~ Rapport de ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014) ~ Lancé par UTILISATEUR (21/10/2017 09:02:59) ~ Adresse du Site Web http://nicolascoolman.fr ~ Adresse du Forum http://forum.nicolascoolman.fr ~ Traduit par Nicolas Coolman ~ Etat de la version : Nouvelle version disponible ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.18792 MFIE: Mozilla Firefox 56.0 (Defaut) GCIE: Google Chrome ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Professional, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows Operating System - Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 7TP9F Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Bitdefender 60-Second Virus Scanner v1.0.3.76 Malwarebytes Anti-Malware version 2.2.1.1043 Windows Defender W7 (Activate) ---\\ Logiciels d'optimisation du système CCleaner v4.18 ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 27 NPAPI ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1976 MB (32% free) System Restore: Activé (Enable) System drive C: has 52 GB (44%) free of 117 GB ---\\ Mode de connexion au système ~ Computer Name: UTILISATEUR-PC ~ User Name: UTILISATEUR ~ All Users Names: UTILISATEUR, svzxxvnbe, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\UTILISATEUR\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\UTILISATEUR\AppData\Roaming\ ~ %Desktop% : C:\Users\UTILISATEUR\Desktop\ ~ %Favorites% : C:\Users\UTILISATEUR\Favorites\ ~ %LocalAppData% : C:\Users\UTILISATEUR\AppData\Local\ ~ %StartMenu% : C:\Users\UTILISATEUR\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 52 Go of 117 Go) D: Hard drive, Flash drive, Thumb drive (Free 17 Go of 116 Go) E: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 49 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.6DDCA324434FFA506CF7DC4E51DB7935] - (.Microsoft Corporation - Explorateur Windows.) (.29/08/2016 - 14:55:07.) -- C:\Windows\Explorer.exe [2972672] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.1B1AE8AF0EADBDA58DF2658E68EA1BE5] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/08/2017 - 15:17:15.) -- C:\Windows\System32\wininet.dll [2767872] [MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 01:39:27.) -- C:\Windows\System32\Winlogon.exe [304128] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 12:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.F582FC7976F1248AC5FBD6875C626B41] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/04/2017 - 14:52:22.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 08:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.EA9DBD76CE9254C77BAAB4339DD4C4FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.08/09/2016 - 14:49:56.) -- C:\Windows\system32\Drivers\DfsC.sys [81408] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 09:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.0D045D242E8E1095EDBF0832F1E2B0F4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.11/08/2017 - 05:56:17.) -- C:\Windows\system32\Drivers\MRxSmb.sys [124416] [MD5.2E226E666C6E11DC8C850071A90BE2DC] - (.Microsoft Corporation - MBT Transport driver.) (.11/08/2017 - 05:55:55.) -- C:\Windows\system32\Drivers\netBT.sys [188928] [MD5.28B64D3792D4F692E45ECB0C3F98C19B] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.09/06/2017 - 15:17:18.) -- C:\Windows\system32\Drivers\ntfs.sys [1213672] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 10:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.8F143F86FDD8CF4F7BD25973C5983F9D] - (.Microsoft Corporation - TDI Translation Driver.) (.29/07/2017 - 14:50:58.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 12:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/7782 ~ Mes musiques (My Musics) : 83/132 ~ Mes Videos (My Videos) : 1/28 ~ Mes Favoris (My Favorites) : 1/46 ~ Mes Documents (My Documents) : 13/130 ~ Mon Bureau (My Desktop) : 69/1618 ~ Menu demarrer (Programs) : 1/62 ~ Hidden Files: Scanned in 00mn 09s ---\\ Processus lancés [MD5.706A74BC6E176DD9D4C8584B41B99076] - (...) -- C:\Program Files\Winamp\winampa.exe [24576] [PID.1984] [MD5.08E7173D1B74095335052459200CB1EA] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe [421888] [PID.2016] [MD5.6CCBE90D8EAE1A5A613B0777ED7E96EC] - (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [30208] [PID.248] [MD5.F152A1C1F9CE2F13056D3BFB14F001CE] - (.Pas de propriétaire - AutoDect.) -- C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe [128864] [PID.308] [MD5.FE7CE849DB8C3986B2E721C6A3184FAA] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [287800] [PID.360] [MD5.FB0C8699B87F7140BB6201BE7B4B6778] - (.Pas de propriétaire - CameraMonitor Application.) -- C:\Windows\vsnpstd3.exe [827392] [PID.796] [MD5.87D78CF6365BDDACBE9D34B60FE0E23B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.1020] [MD5.89D3DE5E2C77DCD99C56F0E46310AEA0] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [172568] [PID.1108] [MD5.AFD15F701B550037FFDDE6B18171479D] - (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816] [PID.1268] [MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.1236] [MD5.84907971C76F93C3BF746EEED058DE8B] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [352648] [PID.1404] [MD5.D60B612673B5C8AF060F4EB7204F62B5] - (.Pas de propriétaire - RealDownloader.) -- C:\Program Files\Real\RealDownloader\downloader2.exe [730864] [PID.1776] [MD5.36175CB59779F47DB2D6E18F06D2F2CF] - (.Bitdefender - 60-Second Interface.) -- C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [261984] [PID.1364] [MD5.A7A1A43C0D9782E0E46C0D3F2E9DB4B2] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [28787840] [PID.2292] [MD5.001B2CD2D45BC59575BA0F1A4A997682] - (. Hewlett-Packard Development Company, L.P. - Volume related element.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe [76856] [PID.2316] [MD5.4AA72293C27BA6CF8C5F8A76542919F2] - (.RealNetworks, Inc. - RealPlayer with RealTimes.) -- C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe [7425296] [PID.2544] [MD5.F308D7378BF60B91DA495FCAA1C216E7] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe [4811032] [PID.3120] [MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.3212] [MD5.12A819FD070C26877A2C2D32EEF276F9] - (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe [6852224] [PID.944] [MD5.52FFABA4273678BAE75442F2BC85B470] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [531408] [PID.6080] [MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8099328] [PID.2448] [MD5.8737C6345141BB27430A836D359E23FF] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [136192] [PID.2324] [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.0] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\UTILISATEUR\AppData\Local\Google\Chrome\User Data\Default\Preferences ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 0 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (1) ~ Hosts File: Scanned in 00mn 00s ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealDownloader - RealTimes Video Downloader.) -- C:\program files\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll ~ BHO: 12 Legitimates Filtered in 00mn 00s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [WinampAgent] . (...) -- C:\Program Files\Winamp\Winampa.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe O4 - HKLM\..\Run: [RemoteControl] . (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [autodetect] . (.Pas de propriétaire - AutoDect.) -- C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe O4 - HKLM\..\Run: [snpstd3] . (.Pas de propriétaire - CameraMonitor Application.) -- C:\Windows\vsnpstd3.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files\real\realplayer\Update\realsched.exe =>.RealNetworks, Inc O4 - HKLM\..\Run: [RealDownloader] . (.Pas de propriétaire - RealDownloader.) -- C:\Program Files\Real\RealDownloader\downloader2.exe O4 - HKCU\..\Run: [Weather Widget (HTC Home)] . (.Pas de propriétaire - Weather widget for HTC Home 3.) -- C:\Program Files\HTC Home\Weather.exe O4 - HKCU\..\Run: [pdiface] . (.Bitdefender - 60-Second Interface.) -- C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Update Core.) -- C:\Users\UTILISATEUR\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe O4 - HKCU\..\Run: [SysinfY2X] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\WINDOWS\system32\cmd.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-572092862-3927737235-3867462957-1000\..\Run: [Weather Widget (HTC Home)] . (.Pas de propriétaire - Weather widget for HTC Home 3.) -- C:\Program Files\HTC Home\Weather.exe O4 - HKUS\S-1-5-21-572092862-3927737235-3867462957-1000\..\Run: [pdiface] . (.Bitdefender - 60-Second Interface.) -- C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe O4 - HKUS\S-1-5-21-572092862-3927737235-3867462957-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd O4 - HKUS\S-1-5-21-572092862-3927737235-3867462957-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-572092862-3927737235-3867462957-1000\..\Run: [Google Update] . (.Google Inc. - Google Update Core.) -- C:\Users\UTILISATEUR\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe O4 - HKUS\S-1-5-21-572092862-3927737235-3867462957-1000\..\Run: [SysinfY2X] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\WINDOWS\system32\cmd.exe =>.Microsoft Corporation ~ Application: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{06869FB6-87B7-43CE-8FD8-4936E71817F3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{06869FB6-87B7-43CE-8FD8-4936E71817F3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{06869FB6-87B7-43CE-8FD8-4936E71817F3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: IAM Imola Modem Device Helper (IAM Imola Modem Device Helper) . (...) - C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) . (...) - C:\program files\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe ~ Services: 14 Legitimates Filtered in 00mn 04s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{003792EE-C879-4E0C-932E-84ED726B3135}] (...) -- C:\Users\UTILISATEUR\Downloads\ZHPDiag2(1).exe (.not file.) [0] ~ Scheduled Task: 36 Legitimates Filtered in 00mn 05s ---\\ HKCU & HKLM Software Keys [HKCU\Software\APN PIP] [HKCU\Software\Audio Explosion] [HKCU\Software\PDF Tools AG] [HKCU\Software\Popcorn Time] [HKCU\Software\PopcornTime] [HKLM\Software\Audio Explosion] [HKLM\Software\PDF Tools AG] ~ Key Software: 227 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 12/11/2015 - 22:00:40 - [] ----D C:\Program Files\Common Files\AV O43 - CFD: 22/07/2015 - 22:48:00 - [] ----D C:\Users\UTILISATEUR\AppData\Local\CEF O43 - CFD: 15/06/2015 - 20:24:33 - [0] -SH-D C:\Users\UTILISATEUR\AppData\Local\EmieBrowserModeList O43 - CFD: 02/06/2015 - 05:17:59 - [] ----D C:\Users\UTILISATEUR\AppData\Local\GWX ~ Program Folder: 185 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.163CA4DA63087B98CB19FEF1CE0F10A0] - 20/10/2017 - 17:30:49 ---A- . (...) -- C:\Windows\System32\rsslogs.20171020172949 [391128] O44 - LFC:[MD5.BF95C8045BD80A6C04F2F6E966EB55F8] - 21/10/2017 - 08:28:00 ---A- . (...) -- C:\Windows\System32\rsslogs.20171021082700 [35028] ~ Files: 13 Legitimates Filtered in 00mn 13s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:18/05/2009 - 16:32:58 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\ADIHdAud.sys [381440] O58 - SDL:14/07/2009 - 01:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:20/07/2007 - 18:50:08 ---A- . (.eMPIA Technology, Inc. - USB 27xx WDM Driver.) -- C:\Windows\System32\Drivers\etDevice.sys [471808] O58 - SDL:14/06/2007 - 17:09:08 ---A- . (.eMPIA Technology Inc. - EM27xx / EM28xx Filter Driver.) -- C:\Windows\System32\Drivers\etFilter.sys [201216] O58 - SDL:23/07/2007 - 21:55:24 ---A- . (.eMPIA Technology, Inc. - USB 27xx WDM Upper Filter.) -- C:\Windows\System32\Drivers\etScan.sys [6656] O58 - SDL:18/08/2013 - 19:20:31 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856] O58 - SDL:13/07/2009 - 22:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624] O58 - SDL:18/08/2013 - 19:20:32 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696] O58 - SDL:09/10/2008 - 03:31:10 ---A- . (.Pas de propriétaire - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [34856] O58 - SDL:09/10/2008 - 03:32:46 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [1810856] O58 - SDL:14/07/2009 - 01:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072] O58 - SDL:22/08/2013 - 12:40:22 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [35288] O58 - SDL:16/10/2014 - 12:59:32 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [34808] O58 - SDL:13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:13/07/2009 - 21:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:13/07/2009 - 21:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:13/07/2009 - 21:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:13/07/2009 - 21:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:13/07/2009 - 21:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:13/07/2009 - 21:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:13/07/2009 - 21:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:13/07/2009 - 21:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:13/07/2009 - 21:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:13/07/2009 - 21:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:13/07/2009 - 21:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:13/07/2009 - 21:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:13/07/2009 - 21:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:13/07/2009 - 21:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 123 Legitimates Filtered in 00mn 03s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {969CACE4-CD96-457D-A1E8-8A453E9514E4} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.70461DA8B94C6CA5D2FDA3260C5A8C3B] [SPRF][01/04/2013] (...) -- C:\Users\UTILISATEUR\AppData\Roaming\A3EF.exe [162] [MD5.DAB96BB8ADEB3BAC9896ADC1902F9F7D] [SPRF][01/04/2013] (...) -- C:\Users\UTILISATEUR\AppData\Roaming\EBA6.exe [285] [MD5.70461DA8B94C6CA5D2FDA3260C5A8C3B] [SPRF][31/03/2013] (...) -- C:\Users\UTILISATEUR\AppData\Roaming\F6FC.exe [162] ~ Files: 4 Legitimates Filtered in 00mn 04s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 17/09/2017 272384 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 18/08/2013 655712 | (Internet Mobile. RunOuc) . (...) - C:\Program Files\Internet Mobile\UpdateDog\ouc.exe SS - | Demand 06/10/2017 175568 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 23/10/2007 382248 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 10/07/1658 0 | (Update service) . (...) - C:\Program Files\Popcorn Time\Updater.exe SR - | Auto 19/07/2017 83032 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 15/07/2008 90112 | (AEADIFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AEADISRV.exe SR - | Auto 03/12/2009 26112 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agrsmsvc.exe SR - | Demand 12/01/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe SR - | Auto 14/12/2016 2241992 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe SR - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe SR - | Auto 13/05/2011 26168 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe SR - | Auto 14/03/2011 271712 | (HWDeviceService.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService.exe SR - | Auto 14/03/2012 53312 | (IAM Imola Modem Device Helper) . (...) - C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe SR - | Auto 20/09/2007 853288 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe SR - | Auto 11/11/2013 1221384 | (pdserv) . (.Bitdefender.) - C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe SR - | Auto 11/11/2016 35104 | (RealPlayerUpdateSvc) . (...) - C:\program files\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe SR - | Auto 02/12/2016 987408 | (RealTimes Desktop Service) . (.RealNetworks, Inc..) - c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe SR - | Auto 08/08/2005 167936 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 11s ---\\ Scan Additionnel (O88) Database Version : 13026 - (28/08/2014) Clés trouvées (Keys found) : 1 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKCU\Software\APN PIP] =>Toolbar.Ask ~ Additionnel Scan: 269212 Items scanned in 00mn 32s ---\\ Informations complémentaires sur les modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4) ~ AMI: 3 Legitimates Filtered in 00mn 00s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask ~ MSI: 1 link(s) detected in 00mn 00s ~ 823 Legitimates filtered by white list End of the scan (396 lines in 01mn 52s)(0)