[Problème] processus toujours a 100%
Fermé
Ryulaw
Messages postés
7
Date d'inscription
jeudi 9 janvier 2014
Statut
Membre
Dernière intervention
10 janvier 2014
-
Modifié par Ryulaw le 9/01/2014 à 17:49
Ryulaw Messages postés 7 Date d'inscription jeudi 9 janvier 2014 Statut Membre Dernière intervention 10 janvier 2014 - 10 janv. 2014 à 08:26
Ryulaw Messages postés 7 Date d'inscription jeudi 9 janvier 2014 Statut Membre Dernière intervention 10 janvier 2014 - 10 janv. 2014 à 08:26
Bonjour,
je suis nouveau ici et j'ai un légé soucis,
dernièrment j'ai constater que mon ordi avais énormément ralentit pendant que je jouais a certain jeux ( LeaugeOf. etc...)
je suis aller dans le gestionnaire de tache pour voir si j'avais certain programme de lancer, et je vois que mon processus est toujours a 100% ( meme au démarrage quand aucune application n'est lancer)
j'ai fait mes recherche a droite et a gauche mais leurs solution ne m'aide pas , j'ai l'impression d'avoir un cas unique, quelqu'un pourrais m'aider ? merci d'avance
(edit: j'ai aussi essaier de réinitialiser mon ordi mais cela ne fonctionnait pas car il manquait certaine chose... ils me demande d'inséré le cd fourni par hp blablabla, mais je n'ai pas de lecteur cd sur mon pc portable ni le cd en question)
je suis nouveau ici et j'ai un légé soucis,
dernièrment j'ai constater que mon ordi avais énormément ralentit pendant que je jouais a certain jeux ( LeaugeOf. etc...)
je suis aller dans le gestionnaire de tache pour voir si j'avais certain programme de lancer, et je vois que mon processus est toujours a 100% ( meme au démarrage quand aucune application n'est lancer)
j'ai fait mes recherche a droite et a gauche mais leurs solution ne m'aide pas , j'ai l'impression d'avoir un cas unique, quelqu'un pourrais m'aider ? merci d'avance
(edit: j'ai aussi essaier de réinitialiser mon ordi mais cela ne fonctionnait pas car il manquait certaine chose... ils me demande d'inséré le cd fourni par hp blablabla, mais je n'ai pas de lecteur cd sur mon pc portable ni le cd en question)
A voir également:
- [Problème] processus toujours a 100%
- Google drive 100 go gratuit - Guide
- 100 mo en go ✓ - Forum Windows
- Formate pour taxer client 100€ ✓ - Forum Consommation & Internet
- Formaté mais pas de connexion Internet ? ✓ - Forum Matériel & Système
- Processeur utilisé a 100 en jeu ✓ - Forum Processeur
3 réponses
ginto5
Messages postés
11354
Date d'inscription
mercredi 4 juin 2008
Statut
Membre
Dernière intervention
16 octobre 2024
653
9 janv. 2014 à 17:54
9 janv. 2014 à 17:54
Je suppose que ton ordi est un tantinet "encombré" par des parasites, virus, PUP's et autres bestioles.
Un bon nettoyage avec Malwarebytes antimalware pour commencer.
Un bon nettoyage avec Malwarebytes antimalware pour commencer.
Ryulaw
Messages postés
7
Date d'inscription
jeudi 9 janvier 2014
Statut
Membre
Dernière intervention
10 janvier 2014
9 janv. 2014 à 19:34
9 janv. 2014 à 19:34
Voici mon rapport ZHPDiag si sa peu aider
~ Rapport de ZHPDiag v2014.1.2.5 - Nicolas Coolman (02-01-14)
~ Lancé par ryu_d_000 (09-01-14 19:23:11)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v32.0.1700.72 (Defaut)
OBIE: Wacom WebTabletPlugin for Internet Explorer and Netscape v2.1.0.3
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : WK6BG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Windows Defender W8
---\\ Logiciels d'optimisation du système
CCleaner v4.09 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Java 7 Update 40
---\\ Informations sur le système
~ Processor: AMD64 Family 21 Model 16 Stepping 1, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 5602 MB (63% free)
System Restore: Activé (Enable)
System drive C: has 196 GB (43%) free of 448 GB
---\\ Mode de connexion au système
~ Computer Name: ANASS
~ User Name: ryu_d_000
~ All Users Names: ryu_d_000, HomeGroupUser$, Hamza, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\ryu_d_000\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\ryu_d_000\AppData\Roaming\
~ %Desktop% : C:\Users\ryu_d_000\Desktop\
~ %Favorites% : C:\Users\ryu_d_000\Favorites\
~ %LocalAppData% : C:\Users\ryu_d_000\AppData\Local\
~ %StartMenu% : C:\Users\ryu_d_000\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 196 Go of 448 Go)
D: Hard drive, Flash drive, Thumb drive (Free 13 Go of 17 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14-11-13 - 08:37:16.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22-08-13 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.19-12-13 - 17:42:54.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.22-08-13 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22-08-13 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22-08-13 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22-08-13 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22-08-13 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22-08-13 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22-08-13 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22-08-13 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22-08-13 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.14-11-13 - 08:31:09.) -- C:\Windows\system32\Drivers\IpNat.sys [141824]
[MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.14-11-13 - 08:31:06.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22-08-13 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22-08-13 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22-08-13 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22-08-13 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14-11-13 - 08:16:40.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22-08-13 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22-08-13 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/140
~ Mes musiques (My Musics) : 1/8
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 2/7039
~ Mon Bureau (My Desktop) : 4/16
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 17s
---\\ Processus lancés
[MD5.2F03C763EE0DFB4DE56176737DEFB2E2] - (.Microsoft Corporation - Touch Keyboard and Handwriting Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [21184] [PID.4080]
[MD5.656DFDB81019B8A11EFB05D974701AFD] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976] [PID.3192]
[MD5.6198A9BC15ED77F318D5DDD1918CF1D1] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024] [PID.632]
[MD5.3B72EA21094E0AEC59754D2D19CA20E8] - (.Microsoft Corporation - Microsoft Office Document Cache Sync Client.) -- C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.exe [78576] [PID.4708]
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.3620]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.1152]
[MD5.5883D86F8C22B1E5F78627E4AF19B234] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.1908]
[MD5.929F7D65DF9EF297754236644326A958] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [815992] [PID.4764]
[MD5.416AA7A42A5E13E7C8ABCBE05475ACBB] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584] [PID.1092]
[MD5.5F9B227C4CA48AA46BEF97F9340F043B] - (.Nicolas Coolman - ZHPFix.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPFix.exe [3040768] [PID.3972]
[MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8321024] [PID.2596]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\ryu_d_000\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [dhjbpmkagjlnhcmdpmbagjldaknbgnff] Allin1Convert v.5.41.2.15020, (Désactivé) =>Adware.Allin1Convert
G2 - GCE: Preference [User Data\Default] [hbcennhacfaagdopikcegfcobcadeocj] Ebay Shopping Assistant by Spigot v.1.0 (Désactivé) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [mhkaekfpcppmmioggniknbnbdbcigpkk] Slick Savings v.2.4 (Désactivé) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pfndaklgolladniicklehhancnlgocpp] Amazon Shopping Assistant by Spigot v.1.0 (Désactivé) =>PUP.Dealio
~ Google Browser: 19 Legitimates Filtered in 03mn 46s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [ryu_d_000] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo_ff.xml
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Rainmeter.lnk . (...) -- C:\Program Files\Rainmeter\Rainmeter.exe
O4 - GS\QuickLaunch [ryu_d_000]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [ryu_d_000]: Heroes of Newerth.lnk . (.S2 Games - Heroes of Newerth.) -- C:\Program Files (x86)\Heroes of Newerth\hon.exe
O4 - GS\TaskBar [ryu_d_000]: Battle.net.lnk . (.Blizzard Entertainment - Battle.net Setup.) -- C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
O4 - GS\TaskBar [ryu_d_000]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [ryu_d_000]: PVP.net Patcher.lnk . (...) -- D:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.196\deploy\LoLLauncher.exe
O4 - GS\TaskBar [ryu_d_000]: Rainmeter.lnk . (...) -- C:\Program Files\Rainmeter\Rainmeter.exe
O4 - GS\TaskBar [ryu_d_000]: Windows.Defender.lnk . (...) -- C:\Program Files (x86)\Windows Defender\MSASCui.exe (.not file.)
~ Global Startup: 48 Legitimates Filtered in 00mn 02s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [ryu_d_000]: Rainmeter.lnk . (...) -- C:\Program Files\Rainmeter\Rainmeter.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\ryu_d_000\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [File] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKUS\S-1-5-21-2407616601-275934380-3013197617-1005\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\ryu_d_000\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-2407616601-275934380-3013197617-1005\..\Run: [File] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E4C12C9-C826-4CA9-A7EC-704A73AAEC20}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E4C12C9-C826-4CA9-A7EC-704A73AAEC20}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Synaptics TouchPad Enhancements.job [264]
[MD5.00000000000000000000000000000000] [APT] [Registry Optimizer_DEFAULT] (...) -- C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Registry Optimizer_UPDATES] (...) -- C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe (.not file.) [0]
~ Scheduled Task: 26 Legitimates Filtered in 00mn 15s
---\\ Logiciels installés (O42)
O42 - Logiciel: Of Orcs And Men - (.Cyanide Studio - Spiders Studios.) [HKLM][64Bits] -- Steam App 216910
~ Logic: 6 Legitimates Filtered in 00mn 03s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Pando Networks]
[HKLM\Software\Space]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\Space]
[HKLM\Software\Wow6432Node\VBMZ] =>PUP.Duuqu
~ Key Software: 322 Legitimates Filtered in 00mn 03s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04-01-14 - 00:12:44 - [0] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 19-09-13 - 17:09:20 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 02-01-14 - 02:00:18 - [1,228] ----D C:\Users\ryu_d_000\AppData\Roaming\newnext.me
O43 - CFD: 06-12-13 - 20:22:10 - [0] ----D C:\Users\ryu_d_000\AppData\Roaming\Reg
O43 - CFD: 31-12-13 - 23:39:07 - [1,224] ----D C:\Users\ryu_d_000\AppData\Local\genienext
~ Program Folder: 223 Legitimates Filtered in 01mn 31s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.28BD3ED7ACD0A2DC48EA0D5CC8388464] - 02-01-14 - 07:29:56 ---A- . (...) -- C:\Windows\System32\amdhdl64.dll [134656]
O44 - LFC:[MD5.65A6A8B84BE70FAE74B0670515B5E8D1] - 02-01-14 - 07:29:56 ---A- . (...) -- C:\Windows\System32\amdmiracast.dll [412672]
O44 - LFC:[MD5.53FD08984A871608DBA991B5D94B2D9B] - 02-01-14 - 07:29:57 ---A- . (...) -- C:\Windows\System32\atiapfxx.blb [550456]
O44 - LFC:[MD5.D68F4FBFC475E5E64260169B8BE9D5E6] - 02-01-14 - 07:29:57 ---A- . (...) -- C:\Windows\System32\atiicdxx.dat [721296]
O44 - LFC:[MD5.C3E57E0F0C29DDA77A21841C0D775008] - 02-01-14 - 07:29:57 ---A- . (...) -- C:\Windows\System32\atiumd6a.cap [3426688]
O44 - LFC:[MD5.EBCFA11C16A9A073E797622BAA74D76F] - 02-01-14 - 07:29:57 ---A- . (...) -- C:\Windows\atiogl.xml [47887]
O44 - LFC:[MD5.EE8B93F0A196F70FDA0C18BB40386433] - 02-01-14 - 07:29:58 ---A- . (...) -- C:\Windows\System32\ativce02.dat [83552]
O44 - LFC:[MD5.9633F90657A212F3EF98BF9F9493D083] - 02-01-14 - 07:29:58 ---A- . (...) -- C:\Windows\System32\ativvaxy_cik.dat [234036]
O44 - LFC:[MD5.76E6DBFC06B27F745C37BDF6276792BD] - 02-01-14 - 07:29:58 ---A- . (...) -- C:\Windows\System32\ativvaxy_cik_nd.dat [233776]
O44 - LFC:[MD5.969B18129BA9BA38B4EE9E11A80D1F71] - 02-01-14 - 07:29:58 ---A- . (...) -- C:\Windows\System32\clinfo.exe [230912]
O44 - LFC:[MD5.AF30006CCC74853BB57159E5107D256A] - 02-01-14 - 07:29:58 ---A- . (.Windows (R) Win 7 DDK provider - KSL Kernel-Mode Dll.) -- C:\Windows\System32\Drivers\amdacpksl.sys [141312]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 04-01-14 - 00:11:55 ---A- . (...) -- C:\Recovery.txt [0]
~ Files: 66 Legitimates Filtered in 00mn 11s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.AF30006CCC74853BB57159E5107D256A] - 24-09-13 - 15:54:42 ---A- . (.Windows (R) Win 7 DDK provider - KSL Kernel-Mode Dll.) -- C:\Windows\System32\Drivers\amdacpksl.sys [141312]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13-08-13 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.83E3D6B27AC3C28D9122C4440D3C5863] - 12-02-13 - 21:51:52 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys [42184]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22-08-13 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:[MD5.32BE0B7CCA47A5BE30E7E43DC54B54F3] - 20-08-12 - 06:45:20 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [542208]
O58 - SDL:[MD5.0EDDF0D110086731746AC1A5A91EFADA] - 12-02-13 - 22:01:12 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
~ Drivers: 17 Legitimates Filtered in 00mn 08s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {7542BC91-F2E0-4E88-85F1-F709BBFB78B1} - (Propositions de recherche Amazon.fr) - https://www.amazon.fr/
O69 - SBI: SearchScopes [HKCU] {9B319521-F648-476E-BC73-FEB1D41AEBAE} - (Yahoo) - https://search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.D4CA8CD4E32B3AAED6BD03BF4D658C05] [SPRF][03-01-14] (...) -- C:\Users\ryu_d_000\AppData\Local\Temp\utt9696.tmp.bat [108]
[MD5.08454A5469CDF1FFA8B090C61318747E] [SPRF][31-07-13] (.Sysinternals - www.sysinternals.com - Sysinternals Process Explorer.) -- C:\Users\ryu_d_000\Desktop\procexp.exe [2799296]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{7A7DB103-8B3B-4EA5-9DEC-B74E3CE81EA1}" | In - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O87 - FAEL: "{250D1EC9-6C75-4E8D-9024-8C26A9E30848}" | Out - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O87 - FAEL: "TCP Query User{D605EECE-87CA-47F6-8365-8063287D10CF}C:\users\ryu_d_000\desktop\nouveau dossier\auth\buddy_auth.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\ryu_d_000\desktop\nouveau dossier\auth\buddy_auth.exe (.not file.)
O87 - FAEL: "UDP Query User{6EA97A29-11B0-4B08-AC62-C946055C49EC}C:\users\ryu_d_000\desktop\nouveau dossier\auth\buddy_auth.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\ryu_d_000\desktop\nouveau dossier\auth\buddy_auth.exe (.not file.)
~ Firewall: 333 Legitimates Filtered in 00mn 04s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.004F085EF2B3913CD1D06E22D32E33B4] [WIS][25-07-12] (.NAMCO BANDAI Games Europe S.A.S. - Dark Souls Prepare to Die Edition.) -- C:\Windows\Installer\198eff53.msi [18966016]
[MD5.5AA20C0E5C09BA5067E2D3D54D43D1DD] [WIS][17-12-13] (.Spigot, Inc. - Widgi Toolbar.) -- C:\Windows\Installer\1f66781.msi [4932608] =>PUP.Dealio
~ WIS: 140 Legitimates Filtered in 00mn 24s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10-12-13 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 18-04-13 574272 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
SS - | Auto 08-07-13 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08-07-13 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 01-10-13 2746704 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SS - | Demand 23-10-13 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 05-09-13 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 11-12-13 569768 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 10-07-58 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 22-08-13 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 06-12-13 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 06-12-13 344064 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 07-09-13 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 26-09-12 1612552 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
SR - | Auto 30-08-11 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 19-09-12 146184 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
SR - | Auto 16-12-13 9216 | (HiPatchService) . (.Hi-Rez Studios.) - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
SR - | Auto 27-09-12 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 12-10-12 35744 | (HPConnectedRemote) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
SR - | Demand 07-06-13 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 23-08-12 29600 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 07-09-12 35232 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 14-07-12 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 25-10-13 2768208 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 20-08-12 323072 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Demand 10-07-58 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 10-07-58 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 27s
---\\ Scan Additionnel (O88)
Database Version : 13018 - (02-01-14)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 1
[HKLM\Software\Google\Chrome\Extensions\dhjbpmkagjlnhcmdpmbagjldaknbgnff] =>Adware.Allin1Convert^
[HKLM\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio^
[HKLM\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio^
[HKLM\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio^
[HKLM\Software\Wow6432Node\VBMZ] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9] =>PUP.Dealio
[HKCU\Software\IObit Apps] =>PUP.Dealio
[HKCU\Software\AppDataLow\Software\IObit Apps] =>PUP.Dealio
[HKLM\Software\Wow6432Node\IObit Apps] =>PUP.Dealio
[HKLM\Software\Classes\Iminent.Companion.Buddy] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Companion.Buddy] =>Adware.IMBooster
C:\Users\ryu_d_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjbpmkagjlnhcmdpmbagjldaknbgnff =>Adware.Allin1Convert^
C:\Users\ryu_d_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj =>PUP.Dealio^
C:\Users\ryu_d_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk =>PUP.Dealio^
C:\Users\ryu_d_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp =>PUP.Dealio^
C:\Windows\Installer\1f66781.msi =>PUP.Dealio^
~ Additionnel Scan: 438006 Items scanned in 00mn 46s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/30478407-adware-allin1convert =>Adware.Allin1Convert
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/37752731-pup-duuqu =>PUP.Duuqu
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ MSI: 6 link(s) detected in 00mn 46s
~ 1237 Legitimates filtered by white list
End of the scan (448 lines in 08mn 33s)(0)
~ Rapport de ZHPDiag v2014.1.2.5 - Nicolas Coolman (02-01-14)
~ Lancé par ryu_d_000 (09-01-14 19:23:11)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v32.0.1700.72 (Defaut)
OBIE: Wacom WebTabletPlugin for Internet Explorer and Netscape v2.1.0.3
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : WK6BG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Windows Defender W8
---\\ Logiciels d'optimisation du système
CCleaner v4.09 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Java 7 Update 40
---\\ Informations sur le système
~ Processor: AMD64 Family 21 Model 16 Stepping 1, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 5602 MB (63% free)
System Restore: Activé (Enable)
System drive C: has 196 GB (43%) free of 448 GB
---\\ Mode de connexion au système
~ Computer Name: ANASS
~ User Name: ryu_d_000
~ All Users Names: ryu_d_000, HomeGroupUser$, Hamza, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\ryu_d_000\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\ryu_d_000\AppData\Roaming\
~ %Desktop% : C:\Users\ryu_d_000\Desktop\
~ %Favorites% : C:\Users\ryu_d_000\Favorites\
~ %LocalAppData% : C:\Users\ryu_d_000\AppData\Local\
~ %StartMenu% : C:\Users\ryu_d_000\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 196 Go of 448 Go)
D: Hard drive, Flash drive, Thumb drive (Free 13 Go of 17 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14-11-13 - 08:37:16.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22-08-13 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.19-12-13 - 17:42:54.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.22-08-13 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Bibliothèque de licences.) (.22-08-13 - 11:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22-08-13 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22-08-13 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22-08-13 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22-08-13 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22-08-13 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22-08-13 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22-08-13 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.14-11-13 - 08:31:09.) -- C:\Windows\system32\Drivers\IpNat.sys [141824]
[MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.14-11-13 - 08:31:06.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22-08-13 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22-08-13 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22-08-13 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22-08-13 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14-11-13 - 08:16:40.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22-08-13 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22-08-13 - 13:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/140
~ Mes musiques (My Musics) : 1/8
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 2/7039
~ Mon Bureau (My Desktop) : 4/16
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 17s
---\\ Processus lancés
[MD5.2F03C763EE0DFB4DE56176737DEFB2E2] - (.Microsoft Corporation - Touch Keyboard and Handwriting Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [21184] [PID.4080]
[MD5.656DFDB81019B8A11EFB05D974701AFD] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976] [PID.3192]
[MD5.6198A9BC15ED77F318D5DDD1918CF1D1] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024] [PID.632]
[MD5.3B72EA21094E0AEC59754D2D19CA20E8] - (.Microsoft Corporation - Microsoft Office Document Cache Sync Client.) -- C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.exe [78576] [PID.4708]
[MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.3620]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.1152]
[MD5.5883D86F8C22B1E5F78627E4AF19B234] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.1908]
[MD5.929F7D65DF9EF297754236644326A958] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [815992] [PID.4764]
[MD5.416AA7A42A5E13E7C8ABCBE05475ACBB] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584] [PID.1092]
[MD5.5F9B227C4CA48AA46BEF97F9340F043B] - (.Nicolas Coolman - ZHPFix.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPFix.exe [3040768] [PID.3972]
[MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8321024] [PID.2596]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\ryu_d_000\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [dhjbpmkagjlnhcmdpmbagjldaknbgnff] Allin1Convert v.5.41.2.15020, (Désactivé) =>Adware.Allin1Convert
G2 - GCE: Preference [User Data\Default] [hbcennhacfaagdopikcegfcobcadeocj] Ebay Shopping Assistant by Spigot v.1.0 (Désactivé) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [mhkaekfpcppmmioggniknbnbdbcigpkk] Slick Savings v.2.4 (Désactivé) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pfndaklgolladniicklehhancnlgocpp] Amazon Shopping Assistant by Spigot v.1.0 (Désactivé) =>PUP.Dealio
~ Google Browser: 19 Legitimates Filtered in 03mn 46s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [ryu_d_000] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo_ff.xml
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Rainmeter.lnk . (...) -- C:\Program Files\Rainmeter\Rainmeter.exe
O4 - GS\QuickLaunch [ryu_d_000]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [ryu_d_000]: Heroes of Newerth.lnk . (.S2 Games - Heroes of Newerth.) -- C:\Program Files (x86)\Heroes of Newerth\hon.exe
O4 - GS\TaskBar [ryu_d_000]: Battle.net.lnk . (.Blizzard Entertainment - Battle.net Setup.) -- C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
O4 - GS\TaskBar [ryu_d_000]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [ryu_d_000]: PVP.net Patcher.lnk . (...) -- D:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.196\deploy\LoLLauncher.exe
O4 - GS\TaskBar [ryu_d_000]: Rainmeter.lnk . (...) -- C:\Program Files\Rainmeter\Rainmeter.exe
O4 - GS\TaskBar [ryu_d_000]: Windows.Defender.lnk . (...) -- C:\Program Files (x86)\Windows Defender\MSASCui.exe (.not file.)
~ Global Startup: 48 Legitimates Filtered in 00mn 02s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [ryu_d_000]: Rainmeter.lnk . (...) -- C:\Program Files\Rainmeter\Rainmeter.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\ryu_d_000\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [File] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKUS\S-1-5-21-2407616601-275934380-3013197617-1005\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\ryu_d_000\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-2407616601-275934380-3013197617-1005\..\Run: [File] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E4C12C9-C826-4CA9-A7EC-704A73AAEC20}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E4C12C9-C826-4CA9-A7EC-704A73AAEC20}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Synaptics TouchPad Enhancements.job [264]
[MD5.00000000000000000000000000000000] [APT] [Registry Optimizer_DEFAULT] (...) -- C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Registry Optimizer_UPDATES] (...) -- C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe (.not file.) [0]
~ Scheduled Task: 26 Legitimates Filtered in 00mn 15s
---\\ Logiciels installés (O42)
O42 - Logiciel: Of Orcs And Men - (.Cyanide Studio - Spiders Studios.) [HKLM][64Bits] -- Steam App 216910
~ Logic: 6 Legitimates Filtered in 00mn 03s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Pando Networks]
[HKLM\Software\Space]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\Space]
[HKLM\Software\Wow6432Node\VBMZ] =>PUP.Duuqu
~ Key Software: 322 Legitimates Filtered in 00mn 03s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04-01-14 - 00:12:44 - [0] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 19-09-13 - 17:09:20 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 02-01-14 - 02:00:18 - [1,228] ----D C:\Users\ryu_d_000\AppData\Roaming\newnext.me
O43 - CFD: 06-12-13 - 20:22:10 - [0] ----D C:\Users\ryu_d_000\AppData\Roaming\Reg
O43 - CFD: 31-12-13 - 23:39:07 - [1,224] ----D C:\Users\ryu_d_000\AppData\Local\genienext
~ Program Folder: 223 Legitimates Filtered in 01mn 31s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.28BD3ED7ACD0A2DC48EA0D5CC8388464] - 02-01-14 - 07:29:56 ---A- . (...) -- C:\Windows\System32\amdhdl64.dll [134656]
O44 - LFC:[MD5.65A6A8B84BE70FAE74B0670515B5E8D1] - 02-01-14 - 07:29:56 ---A- . (...) -- C:\Windows\System32\amdmiracast.dll [412672]
O44 - LFC:[MD5.53FD08984A871608DBA991B5D94B2D9B] - 02-01-14 - 07:29:57 ---A- . (...) -- C:\Windows\System32\atiapfxx.blb [550456]
O44 - LFC:[MD5.D68F4FBFC475E5E64260169B8BE9D5E6] - 02-01-14 - 07:29:57 ---A- . (...) -- C:\Windows\System32\atiicdxx.dat [721296]
O44 - LFC:[MD5.C3E57E0F0C29DDA77A21841C0D775008] - 02-01-14 - 07:29:57 ---A- . (...) -- C:\Windows\System32\atiumd6a.cap [3426688]
O44 - LFC:[MD5.EBCFA11C16A9A073E797622BAA74D76F] - 02-01-14 - 07:29:57 ---A- . (...) -- C:\Windows\atiogl.xml [47887]
O44 - LFC:[MD5.EE8B93F0A196F70FDA0C18BB40386433] - 02-01-14 - 07:29:58 ---A- . (...) -- C:\Windows\System32\ativce02.dat [83552]
O44 - LFC:[MD5.9633F90657A212F3EF98BF9F9493D083] - 02-01-14 - 07:29:58 ---A- . (...) -- C:\Windows\System32\ativvaxy_cik.dat [234036]
O44 - LFC:[MD5.76E6DBFC06B27F745C37BDF6276792BD] - 02-01-14 - 07:29:58 ---A- . (...) -- C:\Windows\System32\ativvaxy_cik_nd.dat [233776]
O44 - LFC:[MD5.969B18129BA9BA38B4EE9E11A80D1F71] - 02-01-14 - 07:29:58 ---A- . (...) -- C:\Windows\System32\clinfo.exe [230912]
O44 - LFC:[MD5.AF30006CCC74853BB57159E5107D256A] - 02-01-14 - 07:29:58 ---A- . (.Windows (R) Win 7 DDK provider - KSL Kernel-Mode Dll.) -- C:\Windows\System32\Drivers\amdacpksl.sys [141312]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 04-01-14 - 00:11:55 ---A- . (...) -- C:\Recovery.txt [0]
~ Files: 66 Legitimates Filtered in 00mn 11s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.AF30006CCC74853BB57159E5107D256A] - 24-09-13 - 15:54:42 ---A- . (.Windows (R) Win 7 DDK provider - KSL Kernel-Mode Dll.) -- C:\Windows\System32\Drivers\amdacpksl.sys [141312]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13-08-13 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.83E3D6B27AC3C28D9122C4440D3C5863] - 12-02-13 - 21:51:52 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys [42184]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22-08-13 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:[MD5.32BE0B7CCA47A5BE30E7E43DC54B54F3] - 20-08-12 - 06:45:20 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [542208]
O58 - SDL:[MD5.0EDDF0D110086731746AC1A5A91EFADA] - 12-02-13 - 22:01:12 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
~ Drivers: 17 Legitimates Filtered in 00mn 08s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {7542BC91-F2E0-4E88-85F1-F709BBFB78B1} - (Propositions de recherche Amazon.fr) - https://www.amazon.fr/
O69 - SBI: SearchScopes [HKCU] {9B319521-F648-476E-BC73-FEB1D41AEBAE} - (Yahoo) - https://search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.D4CA8CD4E32B3AAED6BD03BF4D658C05] [SPRF][03-01-14] (...) -- C:\Users\ryu_d_000\AppData\Local\Temp\utt9696.tmp.bat [108]
[MD5.08454A5469CDF1FFA8B090C61318747E] [SPRF][31-07-13] (.Sysinternals - www.sysinternals.com - Sysinternals Process Explorer.) -- C:\Users\ryu_d_000\Desktop\procexp.exe [2799296]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{7A7DB103-8B3B-4EA5-9DEC-B74E3CE81EA1}" | In - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O87 - FAEL: "{250D1EC9-6C75-4E8D-9024-8C26A9E30848}" | Out - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O87 - FAEL: "TCP Query User{D605EECE-87CA-47F6-8365-8063287D10CF}C:\users\ryu_d_000\desktop\nouveau dossier\auth\buddy_auth.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\ryu_d_000\desktop\nouveau dossier\auth\buddy_auth.exe (.not file.)
O87 - FAEL: "UDP Query User{6EA97A29-11B0-4B08-AC62-C946055C49EC}C:\users\ryu_d_000\desktop\nouveau dossier\auth\buddy_auth.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\ryu_d_000\desktop\nouveau dossier\auth\buddy_auth.exe (.not file.)
~ Firewall: 333 Legitimates Filtered in 00mn 04s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.004F085EF2B3913CD1D06E22D32E33B4] [WIS][25-07-12] (.NAMCO BANDAI Games Europe S.A.S. - Dark Souls Prepare to Die Edition.) -- C:\Windows\Installer\198eff53.msi [18966016]
[MD5.5AA20C0E5C09BA5067E2D3D54D43D1DD] [WIS][17-12-13] (.Spigot, Inc. - Widgi Toolbar.) -- C:\Windows\Installer\1f66781.msi [4932608] =>PUP.Dealio
~ WIS: 140 Legitimates Filtered in 00mn 24s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10-12-13 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 18-04-13 574272 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
SS - | Auto 08-07-13 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08-07-13 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 01-10-13 2746704 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SS - | Demand 23-10-13 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 05-09-13 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 11-12-13 569768 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 10-07-58 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 22-08-13 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 06-12-13 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 06-12-13 344064 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 07-09-13 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 26-09-12 1612552 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
SR - | Auto 30-08-11 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 19-09-12 146184 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
SR - | Auto 16-12-13 9216 | (HiPatchService) . (.Hi-Rez Studios.) - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
SR - | Auto 27-09-12 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 12-10-12 35744 | (HPConnectedRemote) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
SR - | Demand 07-06-13 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 23-08-12 29600 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 07-09-12 35232 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 14-07-12 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 25-10-13 2768208 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 20-08-12 323072 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Demand 10-07-58 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 10-07-58 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 27s
---\\ Scan Additionnel (O88)
Database Version : 13018 - (02-01-14)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 1
[HKLM\Software\Google\Chrome\Extensions\dhjbpmkagjlnhcmdpmbagjldaknbgnff] =>Adware.Allin1Convert^
[HKLM\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio^
[HKLM\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio^
[HKLM\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio^
[HKLM\Software\Wow6432Node\VBMZ] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9] =>PUP.Dealio
[HKCU\Software\IObit Apps] =>PUP.Dealio
[HKCU\Software\AppDataLow\Software\IObit Apps] =>PUP.Dealio
[HKLM\Software\Wow6432Node\IObit Apps] =>PUP.Dealio
[HKLM\Software\Classes\Iminent.Companion.Buddy] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent.Companion.Buddy] =>Adware.IMBooster
C:\Users\ryu_d_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjbpmkagjlnhcmdpmbagjldaknbgnff =>Adware.Allin1Convert^
C:\Users\ryu_d_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj =>PUP.Dealio^
C:\Users\ryu_d_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk =>PUP.Dealio^
C:\Users\ryu_d_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp =>PUP.Dealio^
C:\Windows\Installer\1f66781.msi =>PUP.Dealio^
~ Additionnel Scan: 438006 Items scanned in 00mn 46s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/30478407-adware-allin1convert =>Adware.Allin1Convert
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/37752731-pup-duuqu =>PUP.Duuqu
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ MSI: 6 link(s) detected in 00mn 46s
~ 1237 Legitimates filtered by white list
End of the scan (448 lines in 08mn 33s)(0)
Ryulaw
Messages postés
7
Date d'inscription
jeudi 9 janvier 2014
Statut
Membre
Dernière intervention
10 janvier 2014
10 janv. 2014 à 08:26
10 janv. 2014 à 08:26
personne peut m'aider ?
9 janv. 2014 à 17:57
Malheureusment c'est l'une des tentative qui ne m'as pas aidé , as tu d'autres suggestions ?
9 janv. 2014 à 18:17
9 janv. 2014 à 18:34
9 janv. 2014 à 18:59
9 janv. 2014 à 19:01