Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ~ Rapport de ZHPDiag v2015.6.4.54 - Nicolas Coolman (31/05/2015)
- ~ Lancé par Rehan (14/06/2015 17:51:42)
- ~ Facebook : https://www.facebook.com/nicolascoolman1
- ~ Adresse du Forum http://forum.nicolascoolman.fr
- ~ Traduit par Nicolas Coolman
- ~ Etat de la version : Version à jour.
- ~ Liste blanche : Activée par le programme
- ~ Elévation des Privilèges : OK
- ~ User Account Control (UAC): Deactivate by program
- ---\\ Navigateurs Internet
- MSIE: Internet Explorer v11.0.9600.17801
- MFIE: Mozilla Firefox 38.0.5 (Defaut)
- ---\\ Informations sur les produits Windows
- ~ Langage: Français
- Windows Server License Manager Script : OK
- Software Protection Service (Protection logicielle) : KO
- Windows Automatic Updates : OK
- Windows Activation Technologies : OK
- Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
- ---\\ Logiciels de protection du système
- Bitdefender Total Security 2015 v18.22.0.1521
- Windows Defender W7 (Deactivate)
- ---\\ Logiciels d'optimisation du système
- CCleaner v5.01
- ---\\ Logiciels de partage PeerToPeer
- qBittorrent 3.1.12 v3.1.12 =>P2P.BitTorrent
- ---\\ Surveillance de Logiciels
- Adobe Flash Player 17 NPAPI
- Adobe Reader XI
- ---\\ Informations sur le système
- ~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
- ~ Operating System: 64 Bits
- Boot mode: Normal (Normal boot)
- Total RAM: 6007 MB (48% free)
- System Restore: Activé (Enable)
- System drive C: has 303 GB (33%) free of 918 GB
- ---\\ Mode de connexion au système
- ~ Computer Name: REHAN-MASTER
- ~ User Name: Rehan
- ~ All Users Names: UpdatusUser, Rehan, HomeGroupUser$, Administrateur,
- ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
- Logged in as Administrator
- ---\\ Variables d'environnement
- ~ System Unit : C:\
- ~ %AppZHP% : C:\Users\Rehan\AppData\Roaming\ZHP\
- ~ %AppData% : C:\Users\Rehan\AppData\Roaming\
- ~ %Desktop% : C:\Users\Rehan\Desktop\
- ~ %Favorites% : C:\Users\Rehan\Favorites\
- ~ %LocalAppData% : C:\Users\Rehan\AppData\Local\
- ~ %StartMenu% : C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\
- ~ %Windir% : C:\Windows\
- ~ %System% : C:\Windows\System32\
- ---\\ Enumération des unités disques
- C: Hard drive, Flash drive, Thumb drive (Free 303 Go of 918 Go)
- D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)
- E: Hard drive, Flash drive, Thumb drive (Free 79 Go of 932 Go)
- F: CD-ROM drive (Not Inserted)
- I: Floppy drive, Flash card reader, USB Key (Not Inserted)
- J: Floppy drive, Flash card reader, USB Key (Not Inserted)
- L: Floppy drive, Flash card reader, USB Key (Not Inserted)
- M: Floppy drive, Flash card reader, USB Key (Not Inserted)
- ---\\ Etat du Centre de Sécurité Windows
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowNetConn: Modified
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
- ~ Security Center: 49 Legitimates Filtered in 00mn 00s
- ---\\ Recherche particulière de fichiers génériques
- [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
- [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
- [MD5.F0289B3A341429117696F0279DA977B6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2015 - 16:27:25.) -- C:\Windows\System32\wininet.dll [2352128]
- [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
- [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
- [MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
- [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
- [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
- [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
- [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
- [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
- [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
- [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
- [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
- [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
- [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
- [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
- [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
- [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
- [MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
- [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
- ~ Generic Processes: Scanned in 00mn 00s
- ---\\ Etat des fichiers cachés (Caché/Total)
- ~ Mes images (My Pictures) : 2/65
- ~ Mes musiques (My Musics) : 1/1219
- ~ Mes Videos (My Videos) : 2/19
- ~ Mes Favoris (My Favorites) : 1/5
- ~ Mes Documents (My Documents) : 3/42192
- ~ Mon Bureau (My Desktop) : 9/1129
- ~ Menu demarrer (Programs) : 1/90
- ~ Hidden Files: Scanned in 00mn 07s
- ---\\ Processus lancés
- [MD5.F575A5AC8F4D2BE570CB095B3DD87B1A] - (.NVIDIA Corporation - NVIDIA Update COM object.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe [1213216] [PID.4024]
- [MD5.F4A755E3A99F4F2324FC2138D30F01B4] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600] [PID.4212]
- [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.2000]
- [MD5.44A9229022A519ED45294A1934C05EEC] - (.Flux Software LLC - f.lux.) -- C:\Users\Rehan\AppData\Local\FluxSoftware\Flux\flux.exe [1017224] [PID.4456]
- [MD5.34084D25BE6F48D072AA54DE630438FD] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896] [PID.5256]
- [MD5.E217E93D3056019E540C79F9218166C8] - (.Pas de propriétaire - CmEye MFC Application.) -- C:\Windows\system\Cm106eye.exe [221184] [PID.5352]
- [MD5.3B1CB9F8458B5920B935219F80003613] - (.Bitdefender - Wallet Apps Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\bdwtxapps.exe [281048] [PID.5480]
- [MD5.923FE895B22B22A9CA03C72F3D15CE20] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.2752]
- [MD5.2AA1614EE07205B6E508358CEC3DC39F] - (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Users\Rehan\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe [9266120] [PID.3512]
- [MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8214016] [PID.6684]
- [MD5.9B660F85D4B9FE235DBD45A39CC76F8A] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [270960] [PID.6808]
- [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [7168] [PID.4260]
- [MD5.0887B293199AA2055888FABA989ED0A6] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [413472] [PID.980]
- [MD5.FECA9F830A5C6BAB9978E6781A26AE2B] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816] [PID.1540]
- [MD5.5B33709F7FE59BB625F113EED86AFC5C] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672] [PID.2064]
- [MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.2176]
- [MD5.FA4A45C179AB0E0F1A31B9751D4B18D7] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2976]
- [MD5.E38775922D4A4C05B5D96733AB4CE169] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.3060]
- [MD5.A9AFE5B0648C8D7A411A72D8222F7F6E] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1826592] [PID.3228]
- [MD5.12B7C7668E6441529E087D1D0E1E032A] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768] [PID.3264]
- [MD5.831883B107684301F48ACE752C963984] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [66872] [PID.3344]
- [MD5.E1E13735B6D2FE4FFEAEB91989B9C46F] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176] [PID.3584]
- [MD5.4BA3BFF03B1A10E49B590BE3C4D79C10] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 12.0 (component).) -- C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152] [PID.6576]
- [MD5.F13EC8A783E0CB0D6DC26A3CA848B7B8] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [67224] [PID.5728]
- [MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.4852]
- [MD5.02C298382359653BEC4C737C2AB7F9C5] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.6992]
- ~ Processes Running: Scanned in 00mn 00s
- ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
- M2 - MFEP: Extension [Rehan - ne8iq2dt.default] client@anonymox.net.xpi
- M2 - MFEP: Extension [Rehan - ne8iq2dt.default] firefox@corobizar.com.xpi
- M2 - MFEP: Extension [Rehan - ne8iq2dt.default] info@djzig.com
- M2 - MFEP: Extension [Rehan - ne8iq2dt.default] jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi
- M2 - MFEP: Extension [Rehan - ne8iq2dt.default] {77d2ed30-4cd2-11e0-b8af-0800200c9a66}
- P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
- P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)
- ~ Firefox Browser: 35 Legitimates Filtered in 00mn 00s
- ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
- R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
- ~ IE Browser: 13 Legitimates Filtered in 00mn 00s
- ---\\ Internet Explorer, Proxy Management (R5)
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 117.165.40.75:8123
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
- ~ Proxy management: Scanned in 00mn 00s
- ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
- F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
- F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
- F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
- ~ Keys: Scanned in 00mn 00s
- ---\\ Hosts file redirection (O1)
- ~ Le fichier hôte est sain (The hosts file is clean) (21)
- ~ Hosts File: Scanned in 00mn 00s
- ---\\ Browser Helper Objects de navigateur (O2)
- O2 - BHO: Adblock Plus for IE Browser Helper Object [64Bits] - {FFCB3198-32F3-4E8B-9539-4324694ED664} . (.Adblock Plus - Adblock Plus Module.) -- C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
- ~ BHO: 18 Legitimates Filtered in 00mn 00s
- ---\\ Internet Explorer Toolbars (O3)
- O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
- O3 - Toolbar: Bitdefender Wallet - [HKLM]{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} . (.Bitdefender - Bitdefender Password Manager Internet Explo.) -- C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll
- O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
- O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Clé orpheline
- O3 - Toolbar\WebBrowser: (no name) - [HKCU]{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} Clé orpheline
- ~ Toolbar: Scanned in 00mn 00s
- ---\\ Applications lancées au démarrage du système (O4)
- O4 - HKLM\..\Run: [Cm106Sound] . (.C-Media Corporation - CmiCnfg DLL.) -- C:\Windows\Syswow64\cm106.dll
- O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] . (.Primax Electronics Ltd. - Mouse Suite 98 Daemon.) -- C:\Windows\System32\ICO.exe
- O4 - HKLM\..\Run: [Bdagent] . (.Bitdefender - Bitdefender Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
- O4 - HKCU\..\Run: [f.lux] . (.Flux Software LLC - f.lux.) -- C:\Users\Rehan\AppData\Local\FluxSoftware\Flux\flux.exe
- O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
- O4 - HKCU\..\Run: [Bitdefender Wallet Agent] . (.Bitdefender - Bitdefender Wallet Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
- O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
- O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
- O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
- O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
- O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
- O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
- O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
- O4 - HKUS\S-1-5-21-4111806079-4223490122-3399138093-1000\..\Run: [f.lux] . (.Flux Software LLC - f.lux.) -- C:\Users\Rehan\AppData\Local\FluxSoftware\Flux\flux.exe
- O4 - HKUS\S-1-5-21-4111806079-4223490122-3399138093-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
- O4 - HKUS\S-1-5-21-4111806079-4223490122-3399138093-1000\..\Run: [Bitdefender Wallet Agent] . (.Bitdefender - Bitdefender Wallet Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
- O4 - HKUS\S-1-5-21-4111806079-4223490122-3399138093-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
- ~ Application: Scanned in 00mn 00s
- ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
- O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office15\ONBttnIE.dll (.not file.)
- O9 - Extra button: Cliquer pour appeler Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office\Office15\lync.exe
- O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office15\ONBTTN~1.dll (.not file.)
- O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
- ~ IE Extra Buttons: Scanned in 00mn 00s
- ---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
- O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
- O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com
- O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com
- O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com
- O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com
- ~ IE Zone Confiance: Scanned in 00mn 00s
- ---\\ Modification Domaine/Adresses DNS (O17)
- O17 - HKLM\System\CCS\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
- O17 - HKLM\System\CCS\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: DhcpNameServer = 192.168.1.254
- O17 - HKLM\System\CCS\Services\Tcpip\..\{1A295C8F-DC4D-4F02-8E2C-D0A693558E45}: DhcpNameServer = 7.254.254.254
- O17 - HKLM\System\CCS\Services\Tcpip\..\{435E6C4F-93F1-4921-9EC3-E70C2D8D7E15}: DhcpNameServer = 172.20.2.39 172.20.2.10
- O17 - HKLM\System\CCS\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: DhcpDomain = lan
- O17 - HKLM\System\CS1\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
- O17 - HKLM\System\CS1\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: DhcpNameServer = 192.168.1.254
- O17 - HKLM\System\CS1\Services\Tcpip\..\{1A295C8F-DC4D-4F02-8E2C-D0A693558E45}: DhcpNameServer = 7.254.254.254
- O17 - HKLM\System\CS1\Services\Tcpip\..\{435E6C4F-93F1-4921-9EC3-E70C2D8D7E15}: DhcpNameServer = 172.20.2.39 172.20.2.10
- O17 - HKLM\System\CS1\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: DhcpDomain = lan
- O17 - HKLM\System\CS2\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
- O17 - HKLM\System\CS2\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: DhcpNameServer = 192.168.1.254
- O17 - HKLM\System\CS2\Services\Tcpip\..\{1A295C8F-DC4D-4F02-8E2C-D0A693558E45}: DhcpNameServer = 7.254.254.254
- O17 - HKLM\System\CS2\Services\Tcpip\..\{435E6C4F-93F1-4921-9EC3-E70C2D8D7E15}: DhcpNameServer = 172.20.2.39 172.20.2.10
- O17 - HKLM\System\CS2\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: DhcpDomain = lan
- O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
- ~ Domain: Scanned in 00mn 00s
- ---\\ Protocole additionnel (O18)
- O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
- O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
- ~ Protocole Additionnel: Scanned in 00mn 00s
- ---\\ Liste des services NT non Microsoft et non désactivés (O23)
- O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) . (...) - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (.not file.)
- ~ Services: 24 Legitimates Filtered in 00mn 09s
- ---\\ Tâches planifiées en automatique (O39)
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4111806079-4223490122-3399138093-1000Core [906]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4111806079-4223490122-3399138093-1000UA [928]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\HP Photo Creations Messager [256]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForRehan [332]
- ~ Scheduled Task: 5 Legitimates Filtered in 00mn 00s
- ---\\ Logiciels installés (O42)
- O42 - Logiciel: BLOCKADE 3D - (.Shumkov Dmitriy.) [HKLM][64Bits] -- Steam App 302830
- O42 - Logiciel: C&C:Online - (.Revora.) [HKLM][64Bits] -- {1298F091-2180-4779-BDA0-1176247252D0}
- O42 - Logiciel: C9 - (.WEBZEN.) [HKLM][64Bits] -- C9(Continent of the Ninth Seal)_is1
- O42 - Logiciel: Evolve - (.Turtle Rock Studios.) [HKLM][64Bits] -- Steam App 273350
- O42 - Logiciel: KnightShift - (...) [HKLM][64Bits] -- Steam App 254060
- O42 - Logiciel: My Lockbox 2.8 - (...) [HKLM][64Bits] -- My Lockbox_is1
- O42 - Logiciel: Robocraft - (.Freejam.) [HKLM][64Bits] -- Steam App 301520
- O42 - Logiciel: SpeedRunners - (.DoubleDutch Games.) [HKLM][64Bits] -- Steam App 207140
- O42 - Logiciel: The Escapists - (.Mouldy Toof Studios.) [HKLM][64Bits] -- Steam App 298630
- O42 - Logiciel: Ultimatest Battle - (.UNKNOWN.) [HKLM][64Bits] -- com.edioromeh.ub
- O42 - Logiciel: Ultimatest Battle - (.UNKNOWN.) [HKLM][64Bits] -- {9C063B05-1B97-C00A-E1D0-CF7DB113A391}
- O42 - Logiciel: Unturned - (.Nelson Sexton.) [HKLM][64Bits] -- Steam App 304930
- O42 - Logiciel: Video Enhancer 1.9.2 - (.Dee Mon.) [HKLM][64Bits] -- Video Enhancer_is1
- ~ Logic: 62 Legitimates Filtered in 00mn 02s
- ---\\ HKCU & HKLM Software Keys
- [HKCU\Software\ARAR]
- [HKCU\Software\Boneloaf]
- [HKCU\Software\CFS-Technologies]
- [HKCU\Software\Clock Tower Interactive ]
- [HKCU\Software\CoGenMedia]
- [HKCU\Software\Dee Mon]
- [HKCU\Software\Drivers]
- [HKCU\Software\El Conjugador]
- [HKCU\Software\ElConjugador]
- [HKCU\Software\Freejam]
- [HKCU\Software\Mojang]
- [HKCU\Software\NLDT]
- [HKCU\Software\Pando Networks]
- [HKCU\Software\Revora]
- [HKCU\Software\SanDan]
- [HKCU\Software\Smartly Dressed Games]
- [HKCU\Software\SmashGames]
- [HKCU\Software\System32]
- [HKCU\Software\VIVACITY.be]
- [HKCU\Software\VoiceAttack.com]
- [HKCU\Software\Win]
- [HKCU\Software\bsa commander]
- [HKCU\Software\eu.jalada]
- [HKCU\Software\fif]
- [HKCU\Software\iLLectronic]
- [HKCU\Software\spookie]
- [HKLM\Software\Spyshelter]
- [HKLM\Software\VB-Audio]
- [HKLM\Software\Wow6432Node\ARTDINK]
- [HKLM\Software\Wow6432Node\BoL]
- [HKLM\Software\Wow6432Node\DicterRu]
- [HKLM\Software\Wow6432Node\El Conjugador]
- [HKLM\Software\Wow6432Node\Mojang]
- [HKLM\Software\Wow6432Node\One Voice Technologies]
- [HKLM\Software\Wow6432Node\Pando Networks]
- [HKLM\Software\Wow6432Node\Revora]
- [HKLM\Software\Wow6432Node\SJBBB]
- [HKLM\Software\ree7]
- ~ Key Software: 933 Legitimates Filtered in 00mn 02s
- ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
- O43 - CFD: 22/07/2013 - 10:51:26 - [0] ----D C:\Program Files (x86)\Agven
- O43 - CFD: 01/02/2015 - 19:50:25 - [] ----D C:\Program Files (x86)\AppInsights
- O43 - CFD: 25/11/2013 - 02:33:32 - [] ----D C:\Program Files (x86)\AV Voice Changer 8.0 Diamond
- O43 - CFD: 19/02/2014 - 20:57:06 - [] ----D C:\Program Files (x86)\craigworks
- O43 - CFD: 09/05/2015 - 13:48:35 - [] ----D C:\Program Files (x86)\KMSPico 10.0.6 =>PUA.KMSpico
- O43 - CFD: 28/06/2011 - 13:53:15 - [] ----D C:\Program Files (x86)\Music Mixer
- O43 - CFD: 07/03/2014 - 13:19:49 - [] ----D C:\Program Files (x86)\ree7
- O43 - CFD: 17/01/2015 - 11:55:41 - [] ----D C:\Program Files (x86)\Revora
- O43 - CFD: 28/07/2014 - 18:09:26 - [] ----D C:\Program Files (x86)\Sanny Builder 3
- O43 - CFD: 14/06/2015 - 17:16:28 - [] ----D C:\Program Files (x86)\SCANIA Truck Driving Simulator
- O43 - CFD: 13/06/2012 - 18:56:56 - [] ----D C:\Program Files (x86)\SelinguaColumns
- O43 - CFD: 29/07/2014 - 19:57:52 - [] ----D C:\Program Files (x86)\Suce mon boul biatch
- O43 - CFD: 14/06/2015 - 17:16:31 - [] ----D C:\Program Files (x86)\UB
- O43 - CFD: 14/06/2015 - 17:16:31 - [] ----D C:\Program Files (x86)\Video Enhancer
- O43 - CFD: 27/02/2013 - 19:30:18 - [] ----D C:\Program Files (x86)\WorkHorse Games
- O43 - CFD: 15/12/2012 - 13:05:00 - [] ----D C:\ProgramData\El Conjugador
- O43 - CFD: 18/05/2014 - 18:18:01 - [] ----D C:\ProgramData\FaceLift
- O43 - CFD: 27/04/2014 - 12:53:41 - [] ----D C:\ProgramData\SurfEasy VPN
- O43 - CFD: 27/04/2014 - 12:54:10 - [] ----D C:\ProgramData\SurfEasyService
- O43 - CFD: 22/06/2011 - 18:29:57 - [0] --H-D C:\ProgramData\{0ACE0403-C75D-488C-A403-7A57E9848B62}
- O43 - CFD: 23/04/2014 - 23:41:40 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C9
- O43 - CFD: 13/01/2011 - 02:50:18 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
- O43 - CFD: 24/12/2014 - 16:23:45 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magicite
- O43 - CFD: 01/02/2011 - 17:33:13 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manuel de l’utilisateur
- O43 - CFD: 05/10/2012 - 19:09:56 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sayz Me
- O43 - CFD: 28/07/2012 - 15:49:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCANIA Truck Driving Simulator
- O43 - CFD: 14/07/2009 - 09:44:38 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
- O43 - CFD: 28/04/2012 - 12:22:30 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboGo
- O43 - CFD: 02/07/2013 - 13:11:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Enhancer
- O43 - CFD: 21/06/2014 - 12:59:15 - [] ----D C:\Users\Rehan\AppData\Roaming\11bitstudios
- O43 - CFD: 20/12/2013 - 22:12:28 - [] ----D C:\Users\Rehan\AppData\Roaming\bosonx
- O43 - CFD: 19/05/2012 - 13:00:08 - [] ----D C:\Users\Rehan\AppData\Roaming\CNC_Generals_World
- O43 - CFD: 15/12/2012 - 13:05:00 - [] ----D C:\Users\Rehan\AppData\Roaming\El Conjugador
- O43 - CFD: 10/01/2014 - 19:30:28 - [] ----D C:\Users\Rehan\AppData\Roaming\GetThemAll Receiver
- O43 - CFD: 07/03/2014 - 00:04:59 - [] ----D C:\Users\Rehan\AppData\Roaming\IPChangeEasy
- O43 - CFD: 14/06/2015 - 17:14:43 - [] ----D C:\Users\Rehan\AppData\Roaming\iterate_GmbH
- O43 - CFD: 29/03/2014 - 17:27:22 - [] ----D C:\Users\Rehan\AppData\Roaming\libraries
- O43 - CFD: 14/06/2015 - 17:14:43 - [] ----D C:\Users\Rehan\AppData\Roaming\LSBC5E9490
- O43 - CFD: 19/06/2013 - 15:45:18 - [] ----D C:\Users\Rehan\AppData\Roaming\Magic Set Editor
- O43 - CFD: 02/06/2012 - 13:19:13 - [] ----D C:\Users\Rehan\AppData\Roaming\ScripterRon
- O43 - CFD: 18/02/2014 - 20:47:54 - [] ----D C:\Users\Rehan\AppData\Roaming\steamvr
- O43 - CFD: 29/03/2014 - 17:27:16 - [] ----D C:\Users\Rehan\AppData\Roaming\versions
- O43 - CFD: 25/10/2014 - 14:14:10 - [] ----D C:\Users\Rehan\AppData\Roaming\VoiceAttack
- O43 - CFD: 23/11/2014 - 20:34:19 - [] ----D C:\Users\Rehan\AppData\Local\Ahri.tw
- O43 - CFD: 19/05/2012 - 12:59:56 - [] ----D C:\Users\Rehan\AppData\Local\CNC_Generals_World
- O43 - CFD: 27/04/2014 - 12:54:45 - [] ----D C:\Users\Rehan\AppData\Local\com.surfeasy.se0200
- O43 - CFD: 01/05/2014 - 12:58:37 - [] ----D C:\Users\Rehan\AppData\Local\Disc_Soft_Ltd
- O43 - CFD: 15/12/2012 - 13:05:00 - [] ----D C:\Users\Rehan\AppData\Local\El Conjugador
- O43 - CFD: 19/12/2014 - 19:02:15 - [] -SH-D C:\Users\Rehan\AppData\Local\EmieBrowserModeList
- O43 - CFD: 02/06/2012 - 12:44:01 - [] ----D C:\Users\Rehan\AppData\Local\jalada Just Translate
- O43 - CFD: 25/12/2014 - 12:53:47 - [] ----D C:\Users\Rehan\AppData\Local\mslugx
- O43 - CFD: 19/04/2015 - 13:11:04 - [] ----D C:\Users\Rehan\AppData\Local\openvr
- O43 - CFD: 13/07/2014 - 15:45:23 - [] ----D C:\Users\Rehan\AppData\Local\PickOut
- O43 - CFD: 18/06/2013 - 17:11:49 - [] ----D C:\Users\Rehan\AppData\Local\Video Enhancer
- O43 - CFD: 21/10/2014 - 22:17:16 - [] ----D C:\Users\Rehan\AppData\Local\VoiceAttack.com
- O43 - CFD: 19/05/2012 - 12:55:37 - [] ----D C:\Users\Rehan\AppData\Local\Xp3rt RepSaver
- O43 - CFD: 27/01/2014 - 22:03:56 - [] ----D C:\Users\Rehan\AppData\Local\_
- O43 - CFD: 02/07/2013 - 19:08:24 - [] ----D C:\Users\Rehan\AppData\Local\_
- O43 - CFD: 29/10/2013 - 11:45:06 - [0] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoD4-MW SP PeZBOT 009a
- O43 - CFD: 19/04/2015 - 13:13:19 - [] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Screen Capture Video
- O43 - CFD: 11/10/2014 - 11:29:33 - [0] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mu-Intensity
- O43 - CFD: 04/02/2013 - 21:12:20 - [] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Lockbox
- O43 - CFD: 05/02/2015 - 19:11:43 - [] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\omfg.gg
- O43 - CFD: 09/11/2013 - 17:13:32 - [] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Omnimo UI
- O43 - CFD: 13/06/2012 - 18:55:48 - [] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Selingua Columns
- O43 - CFD: 14/09/2013 - 14:54:17 - [] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Small Basic
- O43 - CFD: 28/04/2012 - 12:22:30 - [0] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TurboGo
- O43 - CFD: 26/12/2014 - 17:46:43 - [] --H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder
- ~ Program Folder: 742 Legitimates Filtered in 00mn 02s
- ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
- O44 - LFC:[MD5.19DA0BF5CB17E9B54D799736552E7CE8] - 14/06/2015 - 15:54:25 ---A- . (...) -- C:\bdlog.txt [393851]
- O44 - LFC:[MD5.F444966F3DF00292B7CF43F52D2BEA0B] - 14/06/2015 - 16:27:14 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [18736]
- O44 - LFC:[MD5.F444966F3DF00292B7CF43F52D2BEA0B] - 14/06/2015 - 16:27:14 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [18736]
- ~ Files: 12 Legitimates Filtered in 00mn 01s
- ---\\ Image File Execution Options (IFEO) (O50)
- O50 - IFEO:Image File Execution Options - CNC3.exe - (no data)
- O50 - IFEO:Image File Execution Options - generals.exe - (no data)
- O50 - IFEO:Image File Execution Options - RA3.exe - (no data)
- ~ IFEO: Scanned in 00mn 00s
- ---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
- O51 - MPSK:{444e8b8a-366f-11e2-8a00-6c626d9710e4}\AutoRun\command. (...) -- K:\OblivionLauncher.exe (.not file.)
- O51 - MPSK:{44f4d876-93d6-11e3-abe5-6c626d9710e4}\AutoRun\command. (...) -- G:\SETUP.exe (.not file.)
- O51 - MPSK:{871a43a7-e68f-11e0-bd30-6c626d9710e4}\AutoRun\command. (...) -- L:\setup_vmc_lite.exe (.not file.)
- O51 - MPSK:{871a43bf-e68f-11e0-bd30-6c626d9710e4}\AutoRun\command. (...) -- L:\setup_vmc_lite.exe (.not file.)
- ~ Keys: Scanned in 00mn 00s
- ---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
- O52 - TDSD: \Drivers32\"VIDC.FICV"="ficvdec_x64.dll" . (...) -- C:\Windows\System32\ficvdec_x64.dll
- O52 - TDSD: \Drivers32\"vidc.xtor"="DxtoryCodec.dll" . (.ExKode Co. Ltd. - Dxtory DirectShow and VFW Decoder.) -- C:\Windows\System32\DxtoryCodec.dll
- ~ TDSD: 8 Legitimates Filtered in 00mn 00s
- ---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
- O53 - SMSR:HKLM\...\startupreg\VDownloader [Key] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
- ~ SMSR Keys: 42 Legitimates Filtered in 00mn 00s
- ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
- O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
- O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
- O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0
- ~ MWPS: 20 Legitimates Filtered in 00mn 00s
- ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
- O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
- ~ MWPE Keys: 9 Legitimates Filtered in 00mn 00s
- ---\\ Liste des pilotes du système (SDL) (O58)
- O58 - SDL:02/06/2013 - 04:56:58 ---A- . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys [31920]
- O58 - SDL:28/06/2013 - 14:32:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
- O58 - SDL:28/06/2013 - 14:33:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
- O58 - SDL:28/06/2013 - 14:33:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
- O58 - SDL:01/10/2009 - 11:04:54 ---A- . (.C-Media Electronics Inc - C-Media Audio WDM Driver.) -- C:\Windows\System32\Drivers\CM10664.sys [1307648]
- O58 - SDL:14/07/2011 - 13:26:26 ---A- . (.C-Media Inc. - C-Media USB Audio Class Driver.) -- C:\Windows\System32\Drivers\CMUAC.SYS [111104]
- O58 - SDL:02/03/2010 - 00:59:50 ---A- . (...) -- C:\Windows\System32\Drivers\cpqdfw.sys [24376]
- O58 - SDL:02/03/2010 - 00:59:50 ---A- . (...) -- C:\Windows\System32\Drivers\cqcpu.sys [24376]
- O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
- O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
- O58 - SDL:31/01/2013 - 10:50:58 ---A- . (.ManyCam LLC - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv_x64.sys [28160]
- O58 - SDL:28/07/2014 - 15:06:24 ---A- . (.Visicom Media Inc. - ManyCam Virtual Webcam Driver.) -- C:\Windows\System32\Drivers\mcvidrv.sys [49264]
- O58 - SDL:11/10/2012 - 04:08:10 ---A- . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Windows\System32\Drivers\mcvidrv_x64.sys [44928]
- O58 - SDL:24/12/2014 - 02:52:55 ---A- . (.Windows (R) Win 7 DDK provider - Scanner Filter.) -- C:\Windows\System32\Drivers\mfmonitor_x64.sys [20696]
- O58 - SDL:09/11/2006 - 04:04:00 ---A- . (.Primax Electronics Ltd. - Mouse Suite Driver (For Windows 2000 and Whistler Only).) -- C:\Windows\System32\Drivers\PELMOUSE.SYS [26112]
- O58 - SDL:09/11/2006 - 04:04:00 ---A- . (.Primax Electronics Ltd. - PS/2 Mouse Filter Driver (For Windows 2000 Only).) -- C:\Windows\System32\Drivers\PELPS2M.SYS [27648]
- O58 - SDL:09/11/2006 - 04:04:00 ---A- . (.Primax Electronics Ltd. - USB Mouse Low Filter Driver(Win2000 only).) -- C:\Windows\System32\Drivers\PELUSBlf.SYS [23040]
- O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
- O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
- O58 - SDL:22/08/2013 - 13:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
- O58 - SDL:17/12/2013 - 22:14:20 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
- O58 - SDL:16/10/2013 - 21:51:52 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tapse01.sys [39608]
- O58 - SDL:13/12/2012 - 12:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
- O58 - SDL:11/07/2013 - 07:57:16 ---A- . (.Windows (R) Win 7 DDK provider - VB Virtual Audio Device.) -- C:\Windows\System32\Drivers\vbaudio_cable64_win7.sys [41192]
- O58 - SDL:24/06/2012 - 12:25:15 ---A- . (...) -- C:\Windows\SysWOW64\drivers\nocashio.sys [4096]
- ~ Drivers: 113 Legitimates Filtered in 00mn 00s
- ---\\ Liste des outils de désinfection (LATC) (O63)
- O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
- ~ ADS: Scanned in 00mn 00s
- ---\\ Liste les services legacy du registre (LALS) (O64)
- O64 - Services: CurCS - 15/10/2014 - C:\Windows\System32\DRIVERS\trufos.sys (trufos) .(.BitDefender S.R.L. - Trufos Kernel Module.) - LEGACY_TRUFOS
- ~ Legacy: 111 Legitimates Filtered in 00mn 00s
- ---\\ Menu de démarrage Internet (SMI) (O68)
- O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
- ~ Keys: Scanned in 00mn 00s
- ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
- O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
- ~ Keys: Scanned in 00mn 00s
- ---\\ Recherche particulière à la racine du système (SPRF) (O84)
- [MD5.87FE36C0EE708252BA57BEB14492B3FA] [SPRF][19/04/2015] (...) -- C:\ProgramData\1429445386.bdinstall.bin [870170]
- [MD5.D07AC207DF65E77BC4B22EEE05DACB67] [SPRF][25/04/2014] (...) -- C:\ProgramData\ntuser.dat [262144]
- [MD5.D56605A4F5CE2DBEBA1540304827B394] [SPRF][14/06/2015] (.Pas de propriétaire - AdwCleaner.) -- C:\Users\Rehan\Desktop\adwcleaner_4.206.exe [2231296]
- ~ Files: 6 Legitimates Filtered in 00mn 00s
- ---\\ Recherche de clés de registre CLSID (O101)
- [HKCR\CLSID\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] (SavePass) =>PUP.CrossRider
- ~ BCK: 5333 Legitimates Filtered in 00mn 10s
- ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
- SS - | Demand 17/05/2012 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
- SS - | Demand 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
- SS - | Demand 09/06/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- SS - | Auto 22/07/1658 0 | (AdvancedSystemCareService6) . (...) - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
- SS - | Demand 09/12/2014 78144 | (BdDesktopParental) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe
- SS - | Demand 24/07/2014 49152 | (BEService) . (...) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
- SS - | Demand 24/11/2014 2216208 | (Disc Soft Bus Service) . (.Disc Soft Ltd.) - C:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe
- SS - | Demand 22/07/1658 0 | (EasyAntiCheat) . (.EasyAntiCheat Ltd.) - C:\Windows\system32\EasyAntiCheat.exe
- SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
- SS - | Demand 28/03/2011 799800 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
- SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
- SS - | Demand 02/06/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
- SS - | Demand 29/10/2014 37176 | (OpenVPNService) . (.The OpenVPN Project.) - C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
- SS - | Demand 03/06/2015 1997168 | (Origin Client Service) . (.Electronic Arts.) - C:\Program Files (x86)\Origin\OriginClientService.exe
- SS - | Demand 04/05/2015 999152 | (OverwolfUpdater) . (.Overwolf LTD.) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
- SS - | Demand 11/06/2012 724376 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
- SS - | Auto 18/05/2014 24576 | (SetupARService) . (.Realtek Semiconductor..) - C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
- SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
- SS - | Demand 11/06/2015 837312 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
- SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
- SS - | Demand 17/01/2015 762320 | (TunngleService) . (.Tunngle.net GmbH.) - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
- SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
- SR - | Auto 03/09/2013 181152 | (AdobeActiveFileMonitor12.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
- SR - | Auto 22/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
- SR - | Auto 30/03/2015 2490216 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
- SR - | Auto 12/01/2015 9216 | (HiPatchService) . (.Hi-Rez Studios.) - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
- SR - | Auto 28/09/2010 107576 | (HP Power Assistant Service) . (...) - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
- SR - | Auto 21/06/2011 85560 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
- SR - | Auto 06/08/2010 291896 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
- SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
- SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
- SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
- SR - | Auto 04/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
- SR - | Auto 22/11/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
- SR - | Auto 30/03/2015 417552 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
- SR - | Auto 01/10/2009 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
- SR - | Auto 01/04/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
- SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
- SR - | Auto 12/05/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
- SR - | Auto 16/05/2013 1826592 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
- SR - | Auto 28/09/2010 1119768 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
- SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
- SR - | Auto 22/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
- SR - | Auto 08/07/2013 94624 | (SafeBox) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
- SR - | Auto 12/05/2013 413472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
- SR - | Auto 17/02/2015 5436176 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
- SR - | Auto 01/10/2009 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
- SR - | Auto 27/10/2014 67320 | (UPDATESRV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
- SR - | Auto 16/03/2015 1547936 | (VSSERV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
- SR - | Auto 04/06/2009 337144 | (WindowBlinds) . (.Stardock Corporation.) - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
- SR - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
- SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
- ~ Services: Scanned in 00mn 10s
- ---\\ Liste des émulateurs de CD/DVD (MBR Hook)
- O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
- ~ Emulateurs: Scanned in 00mn 10s
- ---\\ Scan Additionnel (O88)
- Database Version : 13008 - (31/05/2015)
- Clés trouvées (Keys found) : 0
- Valeurs trouvées (Values found) : 0
- Dossiers trouvés (Folders found) : 1
- Fichiers trouvés (Files found) : 1
- C:\Program Files (x86)\KMSPico 10.0.6 =>PUA.KMSpico^
- [HKCR\CLSID\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] (SavePass) =>PUP.CrossRider^
- ~ Additionnel Scan: 1213555 Items scanned in 00mn 38s
- ---\\ Informations complémentaires sur les modules
- ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
- ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
- ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
- ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
- ~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
- ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
- ~ AMI: 6 Legitimates Filtered in 00mn 00s
- ---\\ Récapitulatif des détections trouvées sur votre station
- http://nicolascoolman.fr/pup-kmspico =>PUA.KMSpico
- http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
- ~ MSI: 2 link(s) detected in 00mn 00s
- ~ 1814 Legitimates filtered by white list
- End of the scan (647 lines in 01mn 30s)(0.6)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement