API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 14th, 2015
616
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 47.22 KB | None | 0 0
raw download clone embed print report
  1. ~ Rapport de ZHPDiag v2015.6.4.54 - Nicolas Coolman (31/05/2015)
  2. ~ Lancé par Rehan (14/06/2015 17:51:42)
  3. ~ Facebook : https://www.facebook.com/nicolascoolman1
  4. ~ Adresse du Forum http://forum.nicolascoolman.fr
  5. ~ Traduit par Nicolas Coolman
  6. ~ Etat de la version : Version à jour.
  7. ~ Liste blanche : Activée par le programme
  8. ~ Elévation des Privilèges : OK
  9. ~ User Account Control (UAC): Deactivate by program
  10.  
  11.  
  12. ---\\ Navigateurs Internet
  13. MSIE: Internet Explorer v11.0.9600.17801
  14. MFIE: Mozilla Firefox 38.0.5 (Defaut)
  15.  
  16. ---\\ Informations sur les produits Windows
  17. ~ Langage: Français
  18. Windows Server License Manager Script : OK
  19. Software Protection Service (Protection logicielle) : KO
  20. Windows Automatic Updates : OK
  21. Windows Activation Technologies : OK
  22. Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
  23.  
  24. ---\\ Logiciels de protection du système
  25. Bitdefender Total Security 2015 v18.22.0.1521
  26. Windows Defender W7 (Deactivate)
  27.  
  28. ---\\ Logiciels d'optimisation du système
  29. CCleaner v5.01
  30.  
  31. ---\\ Logiciels de partage PeerToPeer
  32. qBittorrent 3.1.12 v3.1.12 =>P2P.BitTorrent
  33.  
  34. ---\\ Surveillance de Logiciels
  35. Adobe Flash Player 17 NPAPI
  36. Adobe Reader XI
  37.  
  38. ---\\ Informations sur le système
  39. ~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
  40. ~ Operating System: 64 Bits
  41. Boot mode: Normal (Normal boot)
  42. Total RAM: 6007 MB (48% free)
  43. System Restore: Activé (Enable)
  44. System drive C: has 303 GB (33%) free of 918 GB
  45.  
  46. ---\\ Mode de connexion au système
  47. ~ Computer Name: REHAN-MASTER
  48. ~ User Name: Rehan
  49. ~ All Users Names: UpdatusUser, Rehan, HomeGroupUser$, Administrateur,
  50. ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
  51. Logged in as Administrator
  52.  
  53. ---\\ Variables d'environnement
  54. ~ System Unit : C:\
  55. ~ %AppZHP% : C:\Users\Rehan\AppData\Roaming\ZHP\
  56. ~ %AppData% : C:\Users\Rehan\AppData\Roaming\
  57. ~ %Desktop% : C:\Users\Rehan\Desktop\
  58. ~ %Favorites% : C:\Users\Rehan\Favorites\
  59. ~ %LocalAppData% : C:\Users\Rehan\AppData\Local\
  60. ~ %StartMenu% : C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\
  61. ~ %Windir% : C:\Windows\
  62. ~ %System% : C:\Windows\System32\
  63.  
  64. ---\\ Enumération des unités disques
  65. C: Hard drive, Flash drive, Thumb drive (Free 303 Go of 918 Go)
  66. D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)
  67. E: Hard drive, Flash drive, Thumb drive (Free 79 Go of 932 Go)
  68. F: CD-ROM drive (Not Inserted)
  69. I: Floppy drive, Flash card reader, USB Key (Not Inserted)
  70. J: Floppy drive, Flash card reader, USB Key (Not Inserted)
  71. L: Floppy drive, Flash card reader, USB Key (Not Inserted)
  72. M: Floppy drive, Flash card reader, USB Key (Not Inserted)
  73.  
  74.  
  75.  
  76. ---\\ Etat du Centre de Sécurité Windows
  77. [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
  78. [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowNetConn: Modified
  79. [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
  80. ~ Security Center: 49 Legitimates Filtered in 00mn 00s
  81.  
  82.  
  83.  
  84. ---\\ Recherche particulière de fichiers génériques
  85. [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
  86. [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
  87. [MD5.F0289B3A341429117696F0279DA977B6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2015 - 16:27:25.) -- C:\Windows\System32\wininet.dll [2352128]
  88. [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
  89. [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
  90. [MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
  91. [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
  92. [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
  93. [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
  94. [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
  95. [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
  96. [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
  97. [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
  98. [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
  99. [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
  100. [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
  101. [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
  102. [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
  103. [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
  104. [MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
  105. [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
  106. ~ Generic Processes: Scanned in 00mn 00s
  107.  
  108.  
  109.  
  110. ---\\ Etat des fichiers cachés (Caché/Total)
  111. ~ Mes images (My Pictures) : 2/65
  112. ~ Mes musiques (My Musics) : 1/1219
  113. ~ Mes Videos (My Videos) : 2/19
  114. ~ Mes Favoris (My Favorites) : 1/5
  115. ~ Mes Documents (My Documents) : 3/42192
  116. ~ Mon Bureau (My Desktop) : 9/1129
  117. ~ Menu demarrer (Programs) : 1/90
  118. ~ Hidden Files: Scanned in 00mn 07s
  119.  
  120.  
  121.  
  122. ---\\ Processus lancés
  123. [MD5.F575A5AC8F4D2BE570CB095B3DD87B1A] - (.NVIDIA Corporation - NVIDIA Update COM object.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe [1213216] [PID.4024]
  124. [MD5.F4A755E3A99F4F2324FC2138D30F01B4] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600] [PID.4212]
  125. [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.2000]
  126. [MD5.44A9229022A519ED45294A1934C05EEC] - (.Flux Software LLC - f.lux.) -- C:\Users\Rehan\AppData\Local\FluxSoftware\Flux\flux.exe [1017224] [PID.4456]
  127. [MD5.34084D25BE6F48D072AA54DE630438FD] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896] [PID.5256]
  128. [MD5.E217E93D3056019E540C79F9218166C8] - (.Pas de propriétaire - CmEye MFC Application.) -- C:\Windows\system\Cm106eye.exe [221184] [PID.5352]
  129. [MD5.3B1CB9F8458B5920B935219F80003613] - (.Bitdefender - Wallet Apps Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\bdwtxapps.exe [281048] [PID.5480]
  130. [MD5.923FE895B22B22A9CA03C72F3D15CE20] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.2752]
  131. [MD5.2AA1614EE07205B6E508358CEC3DC39F] - (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Users\Rehan\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe [9266120] [PID.3512]
  132. [MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8214016] [PID.6684]
  133. [MD5.9B660F85D4B9FE235DBD45A39CC76F8A] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [270960] [PID.6808]
  134. [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [7168] [PID.4260]
  135. [MD5.0887B293199AA2055888FABA989ED0A6] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [413472] [PID.980]
  136. [MD5.FECA9F830A5C6BAB9978E6781A26AE2B] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816] [PID.1540]
  137. [MD5.5B33709F7FE59BB625F113EED86AFC5C] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672] [PID.2064]
  138. [MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.2176]
  139. [MD5.FA4A45C179AB0E0F1A31B9751D4B18D7] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2976]
  140. [MD5.E38775922D4A4C05B5D96733AB4CE169] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.3060]
  141. [MD5.A9AFE5B0648C8D7A411A72D8222F7F6E] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1826592] [PID.3228]
  142. [MD5.12B7C7668E6441529E087D1D0E1E032A] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768] [PID.3264]
  143. [MD5.831883B107684301F48ACE752C963984] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [66872] [PID.3344]
  144. [MD5.E1E13735B6D2FE4FFEAEB91989B9C46F] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176] [PID.3584]
  145. [MD5.4BA3BFF03B1A10E49B590BE3C4D79C10] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 12.0 (component).) -- C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152] [PID.6576]
  146. [MD5.F13EC8A783E0CB0D6DC26A3CA848B7B8] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [67224] [PID.5728]
  147. [MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.4852]
  148. [MD5.02C298382359653BEC4C737C2AB7F9C5] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.6992]
  149. ~ Processes Running: Scanned in 00mn 00s
  150.  
  151.  
  152.  
  153. ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
  154. M2 - MFEP: Extension [Rehan - ne8iq2dt.default] client@anonymox.net.xpi
  155. M2 - MFEP: Extension [Rehan - ne8iq2dt.default] firefox@corobizar.com.xpi
  156. M2 - MFEP: Extension [Rehan - ne8iq2dt.default] info@djzig.com
  157. M2 - MFEP: Extension [Rehan - ne8iq2dt.default] jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi
  158. M2 - MFEP: Extension [Rehan - ne8iq2dt.default] {77d2ed30-4cd2-11e0-b8af-0800200c9a66}
  159. P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
  160. P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)
  161. ~ Firefox Browser: 35 Legitimates Filtered in 00mn 00s
  162.  
  163.  
  164.  
  165. ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
  166. R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
  167. ~ IE Browser: 13 Legitimates Filtered in 00mn 00s
  168.  
  169.  
  170.  
  171. ---\\ Internet Explorer, Proxy Management (R5)
  172. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
  173. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 117.165.40.75:8123
  174. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
  175. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
  176. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
  177. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
  178. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
  179. ~ Proxy management: Scanned in 00mn 00s
  180.  
  181.  
  182.  
  183. ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
  184. F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
  185. F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
  186. F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
  187. ~ Keys: Scanned in 00mn 00s
  188.  
  189.  
  190.  
  191. ---\\ Hosts file redirection (O1)
  192. ~ Le fichier hôte est sain (The hosts file is clean) (21)
  193. ~ Hosts File: Scanned in 00mn 00s
  194.  
  195.  
  196.  
  197. ---\\ Browser Helper Objects de navigateur (O2)
  198. O2 - BHO: Adblock Plus for IE Browser Helper Object [64Bits] - {FFCB3198-32F3-4E8B-9539-4324694ED664} . (.Adblock Plus - Adblock Plus Module.) -- C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
  199. ~ BHO: 18 Legitimates Filtered in 00mn 00s
  200.  
  201.  
  202.  
  203. ---\\ Internet Explorer Toolbars (O3)
  204. O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
  205. O3 - Toolbar: Bitdefender Wallet - [HKLM]{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} . (.Bitdefender - Bitdefender Password Manager Internet Explo.) -- C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll
  206. O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
  207. O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Clé orpheline
  208. O3 - Toolbar\WebBrowser: (no name) - [HKCU]{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} Clé orpheline
  209. ~ Toolbar: Scanned in 00mn 00s
  210.  
  211.  
  212.  
  213. ---\\ Applications lancées au démarrage du système (O4)
  214. O4 - HKLM\..\Run: [Cm106Sound] . (.C-Media Corporation - CmiCnfg DLL.) -- C:\Windows\Syswow64\cm106.dll
  215. O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] . (.Primax Electronics Ltd. - Mouse Suite 98 Daemon.) -- C:\Windows\System32\ICO.exe
  216. O4 - HKLM\..\Run: [Bdagent] . (.Bitdefender - Bitdefender Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
  217. O4 - HKCU\..\Run: [f.lux] . (.Flux Software LLC - f.lux.) -- C:\Users\Rehan\AppData\Local\FluxSoftware\Flux\flux.exe
  218. O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
  219. O4 - HKCU\..\Run: [Bitdefender Wallet Agent] . (.Bitdefender - Bitdefender Wallet Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
  220. O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
  221. O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
  222. O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
  223. O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
  224. O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
  225. O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
  226. O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
  227. O4 - HKUS\S-1-5-21-4111806079-4223490122-3399138093-1000\..\Run: [f.lux] . (.Flux Software LLC - f.lux.) -- C:\Users\Rehan\AppData\Local\FluxSoftware\Flux\flux.exe
  228. O4 - HKUS\S-1-5-21-4111806079-4223490122-3399138093-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
  229. O4 - HKUS\S-1-5-21-4111806079-4223490122-3399138093-1000\..\Run: [Bitdefender Wallet Agent] . (.Bitdefender - Bitdefender Wallet Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
  230. O4 - HKUS\S-1-5-21-4111806079-4223490122-3399138093-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
  231. ~ Application: Scanned in 00mn 00s
  232.  
  233.  
  234.  
  235. ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
  236. O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office15\ONBttnIE.dll (.not file.)
  237. O9 - Extra button: Cliquer pour appeler Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office\Office15\lync.exe
  238. O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office15\ONBTTN~1.dll (.not file.)
  239. O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
  240. ~ IE Extra Buttons: Scanned in 00mn 00s
  241.  
  242.  
  243.  
  244. ---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
  245. O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
  246. O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com
  247. O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com
  248. O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com
  249. O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com
  250. ~ IE Zone Confiance: Scanned in 00mn 00s
  251.  
  252.  
  253.  
  254. ---\\ Modification Domaine/Adresses DNS (O17)
  255. O17 - HKLM\System\CCS\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
  256. O17 - HKLM\System\CCS\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: DhcpNameServer = 192.168.1.254
  257. O17 - HKLM\System\CCS\Services\Tcpip\..\{1A295C8F-DC4D-4F02-8E2C-D0A693558E45}: DhcpNameServer = 7.254.254.254
  258. O17 - HKLM\System\CCS\Services\Tcpip\..\{435E6C4F-93F1-4921-9EC3-E70C2D8D7E15}: DhcpNameServer = 172.20.2.39 172.20.2.10
  259. O17 - HKLM\System\CCS\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: DhcpDomain = lan
  260. O17 - HKLM\System\CS1\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
  261. O17 - HKLM\System\CS1\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: DhcpNameServer = 192.168.1.254
  262. O17 - HKLM\System\CS1\Services\Tcpip\..\{1A295C8F-DC4D-4F02-8E2C-D0A693558E45}: DhcpNameServer = 7.254.254.254
  263. O17 - HKLM\System\CS1\Services\Tcpip\..\{435E6C4F-93F1-4921-9EC3-E70C2D8D7E15}: DhcpNameServer = 172.20.2.39 172.20.2.10
  264. O17 - HKLM\System\CS1\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: DhcpDomain = lan
  265. O17 - HKLM\System\CS2\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
  266. O17 - HKLM\System\CS2\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: DhcpNameServer = 192.168.1.254
  267. O17 - HKLM\System\CS2\Services\Tcpip\..\{1A295C8F-DC4D-4F02-8E2C-D0A693558E45}: DhcpNameServer = 7.254.254.254
  268. O17 - HKLM\System\CS2\Services\Tcpip\..\{435E6C4F-93F1-4921-9EC3-E70C2D8D7E15}: DhcpNameServer = 172.20.2.39 172.20.2.10
  269. O17 - HKLM\System\CS2\Services\Tcpip\..\{1353E15A-93D3-4CB4-B9D1-F15F159D23E6}: DhcpDomain = lan
  270. O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
  271. ~ Domain: Scanned in 00mn 00s
  272.  
  273.  
  274.  
  275. ---\\ Protocole additionnel (O18)
  276. O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
  277. O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
  278. ~ Protocole Additionnel: Scanned in 00mn 00s
  279.  
  280.  
  281.  
  282. ---\\ Liste des services NT non Microsoft et non désactivés (O23)
  283. O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) . (...) - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (.not file.)
  284. ~ Services: 24 Legitimates Filtered in 00mn 09s
  285.  
  286.  
  287.  
  288. ---\\ Tâches planifiées en automatique (O39)
  289. O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
  290. O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4111806079-4223490122-3399138093-1000Core [906]
  291. O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4111806079-4223490122-3399138093-1000UA [928]
  292. O39 - APT: - (..) -- C:\Windows\System32\Tasks\HP Photo Creations Messager [256]
  293. O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForRehan [332]
  294. ~ Scheduled Task: 5 Legitimates Filtered in 00mn 00s
  295.  
  296.  
  297.  
  298. ---\\ Logiciels installés (O42)
  299. O42 - Logiciel: BLOCKADE 3D - (.Shumkov Dmitriy.) [HKLM][64Bits] -- Steam App 302830
  300. O42 - Logiciel: C&C:Online - (.Revora.) [HKLM][64Bits] -- {1298F091-2180-4779-BDA0-1176247252D0}
  301. O42 - Logiciel: C9 - (.WEBZEN.) [HKLM][64Bits] -- C9(Continent of the Ninth Seal)_is1
  302. O42 - Logiciel: Evolve - (.Turtle Rock Studios.) [HKLM][64Bits] -- Steam App 273350
  303. O42 - Logiciel: KnightShift - (...) [HKLM][64Bits] -- Steam App 254060
  304. O42 - Logiciel: My Lockbox 2.8 - (...) [HKLM][64Bits] -- My Lockbox_is1
  305. O42 - Logiciel: Robocraft - (.Freejam.) [HKLM][64Bits] -- Steam App 301520
  306. O42 - Logiciel: SpeedRunners - (.DoubleDutch Games.) [HKLM][64Bits] -- Steam App 207140
  307. O42 - Logiciel: The Escapists - (.Mouldy Toof Studios.) [HKLM][64Bits] -- Steam App 298630
  308. O42 - Logiciel: Ultimatest Battle - (.UNKNOWN.) [HKLM][64Bits] -- com.edioromeh.ub
  309. O42 - Logiciel: Ultimatest Battle - (.UNKNOWN.) [HKLM][64Bits] -- {9C063B05-1B97-C00A-E1D0-CF7DB113A391}
  310. O42 - Logiciel: Unturned - (.Nelson Sexton.) [HKLM][64Bits] -- Steam App 304930
  311. O42 - Logiciel: Video Enhancer 1.9.2 - (.Dee Mon.) [HKLM][64Bits] -- Video Enhancer_is1
  312. ~ Logic: 62 Legitimates Filtered in 00mn 02s
  313.  
  314.  
  315.  
  316. ---\\ HKCU & HKLM Software Keys
  317. [HKCU\Software\ARAR]
  318. [HKCU\Software\Boneloaf]
  319. [HKCU\Software\CFS-Technologies]
  320. [HKCU\Software\Clock Tower Interactive ]
  321. [HKCU\Software\CoGenMedia]
  322. [HKCU\Software\Dee Mon]
  323. [HKCU\Software\Drivers]
  324. [HKCU\Software\El Conjugador]
  325. [HKCU\Software\ElConjugador]
  326. [HKCU\Software\Freejam]
  327. [HKCU\Software\Mojang]
  328. [HKCU\Software\NLDT]
  329. [HKCU\Software\Pando Networks]
  330. [HKCU\Software\Revora]
  331. [HKCU\Software\SanDan]
  332. [HKCU\Software\Smartly Dressed Games]
  333. [HKCU\Software\SmashGames]
  334. [HKCU\Software\System32]
  335. [HKCU\Software\VIVACITY.be]
  336. [HKCU\Software\VoiceAttack.com]
  337. [HKCU\Software\Win]
  338. [HKCU\Software\bsa commander]
  339. [HKCU\Software\eu.jalada]
  340. [HKCU\Software\fif]
  341. [HKCU\Software\iLLectronic]
  342. [HKCU\Software\spookie]
  343. [HKLM\Software\Spyshelter]
  344. [HKLM\Software\VB-Audio]
  345. [HKLM\Software\Wow6432Node\ARTDINK]
  346. [HKLM\Software\Wow6432Node\BoL]
  347. [HKLM\Software\Wow6432Node\DicterRu]
  348. [HKLM\Software\Wow6432Node\El Conjugador]
  349. [HKLM\Software\Wow6432Node\Mojang]
  350. [HKLM\Software\Wow6432Node\One Voice Technologies]
  351. [HKLM\Software\Wow6432Node\Pando Networks]
  352. [HKLM\Software\Wow6432Node\Revora]
  353. [HKLM\Software\Wow6432Node\SJBBB]
  354. [HKLM\Software\ree7]
  355. ~ Key Software: 933 Legitimates Filtered in 00mn 02s
  356.  
  357.  
  358.  
  359. ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
  360. O43 - CFD: 22/07/2013 - 10:51:26 - [0] ----D C:\Program Files (x86)\Agven
  361. O43 - CFD: 01/02/2015 - 19:50:25 - [] ----D C:\Program Files (x86)\AppInsights
  362. O43 - CFD: 25/11/2013 - 02:33:32 - [] ----D C:\Program Files (x86)\AV Voice Changer 8.0 Diamond
  363. O43 - CFD: 19/02/2014 - 20:57:06 - [] ----D C:\Program Files (x86)\craigworks
  364. O43 - CFD: 09/05/2015 - 13:48:35 - [] ----D C:\Program Files (x86)\KMSPico 10.0.6 =>PUA.KMSpico
  365. O43 - CFD: 28/06/2011 - 13:53:15 - [] ----D C:\Program Files (x86)\Music Mixer
  366. O43 - CFD: 07/03/2014 - 13:19:49 - [] ----D C:\Program Files (x86)\ree7
  367. O43 - CFD: 17/01/2015 - 11:55:41 - [] ----D C:\Program Files (x86)\Revora
  368. O43 - CFD: 28/07/2014 - 18:09:26 - [] ----D C:\Program Files (x86)\Sanny Builder 3
  369. O43 - CFD: 14/06/2015 - 17:16:28 - [] ----D C:\Program Files (x86)\SCANIA Truck Driving Simulator
  370. O43 - CFD: 13/06/2012 - 18:56:56 - [] ----D C:\Program Files (x86)\SelinguaColumns
  371. O43 - CFD: 29/07/2014 - 19:57:52 - [] ----D C:\Program Files (x86)\Suce mon boul biatch
  372. O43 - CFD: 14/06/2015 - 17:16:31 - [] ----D C:\Program Files (x86)\UB
  373. O43 - CFD: 14/06/2015 - 17:16:31 - [] ----D C:\Program Files (x86)\Video Enhancer
  374. O43 - CFD: 27/02/2013 - 19:30:18 - [] ----D C:\Program Files (x86)\WorkHorse Games
  375. O43 - CFD: 15/12/2012 - 13:05:00 - [] ----D C:\ProgramData\El Conjugador
  376. O43 - CFD: 18/05/2014 - 18:18:01 - [] ----D C:\ProgramData\FaceLift
  377. O43 - CFD: 27/04/2014 - 12:53:41 - [] ----D C:\ProgramData\SurfEasy VPN
  378. O43 - CFD: 27/04/2014 - 12:54:10 - [] ----D C:\ProgramData\SurfEasyService
  379. O43 - CFD: 22/06/2011 - 18:29:57 - [0] --H-D C:\ProgramData\{0ACE0403-C75D-488C-A403-7A57E9848B62}
  380. O43 - CFD: 23/04/2014 - 23:41:40 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C9
  381. O43 - CFD: 13/01/2011 - 02:50:18 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
  382. O43 - CFD: 24/12/2014 - 16:23:45 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magicite
  383. O43 - CFD: 01/02/2011 - 17:33:13 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manuel de l’utilisateur
  384. O43 - CFD: 05/10/2012 - 19:09:56 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sayz Me
  385. O43 - CFD: 28/07/2012 - 15:49:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCANIA Truck Driving Simulator
  386. O43 - CFD: 14/07/2009 - 09:44:38 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
  387. O43 - CFD: 28/04/2012 - 12:22:30 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboGo
  388. O43 - CFD: 02/07/2013 - 13:11:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Enhancer
  389. O43 - CFD: 21/06/2014 - 12:59:15 - [] ----D C:\Users\Rehan\AppData\Roaming\11bitstudios
  390. O43 - CFD: 20/12/2013 - 22:12:28 - [] ----D C:\Users\Rehan\AppData\Roaming\bosonx
  391. O43 - CFD: 19/05/2012 - 13:00:08 - [] ----D C:\Users\Rehan\AppData\Roaming\CNC_Generals_World
  392. O43 - CFD: 15/12/2012 - 13:05:00 - [] ----D C:\Users\Rehan\AppData\Roaming\El Conjugador
  393. O43 - CFD: 10/01/2014 - 19:30:28 - [] ----D C:\Users\Rehan\AppData\Roaming\GetThemAll Receiver
  394. O43 - CFD: 07/03/2014 - 00:04:59 - [] ----D C:\Users\Rehan\AppData\Roaming\IPChangeEasy
  395. O43 - CFD: 14/06/2015 - 17:14:43 - [] ----D C:\Users\Rehan\AppData\Roaming\iterate_GmbH
  396. O43 - CFD: 29/03/2014 - 17:27:22 - [] ----D C:\Users\Rehan\AppData\Roaming\libraries
  397. O43 - CFD: 14/06/2015 - 17:14:43 - [] ----D C:\Users\Rehan\AppData\Roaming\LSBC5E9490
  398. O43 - CFD: 19/06/2013 - 15:45:18 - [] ----D C:\Users\Rehan\AppData\Roaming\Magic Set Editor
  399. O43 - CFD: 02/06/2012 - 13:19:13 - [] ----D C:\Users\Rehan\AppData\Roaming\ScripterRon
  400. O43 - CFD: 18/02/2014 - 20:47:54 - [] ----D C:\Users\Rehan\AppData\Roaming\steamvr
  401. O43 - CFD: 29/03/2014 - 17:27:16 - [] ----D C:\Users\Rehan\AppData\Roaming\versions
  402. O43 - CFD: 25/10/2014 - 14:14:10 - [] ----D C:\Users\Rehan\AppData\Roaming\VoiceAttack
  403. O43 - CFD: 23/11/2014 - 20:34:19 - [] ----D C:\Users\Rehan\AppData\Local\Ahri.tw
  404. O43 - CFD: 19/05/2012 - 12:59:56 - [] ----D C:\Users\Rehan\AppData\Local\CNC_Generals_World
  405. O43 - CFD: 27/04/2014 - 12:54:45 - [] ----D C:\Users\Rehan\AppData\Local\com.surfeasy.se0200
  406. O43 - CFD: 01/05/2014 - 12:58:37 - [] ----D C:\Users\Rehan\AppData\Local\Disc_Soft_Ltd
  407. O43 - CFD: 15/12/2012 - 13:05:00 - [] ----D C:\Users\Rehan\AppData\Local\El Conjugador
  408. O43 - CFD: 19/12/2014 - 19:02:15 - [] -SH-D C:\Users\Rehan\AppData\Local\EmieBrowserModeList
  409. O43 - CFD: 02/06/2012 - 12:44:01 - [] ----D C:\Users\Rehan\AppData\Local\jalada Just Translate
  410. O43 - CFD: 25/12/2014 - 12:53:47 - [] ----D C:\Users\Rehan\AppData\Local\mslugx
  411. O43 - CFD: 19/04/2015 - 13:11:04 - [] ----D C:\Users\Rehan\AppData\Local\openvr
  412. O43 - CFD: 13/07/2014 - 15:45:23 - [] ----D C:\Users\Rehan\AppData\Local\PickOut
  413. O43 - CFD: 18/06/2013 - 17:11:49 - [] ----D C:\Users\Rehan\AppData\Local\Video Enhancer
  414. O43 - CFD: 21/10/2014 - 22:17:16 - [] ----D C:\Users\Rehan\AppData\Local\VoiceAttack.com
  415. O43 - CFD: 19/05/2012 - 12:55:37 - [] ----D C:\Users\Rehan\AppData\Local\Xp3rt RepSaver
  416. O43 - CFD: 27/01/2014 - 22:03:56 - [] ----D C:\Users\Rehan\AppData\Local\_
  417. O43 - CFD: 02/07/2013 - 19:08:24 - [] ----D C:\Users\Rehan\AppData\Local\_
  418. O43 - CFD: 29/10/2013 - 11:45:06 - [0] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoD4-MW SP PeZBOT 009a
  419. O43 - CFD: 19/04/2015 - 13:13:19 - [] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Screen Capture Video
  420. O43 - CFD: 11/10/2014 - 11:29:33 - [0] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mu-Intensity
  421. O43 - CFD: 04/02/2013 - 21:12:20 - [] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Lockbox
  422. O43 - CFD: 05/02/2015 - 19:11:43 - [] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\omfg.gg
  423. O43 - CFD: 09/11/2013 - 17:13:32 - [] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Omnimo UI
  424. O43 - CFD: 13/06/2012 - 18:55:48 - [] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Selingua Columns
  425. O43 - CFD: 14/09/2013 - 14:54:17 - [] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Small Basic
  426. O43 - CFD: 28/04/2012 - 12:22:30 - [0] ----D C:\Users\Rehan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TurboGo
  427. O43 - CFD: 26/12/2014 - 17:46:43 - [] --H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder
  428. ~ Program Folder: 742 Legitimates Filtered in 00mn 02s
  429.  
  430.  
  431.  
  432. ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
  433. O44 - LFC:[MD5.19DA0BF5CB17E9B54D799736552E7CE8] - 14/06/2015 - 15:54:25 ---A- . (...) -- C:\bdlog.txt [393851]
  434. O44 - LFC:[MD5.F444966F3DF00292B7CF43F52D2BEA0B] - 14/06/2015 - 16:27:14 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [18736]
  435. O44 - LFC:[MD5.F444966F3DF00292B7CF43F52D2BEA0B] - 14/06/2015 - 16:27:14 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [18736]
  436. ~ Files: 12 Legitimates Filtered in 00mn 01s
  437.  
  438.  
  439.  
  440. ---\\ Image File Execution Options (IFEO) (O50)
  441. O50 - IFEO:Image File Execution Options - CNC3.exe - (no data)
  442. O50 - IFEO:Image File Execution Options - generals.exe - (no data)
  443. O50 - IFEO:Image File Execution Options - RA3.exe - (no data)
  444. ~ IFEO: Scanned in 00mn 00s
  445.  
  446.  
  447.  
  448. ---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
  449. O51 - MPSK:{444e8b8a-366f-11e2-8a00-6c626d9710e4}\AutoRun\command. (...) -- K:\OblivionLauncher.exe (.not file.)
  450. O51 - MPSK:{44f4d876-93d6-11e3-abe5-6c626d9710e4}\AutoRun\command. (...) -- G:\SETUP.exe (.not file.)
  451. O51 - MPSK:{871a43a7-e68f-11e0-bd30-6c626d9710e4}\AutoRun\command. (...) -- L:\setup_vmc_lite.exe (.not file.)
  452. O51 - MPSK:{871a43bf-e68f-11e0-bd30-6c626d9710e4}\AutoRun\command. (...) -- L:\setup_vmc_lite.exe (.not file.)
  453. ~ Keys: Scanned in 00mn 00s
  454.  
  455.  
  456.  
  457. ---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
  458. O52 - TDSD: \Drivers32\"VIDC.FICV"="ficvdec_x64.dll" . (...) -- C:\Windows\System32\ficvdec_x64.dll
  459. O52 - TDSD: \Drivers32\"vidc.xtor"="DxtoryCodec.dll" . (.ExKode Co. Ltd. - Dxtory DirectShow and VFW Decoder.) -- C:\Windows\System32\DxtoryCodec.dll
  460. ~ TDSD: 8 Legitimates Filtered in 00mn 00s
  461.  
  462.  
  463.  
  464. ---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
  465. O53 - SMSR:HKLM\...\startupreg\VDownloader [Key] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
  466. ~ SMSR Keys: 42 Legitimates Filtered in 00mn 00s
  467.  
  468.  
  469.  
  470. ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
  471. O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
  472. O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
  473. O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0
  474. ~ MWPS: 20 Legitimates Filtered in 00mn 00s
  475.  
  476.  
  477.  
  478. ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
  479. O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
  480. ~ MWPE Keys: 9 Legitimates Filtered in 00mn 00s
  481.  
  482.  
  483.  
  484. ---\\ Liste des pilotes du système (SDL) (O58)
  485. O58 - SDL:02/06/2013 - 04:56:58 ---A- . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys [31920]
  486. O58 - SDL:28/06/2013 - 14:32:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
  487. O58 - SDL:28/06/2013 - 14:33:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
  488. O58 - SDL:28/06/2013 - 14:33:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
  489. O58 - SDL:01/10/2009 - 11:04:54 ---A- . (.C-Media Electronics Inc - C-Media Audio WDM Driver.) -- C:\Windows\System32\Drivers\CM10664.sys [1307648]
  490. O58 - SDL:14/07/2011 - 13:26:26 ---A- . (.C-Media Inc. - C-Media USB Audio Class Driver.) -- C:\Windows\System32\Drivers\CMUAC.SYS [111104]
  491. O58 - SDL:02/03/2010 - 00:59:50 ---A- . (...) -- C:\Windows\System32\Drivers\cpqdfw.sys [24376]
  492. O58 - SDL:02/03/2010 - 00:59:50 ---A- . (...) -- C:\Windows\System32\Drivers\cqcpu.sys [24376]
  493. O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
  494. O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
  495. O58 - SDL:31/01/2013 - 10:50:58 ---A- . (.ManyCam LLC - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv_x64.sys [28160]
  496. O58 - SDL:28/07/2014 - 15:06:24 ---A- . (.Visicom Media Inc. - ManyCam Virtual Webcam Driver.) -- C:\Windows\System32\Drivers\mcvidrv.sys [49264]
  497. O58 - SDL:11/10/2012 - 04:08:10 ---A- . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Windows\System32\Drivers\mcvidrv_x64.sys [44928]
  498. O58 - SDL:24/12/2014 - 02:52:55 ---A- . (.Windows (R) Win 7 DDK provider - Scanner Filter.) -- C:\Windows\System32\Drivers\mfmonitor_x64.sys [20696]
  499. O58 - SDL:09/11/2006 - 04:04:00 ---A- . (.Primax Electronics Ltd. - Mouse Suite Driver (For Windows 2000 and Whistler Only).) -- C:\Windows\System32\Drivers\PELMOUSE.SYS [26112]
  500. O58 - SDL:09/11/2006 - 04:04:00 ---A- . (.Primax Electronics Ltd. - PS/2 Mouse Filter Driver (For Windows 2000 Only).) -- C:\Windows\System32\Drivers\PELPS2M.SYS [27648]
  501. O58 - SDL:09/11/2006 - 04:04:00 ---A- . (.Primax Electronics Ltd. - USB Mouse Low Filter Driver(Win2000 only).) -- C:\Windows\System32\Drivers\PELUSBlf.SYS [23040]
  502. O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
  503. O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
  504. O58 - SDL:22/08/2013 - 13:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
  505. O58 - SDL:17/12/2013 - 22:14:20 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
  506. O58 - SDL:16/10/2013 - 21:51:52 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tapse01.sys [39608]
  507. O58 - SDL:13/12/2012 - 12:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
  508. O58 - SDL:11/07/2013 - 07:57:16 ---A- . (.Windows (R) Win 7 DDK provider - VB Virtual Audio Device.) -- C:\Windows\System32\Drivers\vbaudio_cable64_win7.sys [41192]
  509. O58 - SDL:24/06/2012 - 12:25:15 ---A- . (...) -- C:\Windows\SysWOW64\drivers\nocashio.sys [4096]
  510. ~ Drivers: 113 Legitimates Filtered in 00mn 00s
  511.  
  512.  
  513.  
  514. ---\\ Liste des outils de désinfection (LATC) (O63)
  515. O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
  516. ~ ADS: Scanned in 00mn 00s
  517.  
  518.  
  519.  
  520. ---\\ Liste les services legacy du registre (LALS) (O64)
  521. O64 - Services: CurCS - 15/10/2014 - C:\Windows\System32\DRIVERS\trufos.sys (trufos) .(.BitDefender S.R.L. - Trufos Kernel Module.) - LEGACY_TRUFOS
  522. ~ Legacy: 111 Legitimates Filtered in 00mn 00s
  523.  
  524.  
  525.  
  526. ---\\ Menu de démarrage Internet (SMI) (O68)
  527. O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  528. O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
  529. ~ Keys: Scanned in 00mn 00s
  530.  
  531.  
  532.  
  533. ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
  534. O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
  535. ~ Keys: Scanned in 00mn 00s
  536.  
  537.  
  538.  
  539. ---\\ Recherche particulière à la racine du système (SPRF) (O84)
  540. [MD5.87FE36C0EE708252BA57BEB14492B3FA] [SPRF][19/04/2015] (...) -- C:\ProgramData\1429445386.bdinstall.bin [870170]
  541. [MD5.D07AC207DF65E77BC4B22EEE05DACB67] [SPRF][25/04/2014] (...) -- C:\ProgramData\ntuser.dat [262144]
  542. [MD5.D56605A4F5CE2DBEBA1540304827B394] [SPRF][14/06/2015] (.Pas de propriétaire - AdwCleaner.) -- C:\Users\Rehan\Desktop\adwcleaner_4.206.exe [2231296]
  543. ~ Files: 6 Legitimates Filtered in 00mn 00s
  544.  
  545.  
  546.  
  547. ---\\ Recherche de clés de registre CLSID (O101)
  548. [HKCR\CLSID\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] (SavePass) =>PUP.CrossRider
  549. ~ BCK: 5333 Legitimates Filtered in 00mn 10s
  550.  
  551.  
  552.  
  553. ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
  554. SS - | Demand 17/05/2012 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  555. SS - | Demand 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
  556. SS - | Demand 09/06/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  557. SS - | Auto 22/07/1658 0 | (AdvancedSystemCareService6) . (...) - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
  558. SS - | Demand 09/12/2014 78144 | (BdDesktopParental) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe
  559. SS - | Demand 24/07/2014 49152 | (BEService) . (...) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
  560. SS - | Demand 24/11/2014 2216208 | (Disc Soft Bus Service) . (.Disc Soft Ltd.) - C:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe
  561. SS - | Demand 22/07/1658 0 | (EasyAntiCheat) . (.EasyAntiCheat Ltd.) - C:\Windows\system32\EasyAntiCheat.exe
  562. SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
  563. SS - | Demand 28/03/2011 799800 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
  564. SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  565. SS - | Demand 02/06/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
  566. SS - | Demand 29/10/2014 37176 | (OpenVPNService) . (.The OpenVPN Project.) - C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
  567. SS - | Demand 03/06/2015 1997168 | (Origin Client Service) . (.Electronic Arts.) - C:\Program Files (x86)\Origin\OriginClientService.exe
  568. SS - | Demand 04/05/2015 999152 | (OverwolfUpdater) . (.Overwolf LTD.) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
  569. SS - | Demand 11/06/2012 724376 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
  570. SS - | Auto 18/05/2014 24576 | (SetupARService) . (.Realtek Semiconductor..) - C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
  571. SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
  572. SS - | Demand 11/06/2015 837312 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
  573. SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
  574. SS - | Demand 17/01/2015 762320 | (TunngleService) . (.Tunngle.net GmbH.) - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
  575. SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
  576. SR - | Auto 03/09/2013 181152 | (AdobeActiveFileMonitor12.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
  577. SR - | Auto 22/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
  578. SR - | Auto 30/03/2015 2490216 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
  579. SR - | Auto 12/01/2015 9216 | (HiPatchService) . (.Hi-Rez Studios.) - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
  580. SR - | Auto 28/09/2010 107576 | (HP Power Assistant Service) . (...) - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
  581. SR - | Auto 21/06/2011 85560 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
  582. SR - | Auto 06/08/2010 291896 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
  583. SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
  584. SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
  585. SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
  586. SR - | Auto 04/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
  587. SR - | Auto 22/11/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
  588. SR - | Auto 30/03/2015 417552 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
  589. SR - | Auto 01/10/2009 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
  590. SR - | Auto 01/04/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
  591. SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
  592. SR - | Auto 12/05/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
  593. SR - | Auto 16/05/2013 1826592 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
  594. SR - | Auto 28/09/2010 1119768 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
  595. SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
  596. SR - | Auto 22/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
  597. SR - | Auto 08/07/2013 94624 | (SafeBox) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
  598. SR - | Auto 12/05/2013 413472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  599. SR - | Auto 17/02/2015 5436176 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
  600. SR - | Auto 01/10/2009 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
  601. SR - | Auto 27/10/2014 67320 | (UPDATESRV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
  602. SR - | Auto 16/03/2015 1547936 | (VSSERV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
  603. SR - | Auto 04/06/2009 337144 | (WindowBlinds) . (.Stardock Corporation.) - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
  604. SR - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
  605. SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
  606. ~ Services: Scanned in 00mn 10s
  607.  
  608.  
  609.  
  610. ---\\ Liste des émulateurs de CD/DVD (MBR Hook)
  611. O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
  612. ~ Emulateurs: Scanned in 00mn 10s
  613.  
  614.  
  615.  
  616. ---\\ Scan Additionnel (O88)
  617. Database Version : 13008 - (31/05/2015)
  618. Clés trouvées (Keys found) : 0
  619. Valeurs trouvées (Values found) : 0
  620. Dossiers trouvés (Folders found) : 1
  621. Fichiers trouvés (Files found) : 1
  622.  
  623. C:\Program Files (x86)\KMSPico 10.0.6 =>PUA.KMSpico^
  624. [HKCR\CLSID\{320AF880-6646-11D3-ABEE-C5DBF3571F49}] (SavePass) =>PUP.CrossRider^
  625. ~ Additionnel Scan: 1213555 Items scanned in 00mn 38s
  626.  
  627.  
  628.  
  629. ---\\ Informations complémentaires sur les modules
  630. ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
  631. ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
  632. ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
  633. ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
  634. ~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
  635. ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
  636. ~ AMI: 6 Legitimates Filtered in 00mn 00s
  637.  
  638.  
  639.  
  640. ---\\ Récapitulatif des détections trouvées sur votre station
  641. http://nicolascoolman.fr/pup-kmspico =>PUA.KMSpico
  642. http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
  643. ~ MSI: 2 link(s) detected in 00mn 00s
  644.  
  645.  
  646.  
  647. ~ 1814 Legitimates filtered by white list
  648. End of the scan (647 lines in 01mn 30s)(0.6)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!