Mon PC rame sur internet
Fermé
wafid0
Messages postés
5
Date d'inscription
mercredi 2 novembre 2011
Statut
Membre
Dernière intervention
21 avril 2015
-
21 avril 2015 à 20:14
wafid0 Messages postés 5 Date d'inscription mercredi 2 novembre 2011 Statut Membre Dernière intervention 21 avril 2015 - 21 avril 2015 à 23:41
wafid0 Messages postés 5 Date d'inscription mercredi 2 novembre 2011 Statut Membre Dernière intervention 21 avril 2015 - 21 avril 2015 à 23:41
A voir également:
- Mon PC rame sur internet
- Pc qui rame - Guide
- Test performance pc - Guide
- Plus de son sur mon pc - Guide
- Reinitialiser pc - Guide
- Mon pc s'allume mais ne démarre pas windows 10 - Guide
3 réponses
artaban7
Messages postés
2204
Date d'inscription
samedi 12 juillet 2014
Statut
Membre
Dernière intervention
19 août 2015
90
21 avril 2015 à 21:14
21 avril 2015 à 21:14
Bonsoir,
Un pc infecté? Ce n'est pas Avira seul qui t'aidera :)
si tu ne trouve aucune solution , on peut toujours tenter un diagnostique , je te laisse les liens :
Pour le diagnostique il s'agit de ce logiciel : https://nicolascoolman.eu
il suffit de le lancer, il va ensuite créer un rapport sur votre système sur le bureau au format .txt qu'il faudra transmettre ici (ou par MP si vous préférez) à l'aide de : http://pjjoint.malekal.com/
Si vous avez besoins d'explication sur des points précis comme l'utilisation du générateur de fichier.
Un pc infecté? Ce n'est pas Avira seul qui t'aidera :)
si tu ne trouve aucune solution , on peut toujours tenter un diagnostique , je te laisse les liens :
Pour le diagnostique il s'agit de ce logiciel : https://nicolascoolman.eu
il suffit de le lancer, il va ensuite créer un rapport sur votre système sur le bureau au format .txt qu'il faudra transmettre ici (ou par MP si vous préférez) à l'aide de : http://pjjoint.malekal.com/
Si vous avez besoins d'explication sur des points précis comme l'utilisation du générateur de fichier.
wafid0
Messages postés
5
Date d'inscription
mercredi 2 novembre 2011
Statut
Membre
Dernière intervention
21 avril 2015
21 avril 2015 à 21:32
21 avril 2015 à 21:32
Voilà :
HELP LES GARS, JE N'Y PIGE RIEN !!!
~ Rapport de ZHPDiag v2015.4.20.40 - Nicolas Coolman (20/04/2015)
~ Lancé par Seven (21/04/2015 21:28:48)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum https://nicolascoolman.eu
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v42.0.2311.90 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7TP9F
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Professional, 64-bit (Build 7600)
---\\ Logiciels de protection du système
Avira Antivirus v15.0.9.504
Windows Defender W7 (Activate)
---\\ Logiciels d'optimisation du système
CCleaner v5.04
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4008 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 184 GB (75%) free of 244 GB
---\\ Mode de connexion au système
~ Computer Name: SEVEN-PC
~ User Name: Seven
~ All Users Names: Seven, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Seven\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Seven\AppData\Roaming\
~ %Desktop% : C:\Users\Seven\Desktop\
~ %Favorites% : C:\Users\Seven\Favorites\
~ %LocalAppData% : C:\Users\Seven\AppData\Local\
~ %StartMenu% : C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 184 Go of 244 Go)
D: Hard drive, Flash drive, Thumb drive (Free 68 Go of 221 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 02:39:10.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.B1037F0131C9A010D611F6914E03CD92] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 02:41:56.) -- C:\Windows\System32\wininet.dll [1193472]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 00:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 00:24:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/3
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 2/7
~ Mon Bureau (My Desktop) : 1/6426
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 06s
---\\ Processus lancés
[MD5.6FB60B441A8F326C03FD37C2B450E426] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.exe [226784] [PID.2116]
[MD5.3C62EAE05B76BA809FA1DE327922E846] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968] [PID.2408]
[MD5.86F0D0B3A07C142C81DAB47E8495A822] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.2416]
[MD5.AB511973BF2F83B77ED5C0453131742D] - (.CANON INC. - Canon Advanced Printing Technology Status M.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.exe [181696] [PID.2472]
[MD5.9A2F3368669BA93339E5A4E8226B6E44] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNABCSWK.exe [1305808] [PID.2504]
[MD5.4D241A6A8F6BA9FA32FF836551FFDCEA] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.2276]
[MD5.3E23D1F7E91627DBD44AC82077E2BA7C] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [726320] [PID.1964]
[MD5.A071CF6027E14E6C49A8CA8ED5F012CD] - (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056] [PID.2392]
[MD5.A097F470DB5D1B09CAD8C177C72FB267] - (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [130048] [PID.3084]
[MD5.FFBD5650348D4F9E0AA8E72938DC6478] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1213736] [PID.3472]
[MD5.CE9806603D3C635EA6E0BB79FE916D2E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872] [PID.3120]
[MD5.1EF5B782DC95B24710D88FD5DB6A1D14] - (...) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [108544] [PID.4620]
[MD5.2C009C50C0EE073EC0F993698CDB6C92] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8198656] [PID.2772]
[MD5.F36D18EF1E66F92094AD89D17BEF007C] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424] [PID.1864]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.2764]
[MD5.F36D18EF1E66F92094AD89D17BEF007C] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424] [PID.2788]
[MD5.53710476495886D9961BE46983A6A33F] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [79136] [PID.2832]
[MD5.A33384A5CA1CE308ABF16815AFE1873D] - (.Avira Operations GmbH & Co. KG - Avira.OE.ServiceHost.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [205104] [PID.3008]
[MD5.A328A46D87BB92CE4D8A4528E9D84787] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848] [PID.3396]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 10 Legitimates Filtered in 00mn 08s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\mhhhlyf3.default\prefs.js
M2 - MFEP: prefs.js [Seven - mhhhlyf3.default\abs@avira.com] [] Segurança do navegador Avira v1.4.6 (..)
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [Seven]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CNAP2 Launcher] . (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.exe =>.Canon Inc
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Vqwiwd] H:\RECYCLER\0xFFD12566.exe (.not file.)
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyCut] . (.Lenovo (Beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\policies\Explorer\Run: [Updates] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\svchost .exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [Vqwiwd] H:\RECYCLER\0xFFD12566.exe (.not file.)
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 10.2.0.1 10.2.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan.ciup.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk /p \??\H:) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.5C68F96DC658008E77A02EF11C4D135D] [APT] [TimeInspectorRun] (...) -- C:\Program Files (x86)\Time Inspector\TimeInspector.exe [5674608]
[MD5.00000000000000000000000000000000] [APT] [Update23] (...) -- C:\Program Files (x86)\8a984307\jusched.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2F042DAE-71C5-452D-B0CB-2CBBDEF89749}] (...) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\As0.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1062]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1066]
O39 - APT: Update23 - (...) -- C:\Windows\Tasks\Update23.job [242]
O39 - APT: Update23 - (...) -- C:\Windows\System32\Tasks\Update23 [242]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 03s
---\\ Logiciels installés (O42)
O42 - Logiciel: Time Inspector 1.4 - (...) [HKLM][64Bits] -- Time Inspector_is1
~ Logic: 22 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/04/2015 - 23:19:21 - [0] ----D C:\Program Files (x86)\8a984307
O43 - CFD: 19/08/2014 - 00:15:06 - [] ----D C:\Program Files (x86)\Time Inspector
O43 - CFD: 14/01/2015 - 12:32:54 - [] ----D C:\ProgramData\Verimatrix
O43 - CFD: 17/04/2015 - 22:45:45 - [] ----D C:\ProgramData\Windows Update
O43 - CFD: 14/07/2009 - 17:35:18 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 19/08/2014 - 00:15:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Time Inspector
O43 - CFD: 01/10/2014 - 11:50:29 - [] ----D C:\Users\Seven\AppData\Roaming\AdvertismentImages
O43 - CFD: 21/08/2014 - 19:35:32 - [0] ----D C:\Users\Seven\AppData\Roaming\FileAdvisor
O43 - CFD: 21/04/2015 - 00:18:47 - [] ----D C:\Users\Seven\AppData\Roaming\Time Inspector
~ Program Folder: 141 Legitimates Filtered in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{5bad0003-d1ef-11e3-9661-28e34702a5da}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
O51 - MPSK:{62fff661-a3fe-11e4-b671-28e34702a5da}\AutoRun\command. (...) -- H:\autorun.exe (.not file.)
O51 - MPSK:{98247464-32b6-11e4-a167-28e34702a5da}\AutoRun\command. (...) -- H:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:07/08/2013 - 07:29:24 ---A- . (.ELAN Microelectronic Corp. - ELAN SMBus Driver.) -- C:\Windows\System32\Drivers\ETDSMBus.sys [23368]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:16/08/2013 - 02:21:10 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [551936]
~ Drivers: 76 Legitimates Filtered in 00mn 01s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F16CA5F6C3D926793D3F383F2C412D3E] [SPRF][21/04/2015] (...) -- C:\Users\Seven\Desktop\cc_20150421_194250.reg [90110]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D0C96625-7227-42A0-A635-7631CF979A3C}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{38EAD39D-96D8-4BB6-8D28-908B7C7B96C5}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASAPI32 =>Rogue.PCSpeedMaximizer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASMANCS =>Rogue.PCSpeedMaximizer
~ BTK: 31 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 27/03/2015 815920 | (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
SS - | Auto 27/03/2015 1004280 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
SS - | Demand 07/06/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 19/04/2015 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/04/2015 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/12/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 27/03/2015 434424 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\sched.exe
SR - | Auto 27/03/2015 434424 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
SR - | Auto 10/04/2015 205104 | (Avira.OE.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
SR - | Auto 23/08/2007 79136 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 08/02/2014 923936 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/08/2013 339456 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (20/04/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 172038 Items scanned in 00mn 12s
---\\ Informations complémentaires sur les modules
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Applications lancées au démarrage du système (O4)
~ https://nicolascoolman.eu =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
https://nicolascoolman.eu =>Rogue.PCSpeedMaximizer
~ MSI: 1 link(s) detected in 00mn 00s
~ 651 Legitimates filtered by white list
End of the scan (482 lines in 01mn 56s)(0.11)
HELP LES GARS, JE N'Y PIGE RIEN !!!
~ Rapport de ZHPDiag v2015.4.20.40 - Nicolas Coolman (20/04/2015)
~ Lancé par Seven (21/04/2015 21:28:48)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum https://nicolascoolman.eu
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v42.0.2311.90 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7TP9F
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Professional, 64-bit (Build 7600)
---\\ Logiciels de protection du système
Avira Antivirus v15.0.9.504
Windows Defender W7 (Activate)
---\\ Logiciels d'optimisation du système
CCleaner v5.04
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4008 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 184 GB (75%) free of 244 GB
---\\ Mode de connexion au système
~ Computer Name: SEVEN-PC
~ User Name: Seven
~ All Users Names: Seven, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Seven\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Seven\AppData\Roaming\
~ %Desktop% : C:\Users\Seven\Desktop\
~ %Favorites% : C:\Users\Seven\Favorites\
~ %LocalAppData% : C:\Users\Seven\AppData\Local\
~ %StartMenu% : C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 184 Go of 244 Go)
D: Hard drive, Flash drive, Thumb drive (Free 68 Go of 221 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 02:39:10.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.B1037F0131C9A010D611F6914E03CD92] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 02:41:56.) -- C:\Windows\System32\wininet.dll [1193472]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 00:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 00:24:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/3
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 2/7
~ Mon Bureau (My Desktop) : 1/6426
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 06s
---\\ Processus lancés
[MD5.6FB60B441A8F326C03FD37C2B450E426] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.exe [226784] [PID.2116]
[MD5.3C62EAE05B76BA809FA1DE327922E846] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968] [PID.2408]
[MD5.86F0D0B3A07C142C81DAB47E8495A822] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.2416]
[MD5.AB511973BF2F83B77ED5C0453131742D] - (.CANON INC. - Canon Advanced Printing Technology Status M.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.exe [181696] [PID.2472]
[MD5.9A2F3368669BA93339E5A4E8226B6E44] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNABCSWK.exe [1305808] [PID.2504]
[MD5.4D241A6A8F6BA9FA32FF836551FFDCEA] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.2276]
[MD5.3E23D1F7E91627DBD44AC82077E2BA7C] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [726320] [PID.1964]
[MD5.A071CF6027E14E6C49A8CA8ED5F012CD] - (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056] [PID.2392]
[MD5.A097F470DB5D1B09CAD8C177C72FB267] - (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [130048] [PID.3084]
[MD5.FFBD5650348D4F9E0AA8E72938DC6478] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1213736] [PID.3472]
[MD5.CE9806603D3C635EA6E0BB79FE916D2E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872] [PID.3120]
[MD5.1EF5B782DC95B24710D88FD5DB6A1D14] - (...) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [108544] [PID.4620]
[MD5.2C009C50C0EE073EC0F993698CDB6C92] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8198656] [PID.2772]
[MD5.F36D18EF1E66F92094AD89D17BEF007C] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424] [PID.1864]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.2764]
[MD5.F36D18EF1E66F92094AD89D17BEF007C] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424] [PID.2788]
[MD5.53710476495886D9961BE46983A6A33F] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [79136] [PID.2832]
[MD5.A33384A5CA1CE308ABF16815AFE1873D] - (.Avira Operations GmbH & Co. KG - Avira.OE.ServiceHost.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [205104] [PID.3008]
[MD5.A328A46D87BB92CE4D8A4528E9D84787] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848] [PID.3396]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 10 Legitimates Filtered in 00mn 08s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\mhhhlyf3.default\prefs.js
M2 - MFEP: prefs.js [Seven - mhhhlyf3.default\abs@avira.com] [] Segurança do navegador Avira v1.4.6 (..)
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [Seven]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CNAP2 Launcher] . (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.exe =>.Canon Inc
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Vqwiwd] H:\RECYCLER\0xFFD12566.exe (.not file.)
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyCut] . (.Lenovo (Beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\policies\Explorer\Run: [Updates] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\svchost .exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [Vqwiwd] H:\RECYCLER\0xFFD12566.exe (.not file.)
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 10.2.0.1 10.2.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan.ciup.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk /p \??\H:) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.5C68F96DC658008E77A02EF11C4D135D] [APT] [TimeInspectorRun] (...) -- C:\Program Files (x86)\Time Inspector\TimeInspector.exe [5674608]
[MD5.00000000000000000000000000000000] [APT] [Update23] (...) -- C:\Program Files (x86)\8a984307\jusched.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2F042DAE-71C5-452D-B0CB-2CBBDEF89749}] (...) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\As0.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1062]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1066]
O39 - APT: Update23 - (...) -- C:\Windows\Tasks\Update23.job [242]
O39 - APT: Update23 - (...) -- C:\Windows\System32\Tasks\Update23 [242]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 03s
---\\ Logiciels installés (O42)
O42 - Logiciel: Time Inspector 1.4 - (...) [HKLM][64Bits] -- Time Inspector_is1
~ Logic: 22 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/04/2015 - 23:19:21 - [0] ----D C:\Program Files (x86)\8a984307
O43 - CFD: 19/08/2014 - 00:15:06 - [] ----D C:\Program Files (x86)\Time Inspector
O43 - CFD: 14/01/2015 - 12:32:54 - [] ----D C:\ProgramData\Verimatrix
O43 - CFD: 17/04/2015 - 22:45:45 - [] ----D C:\ProgramData\Windows Update
O43 - CFD: 14/07/2009 - 17:35:18 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 19/08/2014 - 00:15:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Time Inspector
O43 - CFD: 01/10/2014 - 11:50:29 - [] ----D C:\Users\Seven\AppData\Roaming\AdvertismentImages
O43 - CFD: 21/08/2014 - 19:35:32 - [0] ----D C:\Users\Seven\AppData\Roaming\FileAdvisor
O43 - CFD: 21/04/2015 - 00:18:47 - [] ----D C:\Users\Seven\AppData\Roaming\Time Inspector
~ Program Folder: 141 Legitimates Filtered in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{5bad0003-d1ef-11e3-9661-28e34702a5da}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
O51 - MPSK:{62fff661-a3fe-11e4-b671-28e34702a5da}\AutoRun\command. (...) -- H:\autorun.exe (.not file.)
O51 - MPSK:{98247464-32b6-11e4-a167-28e34702a5da}\AutoRun\command. (...) -- H:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:07/08/2013 - 07:29:24 ---A- . (.ELAN Microelectronic Corp. - ELAN SMBus Driver.) -- C:\Windows\System32\Drivers\ETDSMBus.sys [23368]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:16/08/2013 - 02:21:10 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [551936]
~ Drivers: 76 Legitimates Filtered in 00mn 01s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F16CA5F6C3D926793D3F383F2C412D3E] [SPRF][21/04/2015] (...) -- C:\Users\Seven\Desktop\cc_20150421_194250.reg [90110]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D0C96625-7227-42A0-A635-7631CF979A3C}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{38EAD39D-96D8-4BB6-8D28-908B7C7B96C5}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASAPI32 =>Rogue.PCSpeedMaximizer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASMANCS =>Rogue.PCSpeedMaximizer
~ BTK: 31 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 27/03/2015 815920 | (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
SS - | Auto 27/03/2015 1004280 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
SS - | Demand 07/06/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 19/04/2015 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/04/2015 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/12/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 27/03/2015 434424 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\sched.exe
SR - | Auto 27/03/2015 434424 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
SR - | Auto 10/04/2015 205104 | (Avira.OE.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
SR - | Auto 23/08/2007 79136 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 08/02/2014 923936 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/08/2013 339456 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (20/04/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 172038 Items scanned in 00mn 12s
---\\ Informations complémentaires sur les modules
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Applications lancées au démarrage du système (O4)
~ https://nicolascoolman.eu =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
https://nicolascoolman.eu =>Rogue.PCSpeedMaximizer
~ MSI: 1 link(s) detected in 00mn 00s
~ 651 Legitimates filtered by white list
End of the scan (482 lines in 01mn 56s)(0.11)
artaban7
Messages postés
2204
Date d'inscription
samedi 12 juillet 2014
Statut
Membre
Dernière intervention
19 août 2015
90
21 avril 2015 à 21:43
21 avril 2015 à 21:43
je vous invite à télécharger ZHP fix : https://nicolascoolman.eu
vous le lancez et dans la fenêtre vide du soft vous copier-coller le script tel quel et en entier :
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
O4 - HKCU\..\Run: [Vqwiwd] H:\RECYCLER\0xFFD12566.exe (.not file.)
O4 - HKLM\..\policies\Explorer\Run: [Updates] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\svchost .exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [Vqwiwd] H:\RECYCLER\0xFFD12566.exe (.not file.)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASMANCS
Vous devrez taper "go" puis à la fin du processus il est impératif de relancer le système...
Il faudra faire un nouveau rapport ZHPdiag après redémarrage et surtout , donnez-moi vos premières impressions à ce stade...
vous le lancez et dans la fenêtre vide du soft vous copier-coller le script tel quel et en entier :
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
O4 - HKCU\..\Run: [Vqwiwd] H:\RECYCLER\0xFFD12566.exe (.not file.)
O4 - HKLM\..\policies\Explorer\Run: [Updates] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\svchost .exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [Vqwiwd] H:\RECYCLER\0xFFD12566.exe (.not file.)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASMANCS
Vous devrez taper "go" puis à la fin du processus il est impératif de relancer le système...
Il faudra faire un nouveau rapport ZHPdiag après redémarrage et surtout , donnez-moi vos premières impressions à ce stade...
wafid0
Messages postés
5
Date d'inscription
mercredi 2 novembre 2011
Statut
Membre
Dernière intervention
21 avril 2015
21 avril 2015 à 22:25
21 avril 2015 à 22:25
Un peu mieux, effectivement mais pas vraiment comme avant, c'est dû à quoi ?
Voici le diag :
~ Rapport de ZHPDiag v2015.4.20.40 - Nicolas Coolman (20/04/2015)
~ Lancé par Seven (21/04/2015 22:22:02)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum https://nicolascoolman.eu
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v42.0.2311.90 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7TP9F
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Professional, 64-bit (Build 7600)
---\\ Logiciels de protection du système
Avira Antivirus v15.0.9.504
Windows Defender W7 (Activate)
---\\ Logiciels d'optimisation du système
CCleaner v5.04
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4008 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 184 GB (75%) free of 244 GB
---\\ Mode de connexion au système
~ Computer Name: SEVEN-PC
~ User Name: Seven
~ All Users Names: Seven, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Seven\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Seven\AppData\Roaming\
~ %Desktop% : C:\Users\Seven\Desktop\
~ %Favorites% : C:\Users\Seven\Favorites\
~ %LocalAppData% : C:\Users\Seven\AppData\Local\
~ %StartMenu% : C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 184 Go of 244 Go)
D: Hard drive, Flash drive, Thumb drive (Free 68 Go of 221 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 02:39:10.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.B1037F0131C9A010D611F6914E03CD92] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 02:41:56.) -- C:\Windows\System32\wininet.dll [1193472]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 00:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 00:24:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/3
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 2/7
~ Mon Bureau (My Desktop) : 1/6427
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 08s
---\\ Processus lancés
[MD5.5C68F96DC658008E77A02EF11C4D135D] - (.Pas de propriétaire - Time Inspector.) -- C:\Program Files (x86)\Time Inspector\TimeInspector.exe [5674608] [PID.1260]
[MD5.6FB60B441A8F326C03FD37C2B450E426] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.exe [226784] [PID.2208]
[MD5.3C62EAE05B76BA809FA1DE327922E846] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968] [PID.2276]
[MD5.86F0D0B3A07C142C81DAB47E8495A822] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.2328]
[MD5.AB511973BF2F83B77ED5C0453131742D] - (.CANON INC. - Canon Advanced Printing Technology Status M.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.exe [181696] [PID.2460]
[MD5.9A2F3368669BA93339E5A4E8226B6E44] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNABCSWK.exe [1305808] [PID.2472]
[MD5.4D241A6A8F6BA9FA32FF836551FFDCEA] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.2912]
[MD5.3E23D1F7E91627DBD44AC82077E2BA7C] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [726320] [PID.2996]
[MD5.A071CF6027E14E6C49A8CA8ED5F012CD] - (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056] [PID.3024]
[MD5.FFBD5650348D4F9E0AA8E72938DC6478] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1213736] [PID.3936]
[MD5.A097F470DB5D1B09CAD8C177C72FB267] - (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [130048] [PID.4896]
[MD5.CE9806603D3C635EA6E0BB79FE916D2E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872] [PID.5100]
[MD5.2C009C50C0EE073EC0F993698CDB6C92] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8198656] [PID.5704]
[MD5.F36D18EF1E66F92094AD89D17BEF007C] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424] [PID.1876]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.2644]
[MD5.F36D18EF1E66F92094AD89D17BEF007C] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424] [PID.2664]
[MD5.53710476495886D9961BE46983A6A33F] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [79136] [PID.2700]
[MD5.A33384A5CA1CE308ABF16815AFE1873D] - (.Avira Operations GmbH & Co. KG - Avira.OE.ServiceHost.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [205104] [PID.3004]
[MD5.A328A46D87BB92CE4D8A4528E9D84787] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848] [PID.3720]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 11 Legitimates Filtered in 00mn 09s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\mhhhlyf3.default\prefs.js
M2 - MFEP: prefs.js [Seven - mhhhlyf3.default\abs@avira.com] [] Segurança do navegador Avira v1.4.6 (..)
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [Seven]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CNAP2 Launcher] . (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.exe =>.Canon Inc
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyCut] . (.Lenovo (Beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk /p \??\H:) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.5C68F96DC658008E77A02EF11C4D135D] [APT] [TimeInspectorRun] (...) -- C:\Program Files (x86)\Time Inspector\TimeInspector.exe [5674608]
[MD5.00000000000000000000000000000000] [APT] [Update23] (...) -- C:\Program Files (x86)\8a984307\jusched.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2F042DAE-71C5-452D-B0CB-2CBBDEF89749}] (...) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\As0.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1062]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1066]
O39 - APT: Update23 - (...) -- C:\Windows\Tasks\Update23.job [242]
O39 - APT: Update23 - (...) -- C:\Windows\System32\Tasks\Update23 [242]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 02s
---\\ Logiciels installés (O42)
O42 - Logiciel: Time Inspector 1.4 - (...) [HKLM][64Bits] -- Time Inspector_is1
~ Logic: 22 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/04/2015 - 23:19:21 - [0] ----D C:\Program Files (x86)\8a984307
O43 - CFD: 19/08/2014 - 00:15:06 - [] ----D C:\Program Files (x86)\Time Inspector
O43 - CFD: 14/01/2015 - 12:32:54 - [] ----D C:\ProgramData\Verimatrix
O43 - CFD: 17/04/2015 - 22:45:45 - [] ----D C:\ProgramData\Windows Update
O43 - CFD: 14/07/2009 - 17:35:18 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 19/08/2014 - 00:15:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Time Inspector
O43 - CFD: 01/10/2014 - 11:50:29 - [] ----D C:\Users\Seven\AppData\Roaming\AdvertismentImages
O43 - CFD: 21/08/2014 - 19:35:32 - [0] ----D C:\Users\Seven\AppData\Roaming\FileAdvisor
O43 - CFD: 21/04/2015 - 22:22:39 - [] ----D C:\Users\Seven\AppData\Roaming\Time Inspector
~ Program Folder: 142 Legitimates Filtered in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{5bad0003-d1ef-11e3-9661-28e34702a5da}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
O51 - MPSK:{62fff661-a3fe-11e4-b671-28e34702a5da}\AutoRun\command. (...) -- H:\autorun.exe (.not file.)
O51 - MPSK:{98247464-32b6-11e4-a167-28e34702a5da}\AutoRun\command. (...) -- H:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:07/08/2013 - 07:29:24 ---A- . (.ELAN Microelectronic Corp. - ELAN SMBus Driver.) -- C:\Windows\System32\Drivers\ETDSMBus.sys [23368]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:16/08/2013 - 02:21:10 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [551936]
~ Drivers: 76 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: ZHPFix 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F16CA5F6C3D926793D3F383F2C412D3E] [SPRF][21/04/2015] (...) -- C:\Users\Seven\Desktop\cc_20150421_194250.reg [90110]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D0C96625-7227-42A0-A635-7631CF979A3C}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{38EAD39D-96D8-4BB6-8D28-908B7C7B96C5}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 27/03/2015 815920 | (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
SS - | Auto 27/03/2015 1004280 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
SS - | Demand 07/06/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 19/04/2015 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/04/2015 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/12/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 27/03/2015 434424 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\sched.exe
SR - | Auto 27/03/2015 434424 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
SR - | Auto 10/04/2015 205104 | (Avira.OE.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
SR - | Auto 23/08/2007 79136 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 08/02/2014 923936 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/08/2013 339456 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 07s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (20/04/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 171790 Items scanned in 00mn 13s
---\\ Informations complémentaires sur les modules
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Applications lancées au démarrage du système (O4)
~ https://nicolascoolman.eu =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s
~ 655 Legitimates filtered by white list
End of the scan (467 lines in 02mn 05s)(0.11)
Voici le diag :
~ Rapport de ZHPDiag v2015.4.20.40 - Nicolas Coolman (20/04/2015)
~ Lancé par Seven (21/04/2015 22:22:02)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum https://nicolascoolman.eu
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v42.0.2311.90 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7TP9F
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Professional, 64-bit (Build 7600)
---\\ Logiciels de protection du système
Avira Antivirus v15.0.9.504
Windows Defender W7 (Activate)
---\\ Logiciels d'optimisation du système
CCleaner v5.04
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4008 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 184 GB (75%) free of 244 GB
---\\ Mode de connexion au système
~ Computer Name: SEVEN-PC
~ User Name: Seven
~ All Users Names: Seven, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Seven\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Seven\AppData\Roaming\
~ %Desktop% : C:\Users\Seven\Desktop\
~ %Favorites% : C:\Users\Seven\Favorites\
~ %LocalAppData% : C:\Users\Seven\AppData\Local\
~ %StartMenu% : C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 184 Go of 244 Go)
D: Hard drive, Flash drive, Thumb drive (Free 68 Go of 221 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 02:39:10.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.B1037F0131C9A010D611F6914E03CD92] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 02:41:56.) -- C:\Windows\System32\wininet.dll [1193472]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 00:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 00:24:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/3
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 2/7
~ Mon Bureau (My Desktop) : 1/6427
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 08s
---\\ Processus lancés
[MD5.5C68F96DC658008E77A02EF11C4D135D] - (.Pas de propriétaire - Time Inspector.) -- C:\Program Files (x86)\Time Inspector\TimeInspector.exe [5674608] [PID.1260]
[MD5.6FB60B441A8F326C03FD37C2B450E426] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.exe [226784] [PID.2208]
[MD5.3C62EAE05B76BA809FA1DE327922E846] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968] [PID.2276]
[MD5.86F0D0B3A07C142C81DAB47E8495A822] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.2328]
[MD5.AB511973BF2F83B77ED5C0453131742D] - (.CANON INC. - Canon Advanced Printing Technology Status M.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.exe [181696] [PID.2460]
[MD5.9A2F3368669BA93339E5A4E8226B6E44] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNABCSWK.exe [1305808] [PID.2472]
[MD5.4D241A6A8F6BA9FA32FF836551FFDCEA] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.2912]
[MD5.3E23D1F7E91627DBD44AC82077E2BA7C] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [726320] [PID.2996]
[MD5.A071CF6027E14E6C49A8CA8ED5F012CD] - (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056] [PID.3024]
[MD5.FFBD5650348D4F9E0AA8E72938DC6478] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1213736] [PID.3936]
[MD5.A097F470DB5D1B09CAD8C177C72FB267] - (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [130048] [PID.4896]
[MD5.CE9806603D3C635EA6E0BB79FE916D2E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872] [PID.5100]
[MD5.2C009C50C0EE073EC0F993698CDB6C92] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8198656] [PID.5704]
[MD5.F36D18EF1E66F92094AD89D17BEF007C] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424] [PID.1876]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.2644]
[MD5.F36D18EF1E66F92094AD89D17BEF007C] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424] [PID.2664]
[MD5.53710476495886D9961BE46983A6A33F] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [79136] [PID.2700]
[MD5.A33384A5CA1CE308ABF16815AFE1873D] - (.Avira Operations GmbH & Co. KG - Avira.OE.ServiceHost.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [205104] [PID.3004]
[MD5.A328A46D87BB92CE4D8A4528E9D84787] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848] [PID.3720]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 11 Legitimates Filtered in 00mn 09s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\mhhhlyf3.default\prefs.js
M2 - MFEP: prefs.js [Seven - mhhhlyf3.default\abs@avira.com] [] Segurança do navegador Avira v1.4.6 (..)
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [Seven]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CNAP2 Launcher] . (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.exe =>.Canon Inc
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyCut] . (.Lenovo (Beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk /p \??\H:) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.5C68F96DC658008E77A02EF11C4D135D] [APT] [TimeInspectorRun] (...) -- C:\Program Files (x86)\Time Inspector\TimeInspector.exe [5674608]
[MD5.00000000000000000000000000000000] [APT] [Update23] (...) -- C:\Program Files (x86)\8a984307\jusched.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2F042DAE-71C5-452D-B0CB-2CBBDEF89749}] (...) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\As0.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1062]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1066]
O39 - APT: Update23 - (...) -- C:\Windows\Tasks\Update23.job [242]
O39 - APT: Update23 - (...) -- C:\Windows\System32\Tasks\Update23 [242]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 02s
---\\ Logiciels installés (O42)
O42 - Logiciel: Time Inspector 1.4 - (...) [HKLM][64Bits] -- Time Inspector_is1
~ Logic: 22 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/04/2015 - 23:19:21 - [0] ----D C:\Program Files (x86)\8a984307
O43 - CFD: 19/08/2014 - 00:15:06 - [] ----D C:\Program Files (x86)\Time Inspector
O43 - CFD: 14/01/2015 - 12:32:54 - [] ----D C:\ProgramData\Verimatrix
O43 - CFD: 17/04/2015 - 22:45:45 - [] ----D C:\ProgramData\Windows Update
O43 - CFD: 14/07/2009 - 17:35:18 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 19/08/2014 - 00:15:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Time Inspector
O43 - CFD: 01/10/2014 - 11:50:29 - [] ----D C:\Users\Seven\AppData\Roaming\AdvertismentImages
O43 - CFD: 21/08/2014 - 19:35:32 - [0] ----D C:\Users\Seven\AppData\Roaming\FileAdvisor
O43 - CFD: 21/04/2015 - 22:22:39 - [] ----D C:\Users\Seven\AppData\Roaming\Time Inspector
~ Program Folder: 142 Legitimates Filtered in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{5bad0003-d1ef-11e3-9661-28e34702a5da}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
O51 - MPSK:{62fff661-a3fe-11e4-b671-28e34702a5da}\AutoRun\command. (...) -- H:\autorun.exe (.not file.)
O51 - MPSK:{98247464-32b6-11e4-a167-28e34702a5da}\AutoRun\command. (...) -- H:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:07/08/2013 - 07:29:24 ---A- . (.ELAN Microelectronic Corp. - ELAN SMBus Driver.) -- C:\Windows\System32\Drivers\ETDSMBus.sys [23368]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:16/08/2013 - 02:21:10 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [551936]
~ Drivers: 76 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: ZHPFix 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F16CA5F6C3D926793D3F383F2C412D3E] [SPRF][21/04/2015] (...) -- C:\Users\Seven\Desktop\cc_20150421_194250.reg [90110]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D0C96625-7227-42A0-A635-7631CF979A3C}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{38EAD39D-96D8-4BB6-8D28-908B7C7B96C5}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 27/03/2015 815920 | (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
SS - | Auto 27/03/2015 1004280 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
SS - | Demand 07/06/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 19/04/2015 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/04/2015 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/12/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 27/03/2015 434424 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\sched.exe
SR - | Auto 27/03/2015 434424 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
SR - | Auto 10/04/2015 205104 | (Avira.OE.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
SR - | Auto 23/08/2007 79136 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 08/02/2014 923936 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/08/2013 339456 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 07s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (20/04/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 171790 Items scanned in 00mn 13s
---\\ Informations complémentaires sur les modules
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Applications lancées au démarrage du système (O4)
~ https://nicolascoolman.eu =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s
~ 655 Legitimates filtered by white list
End of the scan (467 lines in 02mn 05s)(0.11)
artaban7
Messages postés
2204
Date d'inscription
samedi 12 juillet 2014
Statut
Membre
Dernière intervention
19 août 2015
90
Modifié par artaban7 le 21/04/2015 à 22:50
Modifié par artaban7 le 21/04/2015 à 22:50
J'ai supprimé quelques malwares...
tu peux passer ces deux logiciels :
1)ZHP cleaner sur ce lien : https://nicolascoolman.eu
Faites un scan et un nettoyage ....
2) ADWcleaner , ici : https://nicolascoolman.eu
Là aussi scan et nettoyage et bien sur redémarrage :) puis nouveau Diag....
Est-ce que les problèmes sont apparus d'un coup ou après un téléchargement P2P ?
tu peux passer ces deux logiciels :
1)ZHP cleaner sur ce lien : https://nicolascoolman.eu
Faites un scan et un nettoyage ....
2) ADWcleaner , ici : https://nicolascoolman.eu
Là aussi scan et nettoyage et bien sur redémarrage :) puis nouveau Diag....
Est-ce que les problèmes sont apparus d'un coup ou après un téléchargement P2P ?
wafid0
Messages postés
5
Date d'inscription
mercredi 2 novembre 2011
Statut
Membre
Dernière intervention
21 avril 2015
21 avril 2015 à 23:41
21 avril 2015 à 23:41
Je pense, effectivement, que c'est au décours d'un téléchargement P2P.
Voici le diag :
~ Rapport de ZHPDiag v2015.4.20.40 - Nicolas Coolman (20/04/2015)
~ Lancé par Seven (21/04/2015 23:38:00)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum https://nicolascoolman.eu
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v42.0.2311.90 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7TP9F
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Professional, 64-bit (Build 7600)
---\\ Logiciels de protection du système
Avira Antivirus v15.0.9.504
Windows Defender W7 (Activate)
---\\ Logiciels d'optimisation du système
CCleaner v5.04
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4008 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 184 GB (75%) free of 244 GB
---\\ Mode de connexion au système
~ Computer Name: SEVEN-PC
~ User Name: Seven
~ All Users Names: Seven, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Seven\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Seven\AppData\Roaming\
~ %Desktop% : C:\Users\Seven\Desktop\
~ %Favorites% : C:\Users\Seven\Favorites\
~ %LocalAppData% : C:\Users\Seven\AppData\Local\
~ %StartMenu% : C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 184 Go of 244 Go)
D: Hard drive, Flash drive, Thumb drive (Free 68 Go of 221 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 02:39:10.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.B1037F0131C9A010D611F6914E03CD92] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 02:41:56.) -- C:\Windows\System32\wininet.dll [1193472]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 00:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 00:24:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/3
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 2/6
~ Mon Bureau (My Desktop) : 1/6429
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 09s
---\\ Processus lancés
[MD5.5C68F96DC658008E77A02EF11C4D135D] - (.Pas de propriétaire - Time Inspector.) -- C:\Program Files (x86)\Time Inspector\TimeInspector.exe [5674608] [PID.2004]
[MD5.6FB60B441A8F326C03FD37C2B450E426] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.exe [226784] [PID.2244]
[MD5.3C62EAE05B76BA809FA1DE327922E846] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968] [PID.2364]
[MD5.86F0D0B3A07C142C81DAB47E8495A822] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.2392]
[MD5.AB511973BF2F83B77ED5C0453131742D] - (.CANON INC. - Canon Advanced Printing Technology Status M.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.exe [181696] [PID.2488]
[MD5.9A2F3368669BA93339E5A4E8226B6E44] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNABCSWK.exe [1305808] [PID.2548]
[MD5.4D241A6A8F6BA9FA32FF836551FFDCEA] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.2644]
[MD5.3E23D1F7E91627DBD44AC82077E2BA7C] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [726320] [PID.2956]
[MD5.A071CF6027E14E6C49A8CA8ED5F012CD] - (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056] [PID.2968]
[MD5.A097F470DB5D1B09CAD8C177C72FB267] - (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [130048] [PID.3140]
[MD5.FFBD5650348D4F9E0AA8E72938DC6478] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1213736] [PID.3092]
[MD5.CE9806603D3C635EA6E0BB79FE916D2E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872] [PID.4004]
[MD5.2C009C50C0EE073EC0F993698CDB6C92] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8198656] [PID.6080]
[MD5.F36D18EF1E66F92094AD89D17BEF007C] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424] [PID.1852]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.2592]
[MD5.F36D18EF1E66F92094AD89D17BEF007C] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424] [PID.2740]
[MD5.53710476495886D9961BE46983A6A33F] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [79136] [PID.2780]
[MD5.A33384A5CA1CE308ABF16815AFE1873D] - (.Avira Operations GmbH & Co. KG - Avira.OE.ServiceHost.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [205104] [PID.2944]
[MD5.A328A46D87BB92CE4D8A4528E9D84787] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848] [PID.3104]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 11 Legitimates Filtered in 00mn 10s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\mhhhlyf3.default\prefs.js
M2 - MFEP: prefs.js [Seven - mhhhlyf3.default\abs@avira.com] [] Segurança do navegador Avira v1.4.6 (..)
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [Seven]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 05s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CNAP2 Launcher] . (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.exe =>.Canon Inc
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyCut] . (.Lenovo (Beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk /p \??\H:) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.5C68F96DC658008E77A02EF11C4D135D] [APT] [TimeInspectorRun] (...) -- C:\Program Files (x86)\Time Inspector\TimeInspector.exe [5674608]
[MD5.00000000000000000000000000000000] [APT] [Update23] (...) -- C:\Program Files (x86)\8a984307\jusched.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2F042DAE-71C5-452D-B0CB-2CBBDEF89749}] (...) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\As0.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1062]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1066]
O39 - APT: Update23 - (...) -- C:\Windows\Tasks\Update23.job [242]
O39 - APT: Update23 - (...) -- C:\Windows\System32\Tasks\Update23 [242]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 03s
---\\ Logiciels installés (O42)
O42 - Logiciel: Time Inspector 1.4 - (...) [HKLM][64Bits] -- Time Inspector_is1
~ Logic: 22 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/04/2015 - 23:19:21 - [0] ----D C:\Program Files (x86)\8a984307
O43 - CFD: 19/08/2014 - 00:15:06 - [] ----D C:\Program Files (x86)\Time Inspector
O43 - CFD: 14/01/2015 - 12:32:54 - [] ----D C:\ProgramData\Verimatrix
O43 - CFD: 17/04/2015 - 22:45:45 - [] ----D C:\ProgramData\Windows Update
O43 - CFD: 14/07/2009 - 17:35:18 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 19/08/2014 - 00:15:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Time Inspector
O43 - CFD: 01/10/2014 - 11:50:29 - [] ----D C:\Users\Seven\AppData\Roaming\AdvertismentImages
O43 - CFD: 21/08/2014 - 19:35:32 - [0] ----D C:\Users\Seven\AppData\Roaming\FileAdvisor
O43 - CFD: 21/04/2015 - 23:38:03 - [] ----D C:\Users\Seven\AppData\Roaming\Time Inspector
~ Program Folder: 140 Legitimates Filtered in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{5bad0003-d1ef-11e3-9661-28e34702a5da}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
O51 - MPSK:{62fff661-a3fe-11e4-b671-28e34702a5da}\AutoRun\command. (...) -- H:\autorun.exe (.not file.)
O51 - MPSK:{98247464-32b6-11e4-a167-28e34702a5da}\AutoRun\command. (...) -- H:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:07/08/2013 - 07:29:24 ---A- . (.ELAN Microelectronic Corp. - ELAN SMBus Driver.) -- C:\Windows\System32\Drivers\ETDSMBus.sys [23368]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:16/08/2013 - 02:21:10 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [551936]
~ Drivers: 76 Legitimates Filtered in 00mn 01s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: ZHPFix 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F16CA5F6C3D926793D3F383F2C412D3E] [SPRF][21/04/2015] (...) -- C:\Users\Seven\Desktop\cc_20150421_194250.reg [90110]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D0C96625-7227-42A0-A635-7631CF979A3C}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{38EAD39D-96D8-4BB6-8D28-908B7C7B96C5}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 27/03/2015 815920 | (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
SS - | Auto 27/03/2015 1004280 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
SS - | Demand 07/06/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 19/04/2015 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/04/2015 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/12/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 27/03/2015 434424 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\sched.exe
SR - | Auto 27/03/2015 434424 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
SR - | Auto 10/04/2015 205104 | (Avira.OE.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
SR - | Auto 23/08/2007 79136 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 08/02/2014 923936 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/08/2013 339456 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (20/04/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 172774 Items scanned in 00mn 15s
---\\ Informations complémentaires sur les modules
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Applications lancées au démarrage du système (O4)
~ https://nicolascoolman.eu =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s
~ 654 Legitimates filtered by white list
End of the scan (464 lines in 02mn 22s)(0.11)
Voici le diag :
~ Rapport de ZHPDiag v2015.4.20.40 - Nicolas Coolman (20/04/2015)
~ Lancé par Seven (21/04/2015 23:38:00)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum https://nicolascoolman.eu
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v42.0.2311.90 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7TP9F
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Professional, 64-bit (Build 7600)
---\\ Logiciels de protection du système
Avira Antivirus v15.0.9.504
Windows Defender W7 (Activate)
---\\ Logiciels d'optimisation du système
CCleaner v5.04
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4008 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 184 GB (75%) free of 244 GB
---\\ Mode de connexion au système
~ Computer Name: SEVEN-PC
~ User Name: Seven
~ All Users Names: Seven, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Seven\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Seven\AppData\Roaming\
~ %Desktop% : C:\Users\Seven\Desktop\
~ %Favorites% : C:\Users\Seven\Favorites\
~ %LocalAppData% : C:\Users\Seven\AppData\Local\
~ %StartMenu% : C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 184 Go of 244 Go)
D: Hard drive, Flash drive, Thumb drive (Free 68 Go of 221 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 02:39:10.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.B1037F0131C9A010D611F6914E03CD92] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 02:41:56.) -- C:\Windows\System32\wininet.dll [1193472]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 00:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 00:24:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/3
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 2/6
~ Mon Bureau (My Desktop) : 1/6429
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 09s
---\\ Processus lancés
[MD5.5C68F96DC658008E77A02EF11C4D135D] - (.Pas de propriétaire - Time Inspector.) -- C:\Program Files (x86)\Time Inspector\TimeInspector.exe [5674608] [PID.2004]
[MD5.6FB60B441A8F326C03FD37C2B450E426] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.exe [226784] [PID.2244]
[MD5.3C62EAE05B76BA809FA1DE327922E846] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968] [PID.2364]
[MD5.86F0D0B3A07C142C81DAB47E8495A822] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.2392]
[MD5.AB511973BF2F83B77ED5C0453131742D] - (.CANON INC. - Canon Advanced Printing Technology Status M.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.exe [181696] [PID.2488]
[MD5.9A2F3368669BA93339E5A4E8226B6E44] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNABCSWK.exe [1305808] [PID.2548]
[MD5.4D241A6A8F6BA9FA32FF836551FFDCEA] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.2644]
[MD5.3E23D1F7E91627DBD44AC82077E2BA7C] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [726320] [PID.2956]
[MD5.A071CF6027E14E6C49A8CA8ED5F012CD] - (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056] [PID.2968]
[MD5.A097F470DB5D1B09CAD8C177C72FB267] - (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [130048] [PID.3140]
[MD5.FFBD5650348D4F9E0AA8E72938DC6478] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1213736] [PID.3092]
[MD5.CE9806603D3C635EA6E0BB79FE916D2E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872] [PID.4004]
[MD5.2C009C50C0EE073EC0F993698CDB6C92] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8198656] [PID.6080]
[MD5.F36D18EF1E66F92094AD89D17BEF007C] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424] [PID.1852]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.2592]
[MD5.F36D18EF1E66F92094AD89D17BEF007C] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424] [PID.2740]
[MD5.53710476495886D9961BE46983A6A33F] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [79136] [PID.2780]
[MD5.A33384A5CA1CE308ABF16815AFE1873D] - (.Avira Operations GmbH & Co. KG - Avira.OE.ServiceHost.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [205104] [PID.2944]
[MD5.A328A46D87BB92CE4D8A4528E9D84787] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848] [PID.3104]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 11 Legitimates Filtered in 00mn 10s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\mhhhlyf3.default\prefs.js
M2 - MFEP: prefs.js [Seven - mhhhlyf3.default\abs@avira.com] [] Segurança do navegador Avira v1.4.6 (..)
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [Seven]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 05s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CNAP2 Launcher] . (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.exe =>.Canon Inc
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyCut] . (.Lenovo (Beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk /p \??\H:) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.5C68F96DC658008E77A02EF11C4D135D] [APT] [TimeInspectorRun] (...) -- C:\Program Files (x86)\Time Inspector\TimeInspector.exe [5674608]
[MD5.00000000000000000000000000000000] [APT] [Update23] (...) -- C:\Program Files (x86)\8a984307\jusched.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2F042DAE-71C5-452D-B0CB-2CBBDEF89749}] (...) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\As0.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1062]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1066]
O39 - APT: Update23 - (...) -- C:\Windows\Tasks\Update23.job [242]
O39 - APT: Update23 - (...) -- C:\Windows\System32\Tasks\Update23 [242]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 03s
---\\ Logiciels installés (O42)
O42 - Logiciel: Time Inspector 1.4 - (...) [HKLM][64Bits] -- Time Inspector_is1
~ Logic: 22 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/04/2015 - 23:19:21 - [0] ----D C:\Program Files (x86)\8a984307
O43 - CFD: 19/08/2014 - 00:15:06 - [] ----D C:\Program Files (x86)\Time Inspector
O43 - CFD: 14/01/2015 - 12:32:54 - [] ----D C:\ProgramData\Verimatrix
O43 - CFD: 17/04/2015 - 22:45:45 - [] ----D C:\ProgramData\Windows Update
O43 - CFD: 14/07/2009 - 17:35:18 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 19/08/2014 - 00:15:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Time Inspector
O43 - CFD: 01/10/2014 - 11:50:29 - [] ----D C:\Users\Seven\AppData\Roaming\AdvertismentImages
O43 - CFD: 21/08/2014 - 19:35:32 - [0] ----D C:\Users\Seven\AppData\Roaming\FileAdvisor
O43 - CFD: 21/04/2015 - 23:38:03 - [] ----D C:\Users\Seven\AppData\Roaming\Time Inspector
~ Program Folder: 140 Legitimates Filtered in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{5bad0003-d1ef-11e3-9661-28e34702a5da}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
O51 - MPSK:{62fff661-a3fe-11e4-b671-28e34702a5da}\AutoRun\command. (...) -- H:\autorun.exe (.not file.)
O51 - MPSK:{98247464-32b6-11e4-a167-28e34702a5da}\AutoRun\command. (...) -- H:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:07/08/2013 - 07:29:24 ---A- . (.ELAN Microelectronic Corp. - ELAN SMBus Driver.) -- C:\Windows\System32\Drivers\ETDSMBus.sys [23368]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:16/08/2013 - 02:21:10 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [551936]
~ Drivers: 76 Legitimates Filtered in 00mn 01s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: ZHPFix 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F16CA5F6C3D926793D3F383F2C412D3E] [SPRF][21/04/2015] (...) -- C:\Users\Seven\Desktop\cc_20150421_194250.reg [90110]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D0C96625-7227-42A0-A635-7631CF979A3C}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{38EAD39D-96D8-4BB6-8D28-908B7C7B96C5}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 27/03/2015 815920 | (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
SS - | Auto 27/03/2015 1004280 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
SS - | Demand 07/06/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 19/04/2015 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/04/2015 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/12/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 27/03/2015 434424 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\sched.exe
SR - | Auto 27/03/2015 434424 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
SR - | Auto 10/04/2015 205104 | (Avira.OE.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
SR - | Auto 23/08/2007 79136 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 08/02/2014 923936 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/08/2013 339456 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (20/04/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 172774 Items scanned in 00mn 15s
---\\ Informations complémentaires sur les modules
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Applications lancées au démarrage du système (O4)
~ https://nicolascoolman.eu =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s
~ 654 Legitimates filtered by white list
End of the scan (464 lines in 02mn 22s)(0.11)
21 avril 2015 à 21:37
~ Lancé par Seven (21/04/2015 21:28:48)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum https://nicolascoolman.eu
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v42.0.2311.90 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7TP9F
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Professional, 64-bit (Build 7600)
---\\ Logiciels de protection du système
Avira Antivirus v15.0.9.504
Windows Defender W7 (Activate)
---\\ Logiciels d'optimisation du système
CCleaner v5.04
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4008 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 184 GB (75%) free of 244 GB
---\\ Mode de connexion au système
~ Computer Name: SEVEN-PC
~ User Name: Seven
~ All Users Names: Seven, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Seven\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Seven\AppData\Roaming\
~ %Desktop% : C:\Users\Seven\Desktop\
~ %Favorites% : C:\Users\Seven\Favorites\
~ %LocalAppData% : C:\Users\Seven\AppData\Local\
~ %StartMenu% : C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 184 Go of 244 Go)
D: Hard drive, Flash drive, Thumb drive (Free 68 Go of 221 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 02:39:10.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.B1037F0131C9A010D611F6914E03CD92] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 02:41:56.) -- C:\Windows\System32\wininet.dll [1193472]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 00:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 00:24:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/3
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 2/7
~ Mon Bureau (My Desktop) : 1/6426
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 06s
---\\ Processus lancés
[MD5.6FB60B441A8F326C03FD37C2B450E426] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.exe [226784] [PID.2116]
[MD5.3C62EAE05B76BA809FA1DE327922E846] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968] [PID.2408]
[MD5.86F0D0B3A07C142C81DAB47E8495A822] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.2416]
[MD5.AB511973BF2F83B77ED5C0453131742D] - (.CANON INC. - Canon Advanced Printing Technology Status M.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.exe [181696] [PID.2472]
[MD5.9A2F3368669BA93339E5A4E8226B6E44] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNABCSWK.exe [1305808] [PID.2504]
[MD5.4D241A6A8F6BA9FA32FF836551FFDCEA] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.2276]
[MD5.3E23D1F7E91627DBD44AC82077E2BA7C] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [726320] [PID.1964]
[MD5.A071CF6027E14E6C49A8CA8ED5F012CD] - (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056] [PID.2392]
[MD5.A097F470DB5D1B09CAD8C177C72FB267] - (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [130048] [PID.3084]
[MD5.FFBD5650348D4F9E0AA8E72938DC6478] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1213736] [PID.3472]
[MD5.CE9806603D3C635EA6E0BB79FE916D2E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872] [PID.3120]
[MD5.1EF5B782DC95B24710D88FD5DB6A1D14] - (...) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [108544] [PID.4620]
[MD5.2C009C50C0EE073EC0F993698CDB6C92] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8198656] [PID.2772]
[MD5.F36D18EF1E66F92094AD89D17BEF007C] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424] [PID.1864]
[MD5.FC5B75CA6A1DA31EDD4F8D53F5540B98] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088] [PID.2764]
[MD5.F36D18EF1E66F92094AD89D17BEF007C] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424] [PID.2788]
[MD5.53710476495886D9961BE46983A6A33F] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [79136] [PID.2832]
[MD5.A33384A5CA1CE308ABF16815AFE1873D] - (.Avira Operations GmbH & Co. KG - Avira.OE.ServiceHost.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [205104] [PID.3008]
[MD5.A328A46D87BB92CE4D8A4528E9D84787] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848] [PID.3396]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 10 Legitimates Filtered in 00mn 08s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Seven\AppData\Roaming\Mozilla\Firefox\Profiles\mhhhlyf3.default\prefs.js
M2 - MFEP: prefs.js [Seven - mhhhlyf3.default\abs@avira.com] [] Segurança do navegador Avira v1.4.6 (..)
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [Seven]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CNAP2 Launcher] . (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.exe =>.Canon Inc
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Vqwiwd] H:\RECYCLER\0xFFD12566.exe (.not file.)
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
O4 - HKLM\..\Wow6432Node\Run: [EnergyCut] . (.Lenovo (Beijing) Limited - Lenovo Power Management Software.) -- C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
O4 - HKLM\..\policies\Explorer\Run: [Updates] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\svchost .exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [Vqwiwd] H:\RECYCLER\0xFFD12566.exe (.not file.)
O4 - HKUS\S-1-5-21-2834863134-3765862244-292353662-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{09791A5F-5A86-4518-8007-DF05A33D1111}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{11E35E54-10EF-4BD1-96C5-92BF5A090EB2}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{2E935B81-7778-4D86-83FA-2C62EDD2AC25}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{31AEE1A0-1AB9-4549-B8A0-C3F277F62EF4}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{3575C27B-68D6-459B-990D-CD3CFE14F977}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{35BA8E96-B10D-44BB-99B7-6053E665ACE7}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{360BF97F-8AC4-4BAA-B1A0-6EA5749EC95A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{42554787-21F3-4938-B8D6-61C244D74E0A}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{6F966F67-F712-4EB1-9D67-E8D120B2B2D0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{72677FF6-20AB-4C15-91CA-DFDDA78A1DF6}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{84452EF9-9B30-4C50-937C-02F586277940}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{9F8FA8F9-945C-4401-92E5-8F584BCE8962}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{AB4A7B55-2203-464C-AF1D-DD70B73657A8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{B6684AD9-65F9-4FE7-A4B7-2732E4AD3E49}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{D44F6007-056B-4A84-9568-8B9E1CA9CACC}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{DDC9EE16-43E5-4A27-A66E-FCA15FCAD5FD}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{E6A5A6D5-FBAC-4ECE-BB22-AA08BC55CFE8}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{F4C8696B-400A-4425-B925-75B1F663A344}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7A8BDFF-01F9-4E9B-B355-BAFB501E9086}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: NameServer = 80.118.196.42,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpNameServer = 10.2.0.1 10.2.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC65E344-B4A2-45F8-9DB0-EC530F43B3A0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D466E2-6672-4D61-A8AF-B30D894046ED}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{F7DE2FE4-87EB-484D-A970-BF8BA4A436B0}: DhcpDomain = lan.ciup.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk /p \??\H:) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.5C68F96DC658008E77A02EF11C4D135D] [APT] [TimeInspectorRun] (...) -- C:\Program Files (x86)\Time Inspector\TimeInspector.exe [5674608]
[MD5.00000000000000000000000000000000] [APT] [Update23] (...) -- C:\Program Files (x86)\8a984307\jusched.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2F042DAE-71C5-452D-B0CB-2CBBDEF89749}] (...) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\As0.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1062]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1066]
O39 - APT: Update23 - (...) -- C:\Windows\Tasks\Update23.job [242]
O39 - APT: Update23 - (...) -- C:\Windows\System32\Tasks\Update23 [242]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 03s
---\\ Logiciels installés (O42)
O42 - Logiciel: Time Inspector 1.4 - (...) [HKLM][64Bits] -- Time Inspector_is1
~ Logic: 22 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/04/2015 - 23:19:21 - [0] ----D C:\Program Files (x86)\8a984307
O43 - CFD: 19/08/2014 - 00:15:06 - [] ----D C:\Program Files (x86)\Time Inspector
O43 - CFD: 14/01/2015 - 12:32:54 - [] ----D C:\ProgramData\Verimatrix
O43 - CFD: 17/04/2015 - 22:45:45 - [] ----D C:\ProgramData\Windows Update
O43 - CFD: 14/07/2009 - 17:35:18 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 19/08/2014 - 00:15:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Time Inspector
O43 - CFD: 01/10/2014 - 11:50:29 - [] ----D C:\Users\Seven\AppData\Roaming\AdvertismentImages
O43 - CFD: 21/08/2014 - 19:35:32 - [0] ----D C:\Users\Seven\AppData\Roaming\FileAdvisor
O43 - CFD: 21/04/2015 - 00:18:47 - [] ----D C:\Users\Seven\AppData\Roaming\Time Inspector
~ Program Folder: 141 Legitimates Filtered in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{5bad0003-d1ef-11e3-9661-28e34702a5da}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
O51 - MPSK:{62fff661-a3fe-11e4-b671-28e34702a5da}\AutoRun\command. (...) -- H:\autorun.exe (.not file.)
O51 - MPSK:{98247464-32b6-11e4-a167-28e34702a5da}\AutoRun\command. (...) -- H:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:07/08/2013 - 07:29:24 ---A- . (.ELAN Microelectronic Corp. - ELAN SMBus Driver.) -- C:\Windows\System32\Drivers\ETDSMBus.sys [23368]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:16/08/2013 - 02:21:10 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [551936]
~ Drivers: 76 Legitimates Filtered in 00mn 01s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F16CA5F6C3D926793D3F383F2C412D3E] [SPRF][21/04/2015] (...) -- C:\Users\Seven\Desktop\cc_20150421_194250.reg [90110]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D0C96625-7227-42A0-A635-7631CF979A3C}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{38EAD39D-96D8-4BB6-8D28-908B7C7B96C5}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Seven\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASAPI32 =>Rogue.PCSpeedMaximizer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCSpeedMaximizer_RASMANCS =>Rogue.PCSpeedMaximizer
~ BTK: 31 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 27/03/2015 815920 | (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
SS - | Auto 27/03/2015 1004280 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
SS - | Demand 07/06/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 19/04/2015 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/04/2015 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/12/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 27/03/2015 434424 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\sched.exe
SR - | Auto 27/03/2015 434424 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
SR - | Auto 10/04/2015 205104 | (Avira.OE.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
SR - | Auto 23/08/2007 79136 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 08/02/2014 923936 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/08/2013 339456 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (20/04/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 172038 Items scanned in 00mn 12s
---\\ Informations complémentaires sur les modules
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Applications lancées au démarrage du système (O4)
~ https://nicolascoolman.eu =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
https://nicolascoolman.eu =>Rogue.PCSpeedMaximizer
~ MSI: 1 link(s) detected in 00mn 00s
~ 651 Legitimates filtered by white list
End of the scan (482 lines in 01mn 56s)(0.11)