrayStatus 2.0.1 - (.Binary Fortress Software.) [HKLM][64Bits] -- d6b74f60-2e9d-4c60-a8b7-b7d737c44ad4_is1 O42 - Logiciel: Unknown File Handler - (.File.org.) [HKLM][64Bits] -- UFH_is1 O42 - Logiciel: VirtualGeo³ pour le Géoportail - (.Diginext.) [HKLM][64Bits] -- VGeo3 GP O42 - Logiciel: Windows Phone app for desktop - (.Microsoft Corporation.) [HKLM][64Bits] -- {639E54EE-95CA-4CAE-9779-6BA32D5EAF48} O42 - Logiciel: YoWindow - (.RepkaSoft.) [HKLM][64Bits] -- yowindow ~ Logic: 139 Legitimates Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Binary Fortress Software] [HKCU\Software\Bitberry Software] [HKCU\Software\Clarus] [HKCU\Software\Flamebrain] [HKCU\Software\PIXELA] [HKCU\Software\Petr Lastovicka] [HKCU\Software\Roscoteck] [HKCU\Software\Software] [HKCU\Software\THe UDS] [HKCU\Software\Unknown File Handler] [HKCU\Software\repkasoft] [HKLM\Software\Partner] [HKLM\Software\Wow6432Node\Diginext] [HKLM\Software\Wow6432Node\PIXELA] [HKLM\Software\Wow6432Node\Software] [HKLM\Software\Wow6432Node\TGUID] [HKLM\Software\Wow6432Node\THe UDS] [HKLM\Software\Wow6432Node\repkasoft] ~ Key Software: 242 Legitimates Scanned in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 29/01/2013 - 17:02:26 - [2,287] ----D C:\Program Files (x86)\Absolutist.com O43 - CFD: 15/02/2013 - 20:14:54 - [2,391] ----D C:\Program Files (x86)\AM-DeadLink O43 - CFD: 07/10/2013 - 08:23:23 - [8,267] ----D C:\Program Files (x86)\Digital Photo Navigator 1.5 O43 - CFD: 18/02/2013 - 23:43:19 - [326,739] ----D C:\Program Files (x86)\Everio MediaBrowser HD Edition O43 - CFD: 15/10/2011 - 02:21:36 - [8,780] ----D C:\Program Files (x86)\Fingerprint Sensor O43 - CFD: 06/01/2016 - 20:29:16 - [0,060] ----D C:\Program Files (x86)\MAKEMSI Package Documentation O43 - CFD: 07/10/2013 - 08:24:03 - [67,749] ----D C:\Program Files (x86)\PIXELA O43 - CFD: 13/12/2015 - 11:01:24 - [10,393] ----D C:\Program Files (x86)\Repertoire O43 - CFD: 18/04/2015 - 06:23:15 - [0] ----D C:\Program Files (x86)\Simple Logiciel O43 - CFD: 19/12/2015 - 08:13:31 - [0] ----D C:\Program Files (x86)\TheHive O43 - CFD: 20/04/2016 - 08:17:24 - [3,851] ----D C:\Program Files (x86)\TrayStatus O43 - CFD: 28/01/2013 - 19:28:41 - [0,004] ----D C:\Program Files (x86)\TRENDnet O43 - CFD: 27/01/2016 - 12:34:44 - [1,293] ----D C:\Program Files (x86)\Unknown File Handler O43 - CFD: 11/06/2015 - 12:15:37 - [123,056] ----D C:\Program Files (x86)\VirtualGeo3-GP O43 - CFD: 02/03/2016 - 23:15:28 - [7,536] ----D C:\Program Files (x86)\Windows Phone O43 - CFD: 30/10/2015 - 09:24:24 - [2,561] -S--D C:\Program Files (x86)\WindowsPowerShell O43 - CFD: 06/03/2016 - 10:36:01 - [3,645] ----D C:\Program Files (x86)\YoWindow O43 - CFD: 03/12/2015 - 19:35:13 - [1,446] ----D C:\Program Files (x86)\Common Files\AV O43 - CFD: 22/05/2014 - 17:38:31 - [5,090] ----D C:\Program Files (x86)\Common Files\STDUtility O43 - CFD: 02/03/2016 - 23:14:22 - [3,508] ----D C:\ProgramData\Applications O43 - CFD: 30/10/2015 - 09:24:24 - [0] ----D C:\ProgramData\Comms O43 - CFD: 17/12/2015 - 20:14:32 - [1,523] ----D C:\ProgramData\DriversCloud.com O43 - CFD: 05/11/2015 - 19:24:35 - [62,308] ----D C:\ProgramData\Package Cache O43 - CFD: 07/10/2013 - 08:30:41 - [2,820] ----D C:\ProgramData\PIXELA O43 - CFD: 17/07/2013 - 11:24:48 - [0] ----D C:\ProgramData\Software O43 - CFD: 30/10/2015 - 09:24:24 - [0] ----D C:\ProgramData\SoftwareDistribution O43 - CFD: 25/04/2016 - 06:58:45 - [195,891] ----D C:\ProgramData\truesuite O43 - CFD: 19/04/2016 - 23:22:47 - [0,002] ----D C:\ProgramData\USOPrivate O43 - CFD: 19/04/2016 - 23:22:47 - [0,242] ----D C:\ProgramData\USOShared O43 - CFD: 06/03/2016 - 10:36:02 - [13,393] ----D C:\ProgramData\YoWindow O43 - CFD: 17/12/2015 - 20:08:47 - [0,008] ----D C:\Users\Pierre\AppData\Roaming\Acrylic Wi-Fi Free O43 - CFD: 17/12/2015 - 20:11:24 - [2,363] ----D C:\Users\Pierre\AppData\Roaming\Acrylic Wi-Fi Home O43 - CFD: 25/06/2014 - 15:51:41 - [0,034] ----D C:\Users\Pierre\AppData\Roaming\DiskDefrag O43 - CFD: 12/10/2013 - 07:52:29 - [0,003] ----D C:\Users\Pierre\AppData\Roaming\EfficientPIM Free O43 - CFD: 18/12/2014 - 13:50:48 - [0,000] ----D C:\Users\Pierre\AppData\Roaming\Eusing O43 - CFD: 18/03/2016 - 08:19:56 - [0,015] ----D C:\Users\Pierre\AppData\Roaming\Flamebrain Technologies Inc O43 - CFD: 17/04/2015 - 06:46:37 - [0,001] ----D C:\Users\Pierre\AppData\Roaming\Simple Logiciel O43 - CFD: 06/03/2016 - 21:23:32 - [0,020] ----D C:\Users\Pierre\AppData\Roaming\YoWindow O43 - CFD: 20/04/2016 - 02:09:56 - [0] ----D C:\Users\Pierre\AppData\Local\ActiveSync O43 - CFD: 15/04/2015 - 21:54:59 - [29,851] ----D C:\Users\Pierre\AppData\Local\Atraci O43 - CFD: 26/10/2015 - 08:46:56 - [0] ----D C:\Users\Pierre\AppData\Local\CEF O43 - CFD: 20/04/2016 - 06:29:50 - [18,008] ----D C:\Users\Pierre\AppData\Local\Comms O43 - CFD: 11/06/2015 - 12:15:42 - [0,001] ----D C:\Users\Pierre\AppData\Local\DIGINEXT O43 - CFD: 21/07/2015 - 21:16:56 - [0] -SH-D C:\Users\Pierre\AppData\Local\EmieBrowserModeList O43 - CFD: 21/07/2015 - 21:16:56 - [0] -SH-D C:\Users\Pierre\AppData\Local\EmieSiteList O43 - CFD: 21/07/2015 - 21:16:56 - [0] -SH-D C:\Users\Pierre\AppData\Local\EmieUserList O43 - CFD: 01/06/2015 - 06:41:46 - [0,000] ----D C:\Users\Pierre\AppData\Local\GWX O43 - CFD: 24/03/2015 - 20:58:56 - [0] -SH-D C:\Users\Pierre\AppData\Local\icsxml O43 - CFD: 24/03/2015 - 17:56:41 - [2,619] ----D C:\Users\Pierre\AppData\Local\MetaGeek,_LLC O43 - CFD: 24/03/2015 - 17:56:27 - [0] -SH-D C:\Users\Pierre\AppData\Local\ms-drivers O43 - CFD: 03/04/2014 - 15:30:07 - [4,763] ----D C:\Users\Pierre\AppData\Local\node-webkit O43 - CFD: 20/04/2016 - 02:09:24 - [0] ----D C:\Users\Pierre\AppData\Local\Publishers O43 - CFD: 13/04/2015 - 07:34:21 - [0] ----D C:\Users\Pierre\AppData\Local\TheHive O43 - CFD: 20/04/2016 - 02:07:55 - [12,133] ----D C:\Users\Pierre\AppData\Local\TileDataLayer O43 - CFD: 20/04/2016 - 08:17:32 - [0] ----D C:\Users\Pierre\AppData\Local\TrayStatus O43 - CFD: 15/04/2015 - 21:51:38 - [0] ----D C:\Users\Pierre\AppData\Local\Vivaldi O43 - CFD: 19/04/2016 - 23:14:12 - [0,001] ----D C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acrylic Wi-Fi Home ~ 35 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 315 Legitimates Scanned in 01mn 01s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 23/04/2016 - 06:22:05 RSHAD . (...) -- C:\Windows\System32\Drivers\lvuvc.hs [0] O44 - LFC:[MD5.5B16BA491B268BF8D97D580687FF6E4E] - 22/04/2016 - 08:05:55 RSHAD . (.Seiko Epson Corporation - EPSON USB Device Driver for TM/BA/EU Printe.) -- C:\Windows\System32\Drivers\TMUSB64.sys [63096] O44 - LFC:[MD5.2DDEA2BEDD3169F483C9BE610ADFE8B1] - 19/04/2016 - 22:48:48 ---A- . (.Microsoft Corp. - Microsoft PlayReady Client Framework Dll.) -- C:\Windows\SysNative\Windows.Media.Protection.PlayReady.dll [8705672] O44 - LFC:[MD5.2DDEA2BEDD3169F483C9BE610ADFE8B1] - 19/04/2016 - 22:48:48 ---A- . (.Microsoft Corp. - Microsoft PlayReady Client Framework Dll.) -- C:\Windows\System32\Windows.Media.Protection.PlayReady.dll [8705672] O44 - LFC:[MD5.703F15FBAEA94F88FD5E12EFA94A0F7E] - 19/04/2016 - 22:48:43 ---A- . (...) -- C:\Windows\SysNative\CoreUIComponents.dll [2656952] O44 - LFC:[MD5.AB416599057FFDC84E28BBB6DA69EADC] - 19/04/2016 - 22:48:43 ---A- . (...) -- C:\Windows\SysNative\MTF.dll [235008] O44 - LFC:[MD5.72534830694CCABA9A5CBA33F9771C63] - 19/04/2016 - 22:48:43 ---A- . (...) -- C:\Windows\SysNative\MTFServer.dll [260608] O44 - LFC:[MD5.703F15FBAEA94F88FD5E12EFA94A0F7E] - 19/04/2016 - 22:48:43 ---A- . (...) -- C:\Windows\System32\CoreUIComponents.dll [2656952] O44 - LFC:[MD5.AB416599057FFDC84E28BBB6DA69EADC] - 19/04/2016 - 22:48:43 ---A- . (...) -- C:\Windows\System32\MTF.dll [235008] O44 - LFC:[MD5.79BD0E63A9E54ED8AFFD19F43B5B83F2] - 19/04/2016 - 22:48:43 ---A- . (.Nokia - master branch.) -- C:\Windows\SysNative\NmaDirect.dll [264192] O44 - LFC:[MD5.79BD0E63A9E54ED8AFFD19F43B5B83F2] - 19/04/2016 - 22:48:43 ---A- . (.Nokia - master branch.) -- C:\Windows\System32\NmaDirect.dll [264192] O44 - LFC:[MD5.72534830694CCABA9A5CBA33F9771C63] - 19/04/2016 - 22:48:43 RSHAD . (...) -- C:\Windows\System32\MTFServer.dll [260608] O44 - LFC:[MD5.E0640DE5407EEE4C6E16D839243B71F9] - 19/04/2016 - 22:35:11 ---A- . (...) -- C:\Windows\SysNative\msmqtrc.mof [9096] O44 - LFC:[MD5.E0640DE5407EEE4C6E16D839243B71F9] - 19/04/2016 - 22:35:11 ---A- . (...) -- C:\Windows\System32\msmqtrc.mof [9096] O44 - LFC:[MD5.05F708862208039E46E5387AF1F66FFA] - 19/04/2016 - 22:21:45 ---A- . (...) -- C:\Windows\diagerr.xml [10449] O44 - LFC:[MD5.692CA5EBC9E0CEF0A8D0BE4DF7400CEE] - 19/04/2016 - 22:21:45 ---A- . (...) -- C:\Windows\diagwrn.xml [9528] O44 - LFC:[MD5.D5DC1AB57C27E2E43D5CBA581879093E] - 19/04/2016 - 22:21:03 ---A- . (...) -- C:\Windows\SysNative\emptyregdb.dat [23108] O44 - LFC:[MD5.D5DC1AB57C27E2E43D5CBA581879093E] - 19/04/2016 - 22:21:03 RSHAD . (...) -- C:\Windows\System32\emptyregdb.dat [23108] O44 - LFC:[MD5.A6A4A216334E5016136EA16160963C3B] - 19/04/2016 - 22:01:55 ---A- . (...) -- C:\Windows\SysNative\lvcoinst.log [4661] O44 - LFC:[MD5.A6A4A216334E5016136EA16160963C3B] - 19/04/2016 - 22:01:55 RSHAD . (...) -- C:\Windows\System32\lvcoinst.log [4661] O44 - LFC:[MD5.64AEB5790901EA8854884981F104CAA6] - 19/04/2016 - 22:01:55 RSHAD . (.Logitech, Inc. - Logitech Non-Plug and Play Driver..) -- C:\Windows\System32\Drivers\LNonPnP.sys [18960] O44 - LFC:[MD5.38CE00D22F97F40FCD9FFCC6674D4109] - 19/04/2016 - 21:56:56 ---A- . (...) -- C:\Windows\SysNative\NetSetupMig.log [27068] O44 - LFC:[MD5.38CE00D22F97F40FCD9FFCC6674D4109] - 19/04/2016 - 21:56:56 RSHAD . (...) -- C:\Windows\System32\NetSetupMig.log [27068] O44 - LFC:[MD5.BFE0A734E3548010B55C4FFF5F9B7D69] - 19/04/2016 - 21:23:52 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [24608] O44 - LFC:[MD5.BFE0A734E3548010B55C4FFF5F9B7D69] - 19/04/2016 - 21:23:52 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [24608] O44 - LFC:[MD5.BFE0A734E3548010B55C4FFF5F9B7D69] - 19/04/2016 - 21:23:52 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [24608] O44 - LFC:[MD5.BFE0A734E3548010B55C4FFF5F9B7D69] - 19/04/2016 - 21:23:52 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [24608] O44 - LFC:[MD5.66D791B1196A16A8113155C7CE729DD9] - 16/04/2016 - 09:51:14 ---A- . (...) -- C:\Windows\SysNative\cc_20160416_105110.reg [6420] O44 - LFC:[MD5.66D791B1196A16A8113155C7CE729DD9] - 16/04/2016 - 09:51:14 RSHAD . (...) -- C:\Windows\System32\cc_20160416_105110.reg [6420] O44 - LFC:[MD5.D312415896845D7DE180AAC217C9217B] - 03/08/2015 - 11:04:42 ---A- . (...) -- C:\Windows\SysNative\nvcoproc.bin [5133709] O44 - LFC:[MD5.D312415896845D7DE180AAC217C9217B] - 03/08/2015 - 11:04:42 RSHAD . (...) -- C:\Windows\System32\nvcoproc.bin [5133709] ~ Files: 1161 Legitimates Scanned in 01mn 00s ---\\ Déni du service (Local Security Authority) (O48) O48 - LSA:Local Security Authority Security Packages . (...) -- C:\Windows\System32\livessp.dll ~ LSA: 9 Legitimates Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\Ahcache.sys . (.Microsoft Corporation - Application Compatibility Cache.) -- C:\Windows\System32\Drivers\Ahcache.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\iai2c.sys . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) -- C:\Windows\System32\Drivers\iai2c.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\SpbCx.sys . (.Microsoft Corporation - SPB Class Extension.) -- C:\Windows\System32\Drivers\SpbCx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\uefi.sys . (.Microsoft Corporation - UEFI Driver for NT.) -- C:\Windows\System32\Drivers\uefi.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Pilote du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\Ahcache.sys . (.Microsoft Corporation - Application Compatibility Cache.) -- C:\Windows\System32\Drivers\Ahcache.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\SpbCx.sys . (.Microsoft Corporation - SPB Class Extension.) -- C:\Windows\System32\Drivers\SpbCx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\uefi.sys . (.Microsoft Corporation - UEFI Driver for NT.) -- C:\Windows\System32\Drivers\uefi.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Pilote du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgr.sys ~ CSB: 24 Legitimates Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) ~ TDSD: 3 Legitimates Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (O54) ~ MSCP: 2 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "DSCAutomationHostEnabled"=2 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 O55 - MWPS:[HKLM\...\Policies\System] - "SoftwareSASGeneration"=1 ~ MWPS: 23 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRecentDocsHistory"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "EnableShellExecuteHooks"=1 ~ Keys: Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.2C5B3035B86770ADD2FE9BFBAF5B35A4] - 30/10/2015 - 08:17:22 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [107360] O58 - SDL:[MD5.6106653B08F4F72EEAA7F099E7C408A4] - 07/03/2013 - 09:49:18 ---A- . (...) -- C:\Windows\System32\epmntdrv.sys [17480] O58 - SDL:[MD5.F17F09BA097D8EC3CE2084FA97886B85] - 07/03/2013 - 09:49:20 ---A- . (...) -- C:\Windows\SysWOW64\epmntdrv.sys [13896] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ~ Keys: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\Launcher.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {CDDCA969-4F74-4460-8337-F8D6A04EF015} - (Propositions de recherche Amazon.fr) - http://www.amazon.fr O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) O83 - Search Svchost Services: DcpSvc (DcpSvc) . (.Microsoft Corporation - dcpsvc Task.) -- C:\Windows\System32\dcpsvc.dll [186880] O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Service Assistant Connectivité réseau Microsoft.) -- C:\Windows\System32\ncasvc.dll [168960] O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Service Configuration du réseau.) -- C:\Windows\System32\NetSetupSvc.dll [207360] O83 - Search Svchost Services: RetailDemo (RetailDemo) . (.Microsoft Corporation - RDXService.) -- C:\Windows\System32\RDXService.dll [1090048] O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Service de géolocalisation.) -- C:\Windows\System32\lfsvc.dll [27136] O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\Windows\System32\dmwappushsvc.dll [57856] O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) -- C:\Windows\System32\XboxNetApiSvc.dll [1035776] O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Mettre à jour la session Orchestrator Core.) -- C:\Windows\System32\usocore.dll [360960] O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) -- C:\Windows\System32\XblGameSave.dll [1139712] O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - DLL Windows Management Service.) -- C:\Windows\System32\Windows.Internal.Management.dll [278016] O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) -- C:\Windows\System32\usermgr.dll [912384] O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) -- C:\Windows\System32\XblAuthManager.dll [948736] ~ Services: 41 Legitimates Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.4F73F2A8D25F8E11849FC93A72F11210] [SPRF][20/04/2016] (.Emjysoft - Comptabilité Personnelle.) -- C:\Users\Pierre\AppData\Local\Temp\Comptabilité Personnelle_installation.exe [17336984] [MD5.4B2AD120AB6091450D21C498DC7D1147] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.00D57B0F-01FA-B79F-08D6-878ED20C4C9B.1.Public.AppUpdate.dat [1928] [MD5.72B4E353D294A9B97ABF7C90072F00BB] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.0862A72D-A96C-83E5-AD0F-78B6AA06F9C6.1.Public.AppUpdate.dat [1890] [MD5.591CB4D37FEA1859CB344D1D4071D596] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.0C8CF327-9D17-CCDE-18AF-DFF4F20070E5.1.Public.AppUpdate.dat [1912] [MD5.781D054E264619A28312DCC5E8E9BE0A] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.18DDC675-D472-0DB4-9563-7DF7C34F512C.1.Public.AppUpdate.dat [1898] [MD5.8574F4F650C119636EE9A5B56C43B38D] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.1A7994D6-5342-8581-71FB-A2BD1C895D93.1.Public.AppUpdate.dat [1896] [MD5.4E055B781FAE0BA9245A6048585E5FCE] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.1F63B8C3-2D48-9497-0A0A-2CBD462EDE76.1.Public.AppUpdate.dat [1888] [MD5.3B60621FB18D50658F8435D541DC26C6] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.1FE89C0B-9BED-CC5D-7426-9E4025D6BDD9.1.Public.AppUpdate.dat [1884] [MD5.F1303C4E14F1B18EBBB09F5A16ACAB63] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.32A48683-F264-932C-7870-B93BB448ED69.1.Public.AppUpdate.dat [1894] [MD5.235F49A576BC18E13F8FAFCED612B1AD] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.3BFD26C9-8DA9-B940-F638-55890012AAB4.1.Public.AppUpdate.dat [1898] [MD5.E8A844A9AEB2A9A28FD2E135C0A1468C] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.50611331-FE19-D366-B049-694B8AC9D758.1.Public.AppUpdate.dat [1892] [MD5.7D0AD919C88AB9BD450775848121AEB2] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.558F5D32-0827-EB7B-6AD6-D5DB4138B3AA.1.Public.AppUpdate.dat [1900] [MD5.F068D8E68FE5BEF36307FCF99BC11BDE] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.664AA17A-2D25-0823-3315-3708FE16147A.1.Public.AppUpdate.dat [1886] [MD5.C57B9F883B79A95F1E487F093E58B9FE] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.674C4C14-7BAA-F782-E214-956DC3BEDF39.1.Public.AppUpdate.dat [1890] [MD5.42724EE2D5EFBABF6849836EC837C082] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.68BC3251-2D8B-A604-92BA-893638CA72EA.1.Public.AppUpdate.dat [1906] [MD5.E9BBBB1C2D6DA5FA8566B9FE64A09DCA] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.69F3BCAB-8975-C526-30F5-39FA70C77AD9.1.Public.AppUpdate.dat [1890] [MD5.4CDFB47000B9A62E80C1E7A2C776B597] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.6D151227-6BD9-726D-B30E-A8A018DCC82B.1.Public.AppUpdate.dat [1890] [MD5.2AD5353D1F1CF7B4CD59DB07CBE3DFF8] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.6EA6FC2E-9305-586B-3411-02826D151533.1.Public.AppUpdate.dat [1820] [MD5.86244D0C30262E6DAC9AA5FAD1B25711] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.8F700A8E-3731-B777-A6DD-000FE1F8FCB2.1.Public.AppUpdate.dat [1894] [MD5.D0839D5E16E5F3A7CA2F5F9FFF96F7D3] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.993325CD-9CA8-DD49-50C4-377C092AEF1B.1.Public.AppUpdate.dat [1892] [MD5.3BF7236EF7FFBF5879419031602DF446] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.9D4DED89-CABC-F4FB-8133-BC5EDB1C7EDA.1.Public.AppUpdate.dat [1896] [MD5.37760E95045688F164A8967E8269FB9B] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.9NBLGGH1ZRPV.0.Public.Full.dat [91080] [MD5.7D7DF7F73CEC06ED0FAE77ACB7CB7068] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.9WZDNCRFJ140.0.Public.Full.dat [135498] [MD5.32A7DEAA471D5C6EC77E3BCF441D0A8A] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.A8849751-10C4-3F5D-1F42-DA79DB2C7BE9.1.Public.AppUpdate.dat [1896] [MD5.CD1FF9251AF57BEDF392983CB66288E3] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.A90B8400-D36D-8235-8BF2-A21A53D3FB65.1.Public.AppUpdate.dat [1894] [MD5.ED23D72E196DAAA48FCE96B5C3AB48B8] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.AB7C46F6-66DE-8533-C6B1-FFE36BF92E97.1.Public.AppUpdate.dat [1892] [MD5.55E62D60A390A8D9DB4525ACDACA9546] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.B1B6FBCA-CD11-CB52-6CA7-06B47EB7C197.1.Public.AppUpdate.dat [1906] [MD5.431141E107F1B2CE979E813905221360] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.E336BB8F-16ED-7CBE-AFEE-971DD3041585.1.Public.AppUpdate.dat [1798] [MD5.F76D322D57A5403632B23579A9E96E05] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.E6658C19-4221-2EBE-763A-F0493FBA2BB0.1.Public.AppUpdate.dat [1894] [MD5.A5A8D81660382A3759A80BB044F72669] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.E6D3B497-80AF-7F14-F9E6-9606EE369FC3.1.Public.AppUpdate.dat [1786] [MD5.233A2F8BF36031D44AB05466020246D9] [SPRF][20/04/2016] (...) -- C:\Users\Pierre\AppData\Local\Temp\sa.FACF9DDE-1FF1-B57D-4D1D-CE479FDD42AF.1.Public.AppUpdate.dat [1908] [MD5.2A2AB61481A50C0D304796A2CD969787] [SPRF][20/04/2016] (.Skype Technologies S.A. - Skype.) -- C:\Users\Pierre\AppData\Local\Temp\SkypeSetup.exe [43555968] [MD5.E3C00E96581881CA8819EE4873DD22E8] [SPRF][27/10/2014] (...) -- C:\Users\Pierre\AppData\Roaming\soundyg.dll [701] [MD5.EE66FEC5D7695D605C8C6CCBCD004B0A] [SPRF][21/01/2012] (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Program Files (x86)\Money2005-FR-QFE3.exe.exe [25342240] ~ Files: Scanned in 00mn 03s ---\\ Firewall Active Exception List (FirewallRules) (O87) ~ Firewall: 266 Legitimates Scanned in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.11340 - (29/03/2013) Clés trouvées (Keys found) : 3 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing C:\ProgramData\Software =>Adware.Boxore ~ Additionnel: Scanned in 00mn 23s ---\\ Product Upgrade Codes (O90) O90 - PUC: "1264697ABF05185408CF90F14E6A50EC" . (.DriversCloud.com (64 bits).) -- C:\Windows\Installer\{A7964621-50FB-4581-80FC-091FE4A605CE}\maconfico O90 - PUC: "1E5B862CAD5AFD112A980005650C0080" . (.Paragon Backup & Recovery™ 2013 Free.) -- C:\Windows\Installer\{C268B5E1-A5DA-11DF-A289-005056C00008}\ARPPRODUCTICON.exe O90 - PUC: "4EA42A62D9304AC4784BF2381208770F" . (.Java 8 Update 77.) -- C:\Program Files (x86)\Java\jre1.8.0_77\\bin\javaws.exe O90 - PUC: "6472B7FF820948744B7ECCC86AC79FD8" . (.Scrabble3D.) -- C:\Windows\Installer\{FF7B2746-9028-4784-B4E7-CC8CA67CF98D}\MmDefaultProductIcon.3.1.4.ico.exe O90 - PUC: "8EDFC91514A7F5A4A8313D98E7AD2CE3" . (.Elevated Installer.) -- C:\Windows\Installer\{519CFDE8-7A41-4A5F-8A13-D3897EDAC23E}\express.ico O90 - PUC: "EE45E936AC59EAC47997B63AD2E5FA84" . (.Windows Phone app for desktop.) -- C:\Windows\Installer\{639E54EE-95CA-4CAE-9779-6BA32D5EAF48}\WindowsPhoneConnectorIcon ~ Update Products: 116 Legitimates Scanned in 00mn 00s ---\\ MyComputer Name Space (O92) O92 - MNS: - {088e3905-0323-4b02-9826-5d99428e115f} O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE} O92 - MNS: - {24ad3ad4-a569-4530-98e1-ab02f9417aa8} O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B} O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA} O92 - MNS: - {3dfdf296-dbec-4fb4-81d1-6a3438bcf4de} O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C} O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0} O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} O92 - MNS: - {d3162b92-9365-467a-956b-92703aca08af} O92 - MNS: - {f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a} ~ MNS: Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 13/12/2015 82128 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Auto 15/04/2016 269504 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 23/04/2016 243296 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 11/01/2007 126464 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.exe SR - | Auto 30/12/1899 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe SR - | Auto 09/06/2011 264008 | (FPLService) . (.HP.) - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe SS - | Demand 29/10/2015 777744 | (Garmin Device Interaction Service) . (.Garmin Ltd. or its subsidiaries.) - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe SR - | Auto 06/09/2015 144200 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 06/09/2015 144200 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 19/05/2015 99128 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe SS - | Demand 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe SS - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe SR - | Auto 24/02/2011 212944 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe SS - | Demand 02/07/2015 356808 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe SR - | Auto 01/02/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 07/10/2009 191000 | (LVPrcS64) . (.Logitech Inc..) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe SS - | Auto 19/03/2016 146888 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 05/02/2014 1593632 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe SR - | Auto 05/02/2014 16941856 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe SR - | Auto 07/08/2015 937592 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe SR - | Auto 01/08/2013 246488 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe SS - | Auto 23/03/2016 327808 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 04/03/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 20/03/2016 254904 | (Unchecky) . (.RaMMicHaeL.) - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe SR - | Auto 01/02/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Demand 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe SR - | Auto 167936 | (WlanWpsSvc) . (...) - C:\Program Files\TRENDnet\TEW-649UB\WlanWpsSvc.exe SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SS - | Demand 30/10/2015 43944 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 02s End of the scan (777 lines in 03mn 39s)(0)