Aller au contenu

moebuis

Membres
  • Compteur de contenus

    78
  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Français anglais

moebuis's Achievements

Member

Member (4/12)

1

Réputation sur la communauté

  1. Bonjour, J'ai un pc windows 7. Il a eu un virus recemment corrigé via le forum analyse & eradication malware. Par contre windows n'affiche plus une alerte lorsque la batterie est faible. Un conseil docteur? Cordialement Moebuis
  2. Salut Appolo, D'abord un grand merci pour tout ce travail, c'est super!!!! j'ai lancé delfix et supprimé les differents outils qui restait du bureau. La machine marche bien. Un detail, je n'ai plus de notification lorsque la batterie est épuisée et le PC s'éteint sans warning. Une petite modif a faire ? A+ Moebuis
  3. Voila Apollo les deux rapports -|x| RstHosts v2.0 - Rapport créé le 02/02/2015 à 22:32:21 -|x| Système d'exploitation : Windows 7 Enterprise Service Pack 1 (64 bits) -|x| Nom d'utilisateur : agiraud - AGIRAUD2 (Administrateur) -|x|- Informations -|x|- Emplacement : C:\Windows\System32\drivers\etc\hosts Attribut(s) : RASH Propriétaire : Administrators - BUILTIN Taille : 89 bytes Date de création : 14/07/2009 - 03:34:48 Date de modification : 02/02/2015 - 22:32:11 Date de dernier accès : 02/02/2015 - 22:32:11 -|x|- Contenu du fichier -|x|- # Fichier Hosts créé par RstHosts 127.0.0.1 localhost ::1 localhost -|x|- E.O.F - C:\RstHosts.txt - 624 bytes -|x|- Rapport de ZHPFix 2015.1.15.1 par Nicolas Coolman, Update du 15/01/2015 Fichier d'export Registre : Run by agiraud at 2/2/2015 10:35:05 PM High Elevated Privileges : OK Windows 7 Enterprise Edition, 64-bit Service Pack 1 (Build 7601) Recycle Bin emptied (03mn AMs) Prefetcher emptied Repair of browser shortcuts ========== Registry keys ========== REMOVES: HKLM\Software\Classes\com.hp.watson.datamodel.SearchQuoteReq REMOVES: HKLM\Software\Classes\com.hp.watson.datamodel.SearchQuoteRes Basis of registers IFEO branch non-infected ! ========== Registry values ========== REMOVES RunValue: update ProxyFix : Proxy configuration successfully removed REMOVES ProxyServer Value REMOVES ProxyEnable Value REMOVES EnableHttp1_1 Value REMOVES ProxyHttp1.1 Value REMOVES ProxyOverride Value ABSENT value Domain Profile: FirewallRaz : REMOVES: FirewallRaz (Private) : {90E596D3-B189-469F-A500-D01A3CA5CF6C} REMOVES: FirewallRaz (Private) : {A7496A2A-51A0-4FAB-A951-F7B3FA6868A8} REMOVES: FirewallRaz (Domain) : {909D0F32-C4B0-4BAE-9DEB-380DFB53FA1B} REMOVES: FirewallRaz (Domain) : {AB924A40-F18F-4275-A1E3-1DCE2D31C244} REMOVES: FirewallRaz (Domain) : {6B4B446D-1567-4B3D-880B-E392EF279E59} REMOVES: FirewallRaz (Domain) : {3221C355-2766-4174-8ADE-B83C3CB09EF2} ========== Folders ========== No folders empty CLSID Local user Deletes temporary Windows (24) REMOVES Flash Cookies (0) ========== Files ========== Deletes temporary Windows (184) (174,647,882 octets) REMOVES Flash Cookies (0) (0 octets) ========== HOSTS file ========== The Hosts file is not repaired, please disable your antivirus software. ========== Summary ========== 3 : Registry keys 14 : Registry values 3 : Folders 2 : Files 1 : HOSTS file End of clean in 10mn AMs ========== Path to file report ========== C:\Users\agiraud\AppData\Roaming\ZHP\ZHPFix[R1].txt - 2/2/2015 10:35:09 PM [1840]
  4. Bonjour Appolo, le rapport ZHPDiag.txt sur cjoint: http://cjoint.com/?EBbwMKPyX50 Cordialement Moebuis
  5. Bonjour Appolo Je suis encore en train de mettre a jour qq logiciels. Voici le rapport zHPDiag: ~ Report of ZHPDiag v2015.1.27.10 - Nicolas Coolman (1/27/2015) ~ Launched by agiraud (1/30/2015 8:12:12 PM) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Web forum address : http://forum.nicolascoolman.fr ~ Translated by ~ Version State : New version available ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Deactivate by user ---\\ Internet browsers MSIE: Internet Explorer v11.0.9600.17420 MFIE: Mozilla Firefox 29.0.1 (Defaut) GCIE: Google Chrome v40.0.2214.93 ---\\ Windows product information ~ Langage: Anglais Windows 7 Enterprise, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows Operating System - Windows® 7, VOLUME_KMSCLIENT channel Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System protection software Malwarebytes Anti-Malware version 2.0.4.1028 McAfee VirusScan Enterprise v8.8.04001 Windows Defender W7 (Deactivate) ---\\ System optimization software CCleaner v4.05 ---\\ Sharing software PeerToPeer ---\\ Surveillance software Adobe Flash Player 15 Plugin Adobe Reader XI ---\\ Information on the system ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 8142.3 MB (46% free) System Restore: Activé (Enable) System drive C: has 101 GB (21%) free of 466 GB ---\\ Connection to the system mode ~ Computer Name: AGIRAUD2 ~ User Name: agiraud ~ All Users Names: hpguest, hpadmin, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as User ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\agiraud\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\agiraud\AppData\Roaming\ ~ %Desktop% : C:\Users\agiraud\Desktop\ ~ %Favorites% : C:\Users\agiraud\Favorites\ ~ %LocalAppData% : C:\Users\agiraud\AppData\Local\ ~ %StartMenu% : C:\Users\agiraud\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 101 Go of 466 Go) D: CD-ROM drive (Not Inserted) ---\\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified ~ Security Center: 49 Legitimates Filtered in 00mn AMs ---\\ Search Generic System Files [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 7:19:30 AM.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/14/2009 - 2:39:52 AM.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.6FC2819A4F80AAB2DADEDFC1EFEE3C3F] - (.Microsoft Corporation - Internet Extensions for Win32.) (.11/6/2014 - 3:17:24 AM.) -- C:\Windows\System32\wininet.dll [2365440] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.11/21/2010 - 4:24:29 AM.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.11/21/2010 - 4:24:16 AM.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.BDF76C3CE993FFB6214287272708364F] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.5/30/2014 - 7:41:14 AM.) -- C:\Windows\system32\Drivers\AFD.sys [496640] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 2:52:21 AM.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 12:19:47 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/21/2010 - 4:23:47 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.A61E76AA38582730CEFA51B78B3184B2] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.10/18/2012 - 6:54:08 PM.) -- C:\Windows\system32\Drivers\DfsC.sys [102912] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/21/2010 - 4:23:47 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.7/14/2009 - 12:19:57 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 1:10:03 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.631EC673CD9115AA5A3570E7C092A410] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.10/18/2012 - 6:55:24 PM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.11/21/2010 - 4:23:51 AM.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.6082957F35B3DDE9A738EA9F74BE5448] - (.Microsoft Corporation - NT File System Driver.) (.10/18/2012 - 11:00:19 PM.) -- C:\Windows\system32\Drivers\ntfs.sys [1687896] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.7/14/2009 - 1:00:41 AM.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/21/2010 - 4:24:33 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/21/2010 - 4:25:07 AM.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 1:09:09 AM.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.11/21/2010 - 4:24:32 AM.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.DF83AA1C4278E2C0E36C0479C1555A9C] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.10/18/2012 - 11:00:26 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [296808] ~ Generic Processes: Scanned in 00mn AMs ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 2/2297 ~ Mes musiques (My Musics) : 3/7 ~ Mes Videos (My Videos) : 1/48 ~ Mes Favoris (My Favorites) : 1/131 ~ Mes Documents (My Documents) : 2/112514 ~ Mon Bureau (My Desktop) : 1/32 ~ Menu demarrer (Programs) : 1/45 ~ Hidden Files: Scanned in 11mn AMs ---\\ Process running [MD5.C3A05B3CC17A3DCBCB5D2998CF025D49] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe [720064] [PID.6468] [MD5.449175DFA4D6FBB3E7F177D080A0A0A4] - (.Hewlett-Packard Company - UpdateAgent.exe.) -- C:\Trilogy\lib\UpdateAgent.exe [188416] [PID.6784] [MD5.325E48C07245F0A92CCB85E1F10EE1B7] - (.WinZip Computing, S.L. - WinZip Executable.) -- C:\Program Files\WinZip\WZQKPICK32.exe [603536] [PID.4660] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\RunDll32.exe [0] [PID.6420] [MD5.06E05EFC9A32CD0C0FF49D07810E514C] - (.Mega Limited - MEGAsync.) -- C:\Users\agiraud\AppData\Local\MEGAsync\MEGAsync.exe [3968968] [PID.1532] [MD5.799D3B219B84CA5AB76CB13619389A73] - (.No owner - HTC UPCT Loader.) -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264] [PID.5920] [MD5.8F03DEFBB1DB93233EF926474C9E48A5] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.1996] [MD5.4BC71D17649DB84C9055F2A38CF7611A] - (.McAfee, Inc. - Common User Interface.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe [337440] [PID.2460] [MD5.E8820EB17049CE19641015FADBBAB4B8] - (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112856] [PID.6460] [MD5.55F0E43BCF9D39C80A6B3A7639DA3032] - (.McAfee, Inc. - McTray Application.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe [90656] [PID.4468] [MD5.A72FB8DCD04639175AC4C59847BE8DA2] - (.Citrix Systems, Inc. - Citrix FTA, URL Redirector.) -- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952] [PID.1732] [MD5.90F603B5F15A09B56817F69A2BF36585] - (.Microsoft Corporation - Microsoft Lync 2010.) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117312] [PID.5000] [MD5.E1FE94012A47B0C7740EB3342FA74A31] - (.HEWLETT-PACKARD Company - myITSuport Icon.) -- C:\Program Files (x86)\Hewlett-Packard\myITsupport\myITSupport.exe [538624] [PID.4004] [MD5.A90A7AC60ADB5E86FE41897F39D7DDF7] - (.Hewlett-Packard Company - HP.E3T.ExtClient.Assistant.) -- C:\Program Files (x86)\Hewlett-Packard\E3T+\HP.E3T.ExtClient.Assistant.exe [90624] [PID.2864] [MD5.A5C5D31F1C1DD3A56C64DCADFD70BE20] - (.Microsoft Corporation - Microsoft Lync 2010 MAPI COM Server.) -- C:\Program Files (x86)\Microsoft Lync\UcMapi.exe [648344] [PID.7504] [MD5.4E4715D44E179ADCFA2F152C6C038EE3] - (.Hewlett-Packard Company - Intelligent Desktop Assistant (IDA).) -- C:\Program Files (x86)\Hewlett-Packard\PC COE\Ida.exe [372736] [PID.8760] [MD5.36068BFE22BF029401D56560FD0976F1] - (.Microsoft Corporation - Microsoft OneNote.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.exe [1692840] [PID.7492] [MD5.6C96B7D32DC5D84A4EFACA63A259CAB6] - (.Hewlett Packard - COEMsgDisplay Utility.) -- C:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe [26624] [PID.2040] [MD5.6F442AB16C346018AC5A67727A3633E5] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592] [PID.3484] [MD5.227DDACAED40A5024726A6A39894B6E6] - (.Juniper Networks, Inc. - Junos Pulse User Interface.) -- C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521432] [PID.6404] [MD5.397A94612805A00F2A0730CBBD4B86DF] - (.Hewlett-Packard Company - Client Automation Application Self-Service.) -- C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\RadUIShell.exe [43056] [PID.10524] [MD5.B5A9E5F78ABD430C6FBA618A1C51B91F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8162304] [PID.8052] [MD5.A3871BEBF0E061EFBD2E4DBA00CC5AD2] - (.Hewlett-Packard - radskman.) -- C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\RADSKMAN.exe [370736] [PID.5880] [MD5.09F52E852C97496ACB1273CE7E231261] - (.Hewlett-Packard - radpinit.) -- C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\RADPINIT.exe [423984] [PID.4388] [MD5.C9B83F3ABDC2711E80F957B01C11B4F8] - (.Hewlett-Packard - radconct.) -- C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\RADCONCT.exe [768048] [PID.5440] [MD5.7573B690E57D89383F573EAC38B857DC] - (.Hewlett-Packard - radstgrq.) -- C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radstgrq.exe [440368] [PID.5988] [MD5.4BF3CECDCEF1042C49E145DFEB10E3F1] - (.Juniper Networks, Inc. - Juniper Access Service.) -- c:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [158040] [PID.1480] [MD5.D0A36C5B602C522EEAFD92D9CF4ED016] - (.Cisco Systems, Inc. - VPN Agent Service.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [602872] [PID.1524] [MD5.365385DFDC87F0D29EB44F7DE1656A14] - (.McAfee, Inc. - McAfee Endpoint Encryption Client Manager.) -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [380988] [PID.2328] [MD5.530772AAD100461044E8B3B304AB7A5D] - (.Autonomy Corporation plc - Agent Service Module.) -- C:\Program Files (x86)\PC Backup\AgentService.exe [6775632] [PID.2448] [MD5.98C413E1A2FB6E5A4C101C25B3D0B275] - (.Cisco Systems, Inc. - Cisco Systems VPN Client.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [1529856] [PID.2544] [MD5.C16FF42AA41FF044527B6EB44E83DCDD] - (.Microsoft Corporation - DirectAccess Connectivity Assistant.) -- C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe [128000] [PID.2588] [MD5.DFAF3433067C6D74FC24D349490C306A] - (.McAfee, Inc. - HIP lpc interface with MA 4.5+.) -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe [153832] [PID.2892] [MD5.D17F9E527F01770BD04A9223BC40EC22] - (.Hewlett-Packard Company - HP Quick Synchronization Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [227384] [PID.2932] [MD5.7D10E0F2F603A3CE65F0B9750F7ABDB2] - (.Hewlett-Packard Company - hpHotkeyMonitor Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [1698360] [PID.2976] [MD5.7550D101BF49FDB1F92666A233EE36C4] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2120] [MD5.EDEF631EF2E0C8D7A208C383816C055C] - (.McAfee, Inc. - Framework Service.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127520] [PID.1992] [MD5.E273B126962C4EF7D5D1223ACF283F9A] - (.McAfee, Inc. - Task Manager.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416] [PID.1636] [MD5.CF79283001215DD08E02F3F0870DA752] - (.McAfee, Inc. - VSCore Announcer.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe [37960] [PID.2400] [MD5.39B9DCD7040654C2E57D7396736C718E] - (.No owner - PassThruSvr Application.) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576] [PID.3280] [MD5.4A8CC4D25525F456069887D5E8C53225] - (.Portrait Displays, Inc. - pdisrvc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [113264] [PID.3316] [MD5.FD54B46457956A0CCE2134A420B1DFDA] - (.Hewlett-Packard - radexecd.) -- C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [346160] [PID.3700] [MD5.3709F56EF5F62E54F7F193726B682862] - (.Hewlett-Packard - radsched.) -- C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [247856] [PID.3732] [MD5.B07B66BA22AEB2A70919B3938E231405] - (.Hewlett-Packard - radstgms.) -- C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [378928] [PID.3760] [MD5.2FE9CCA70947F9E0F00FBD0189A3615C] - (.McAfee, Inc. - NAI Product Manager.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe [338976] [PID.3892] [MD5.D9B422F37FCAF61BD80E12CC03E84816] - (.VMware, Inc. - VMware NAT Service.) -- C:\Windows\SysWOW64\vmnat.exe [437328] [PID.3984] [MD5.2562943B90AFA9829097FB4274276D1D] - (.VMware, Inc. - VMware Authorization Service.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [86744] [PID.3860] [MD5.5DC2DA538FF0806950B73F798A2444ED] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\Windows\SysWOW64\vmnetdhcp.exe [358480] [PID.4208] [MD5.0955C23C041451FB4E7099D6B2CF1C06] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [988216] [PID.4976] [MD5.117FF657E0D9BBD61B5C3E71E63D3919] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.7796] [MD5.97F9EAAC985A663394CD8F54DCD3E73A] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [326168] [PID.7896] [MD5.A69CD6BDB82872999D2E46F9324ADA83] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280] [PID.9004] [MD5.C5679E5186B2FC95BC76A8A9870D5456] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704] [PID.6676] ~ Processes Running: Scanned in 02mn AMs ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\agiraud\AppData\Local\Google\Chrome\User Data\Default\Preferences ---\\ Google Chrome Extension Folder ~ Google Lines Browser: 0 Legitimates Filtered in 02mn AMs ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) M0 - MFSP: prefs.js [agiraud - jvexvpj8.default] http://athp.hp.com ~ Firefox Browser: 12 Legitimates Filtered in 00mn AMs ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://athp.hp.com R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0 ~ IE Browser: 20 Legitimates Filtered in 00mn AMs ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://autocache.hp.com R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1 ~ Proxy management: Scanned in 00mn AMs ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn AMs ---\\ Hosts file redirection (O1) O1 - Hosts: 15.195.180.20 germany.remoteaccess.hp.com ~ Nombre lignes détournées 1/24 (Hosts file redirected) ~ Hosts File: Scanned in 00mn AMs ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Orphan key ~ Toolbar: Scanned in 00mn AMs ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [acevents] . (.ActivIdentity - ActivIdentity Event Service.) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe O4 - HKLM\..\Run: [accrdsub] . (.ActivIdentity - ActivIdentity card event handler.) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe O4 - HKLM\..\Run: [PasswordRegistration] . (.Microsoft Corporation - Password Management User Registration.) -- C:\Windows\system32\MsPwdRegistration.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [sysTrayApp] . (.IDT, Inc. - IDT PC Audio TPE.) -- C:\Program Files\IDT\WDM\sttray64.exe O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe O4 - HKLM\..\Run: [FileOpenBroker] . (.FileOpen Systems Inc. - FileOpen Broker.) -- C:\Program Files\FileOpen\Services\FileOpenBroker64.exe O4 - HKLM\..\Run: [HPRAService] . (.Hewlett-Packard Company - HPRAService Application.) -- C:\Program Files\RA2HP\HPRAService.exe O4 - HKLM\..\Run: [McAfee Host Intrusion Prevention Tray] . (.McAfee, Inc. - McAfee HIP Tray Application.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe O4 - HKLM\..\Wow6432Node\Run: [HTC Sync Loader] . (.No owner - HTC UPCT Loader.) -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe O4 - HKLM\..\Wow6432Node\Run: [Communicator] . (.Microsoft Corporation - Microsoft Lync 2010.) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [vmware-tray.exe] . (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe =>.VMware, Inc O4 - HKLM\..\Wow6432Node\Run: [CitrixReceiver] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk (.not file.) O4 - HKLM\..\Wow6432Node\Run: [Redirector] . (.Citrix Systems, Inc. - Citrix FTA, URL Redirector.) -- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe O4 - HKLM\..\Wow6432Node\Run: [agrsmdel.exe] C:\Users\agiraud\AppData\Roaming\4059116-NN\agrsmdel.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [update] C:\Users\agiraud\AppData\Roaming\Microsoft\Windows\gupdater.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation O4 - HKLM\..\Wow6432Node\Run: [myITSupport] . (.HEWLETT-PACKARD Company - myITSuport Icon.) -- C:\Program Files (x86)\Hewlett-Packard\myITsupport\myITSupport.exe O4 - HKLM\..\Wow6432Node\Run: [McAfeeUpdaterUI] . (.McAfee, Inc. - Common User Interface.) -- C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe O4 - HKLM\..\Wow6432Node\Run: [AutoStartup] . (.Hewlett-Packard Company - HP.E3T.ExtClient.Assistant.) -- C:\Program Files (x86)\Hewlett-Packard\E3T+\HP.E3T.ExtClient.Assistant.exe O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe O4 - HKLM\..\policies\Explorer\Run: [x86kernel2] erperperperperperperperperperperperperperperperperperperperperperperperperperperperperperperperperpe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-1957994488-842925246-40105171-194281\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe ~ Application: Scanned in 00mn AMs ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico ~ IE Extra Buttons: Scanned in 00mn AMs ---\\ Site in Trusted Zone (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.compaq.com O15 - Trusted Zone: [HKCU\...\Domains] http.compaq.com.ar O15 - Trusted Zone: [HKCU\...\Domains] http.compaq.com.br O15 - Trusted Zone: [HKCU\...\Domains] http.compaq.com.co O15 - Trusted Zone: [HKCU\...\Domains] http.compaq.com.mx O15 - Trusted Zone: [HKCU\...\Domains] http.compaq.com.sg O15 - Trusted Zone: [HKCU\...\Domains] http.compaq.com.ve O15 - Trusted Zone: [HKCU\...\Domains] http.cpqcorp.net O15 - Trusted Zone: [HKCU\...\Domains] http.dcu.org O15 - Trusted Zone: [HKCU\...\Domains] *.eds.com O15 - Trusted Zone: [HKCU\...\Domains] http.hp.com O15 - Trusted Zone: [HKCU\...\Domains] http.hpqcorp.net ~ IE Zone Confiance: Scanned in 00mn AMs ---\\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} ((no name)) - https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab ~ Objets ActiveX: Scanned in 00mn AMs ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{826FF4B9-2C71-4A91-B8B5-AC4AD1ADF88A}: NameServer = 16.110.135.51,16.110.135.52 O17 - HKLM\System\CCS\Services\Tcpip\..\{2847BB64-A96E-4605-833D-8E77F26492A7}: DhcpNameServer = 10.16.0.101 10.16.1.101 O17 - HKLM\System\CCS\Services\Tcpip\..\{82076052-15BD-459A-B0BA-43506529E9E3}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{E537E6C0-B92A-4A5E-8551-79192F72240F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{2847BB64-A96E-4605-833D-8E77F26492A7}: DhcpDomain = best.local O17 - HKLM\System\CS1\Services\Tcpip\..\{826FF4B9-2C71-4A91-B8B5-AC4AD1ADF88A}: NameServer = 16.110.135.51,16.110.135.52 O17 - HKLM\System\CS1\Services\Tcpip\..\{2847BB64-A96E-4605-833D-8E77F26492A7}: DhcpNameServer = 10.16.0.101 10.16.1.101 O17 - HKLM\System\CS1\Services\Tcpip\..\{82076052-15BD-459A-B0BA-43506529E9E3}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{E537E6C0-B92A-4A5E-8551-79192F72240F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{2847BB64-A96E-4605-833D-8E77F26492A7}: DhcpDomain = best.local O17 - HKLM\System\CS2\Services\Tcpip\..\{826FF4B9-2C71-4A91-B8B5-AC4AD1ADF88A}: NameServer = 16.110.135.51,16.110.135.52 O17 - HKLM\System\CS2\Services\Tcpip\..\{2847BB64-A96E-4605-833D-8E77F26492A7}: DhcpNameServer = 10.16.0.101 10.16.1.101 O17 - HKLM\System\CS2\Services\Tcpip\..\{82076052-15BD-459A-B0BA-43506529E9E3}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CS2\Services\Tcpip\..\{93BF7CCF-D51D-493A-A6D4-6D5C147F37B8}: DhcpNameServer = 16.110.135.52 16.110.135.51 O17 - HKLM\System\CS2\Services\Tcpip\..\{E537E6C0-B92A-4A5E-8551-79192F72240F}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CS2\Services\Tcpip\..\{2847BB64-A96E-4605-833D-8E77F26492A7}: DhcpDomain = best.local O17 - HKLM\System\CS2\Services\Tcpip\..\{93BF7CCF-D51D-493A-A6D4-6D5C147F37B8}: DhcpDomain = emea.hpqcorp.net O17 - HKLM\System\CS2\Services\Tcpip\..\{E537E6C0-B92A-4A5E-8551-79192F72240F}: DhcpDomain = lan O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = hpintelco.org,hpintelco.org,emea.hpqcorp.net,hpqcorp.net ~ Domain: Scanned in 00mn AMs ---\\ Extra protocols (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn AMs ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Internet Pass-Through Service (PassThru Service) . (.No owner - PassThruSvr Application.) - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: Timing Service (svctimehpc) . (...) - C:\Program Files (x86)\Products\Time Service\svctimehpc.exe ~ Services: 43 Legitimates Filtered in 08mn AMs ---\\ Task Planned Automatically (039) [MD5.00000000000000000000000000000000] [APT] [smart Client] (...) -- C:\Program Files (x86)\SmartClient\Smart.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{80846B67-E8B5-427E-BF4B-7B1182F6B905}] (...) -- D:\win95\SETUP.exe (.not file.) [0] [MD5.66876B3576139E8AD7CD4D6BF0A05FE6] [APT] [{A65A8126-4C29-4BAF-8EB5-792B076372A6}] (.ACS.) -- C:\Program Files (x86)\PuTTY Connection Manager\puttycm.exe [1916928] [MD5.66876B3576139E8AD7CD4D6BF0A05FE6] [APT] [{F8FF226F-2C2B-4E1A-9621-17E8B1B91D82}] (.ACS.) -- C:\Program Files (x86)\PuTTY Connection Manager\puttycm.exe [1916928] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1064] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1068] O39 - APT: - (..) -- C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job [330] O39 - APT: - (..) -- C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000 [330] O39 - APT: - (..) -- C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job [306] O39 - APT: - (..) -- C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001 [306] O39 - APT: - (..) -- C:\Windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job [372] O39 - APT: - (..) -- C:\Windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000 [372] O39 - APT: - (..) -- C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job [296] O39 - APT: - (..) -- C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000 [296] O39 - APT: - (..) -- C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job [276] O39 - APT: - (..) -- C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001 [276] O39 - APT: - (..) -- C:\Windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job [330] O39 - APT: - (..) -- C:\Windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000 [330] O39 - APT: - (..) -- C:\Windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job [356] O39 - APT: - (..) -- C:\Windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000 [356] O39 - APT: - (..) -- C:\Windows\Tasks\Maint.job [290] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Maint [290] O39 - APT: - (..) -- C:\Windows\Tasks\pcpm-collector.job [308] O39 - APT: - (..) -- C:\Windows\System32\Tasks\pcpm-collector [308] O39 - APT: - (..) -- C:\Windows\Tasks\pcpm-consolidator.job [314] O39 - APT: - (..) -- C:\Windows\System32\Tasks\pcpm-consolidator [314] ~ Scheduled Task: 25 Legitimates Filtered in 06mn AMs ---\\ Drivers launched at startup (O41) O41 - Driver: (vflt) . (.Shrew Soft Inc - Shrew Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\vfilter.sys ~ Drivers: 78 Legitimates Filtered in 00mn AMs ---\\ Software installed (O42) O42 - Logiciel: Astah Community 6.8 - (.Change Vision, Inc..) [HKLM][64Bits] -- astah* community_is1 O42 - Logiciel: DLMS Simulator 3.1.2 - (.KalkiTech.) [HKLM][64Bits] -- DLMS Simulator O42 - Logiciel: MEGAsync 1.0.14 - (.Mega Limited.) [HKLM][64Bits] -- MEGAsync O42 - Logiciel: NPort Administration Suite Ver1.15 - (.Moxa Inc..) [HKLM][64Bits] -- NPort Administration Suite_is1 O42 - Logiciel: Operations Dashboard - (.ArcGIS.) [HKCU][64Bits] -- cc67ed9802614d8b O42 - Logiciel: XMLTranslaror version 2.0 - (...) [HKLM][64Bits] -- XMLTranslator_is1 ~ Logic: 37 Legitimates Filtered in 00mn AMs ---\\ HKCU & HKLM Software Keys [HKCU\Software\ACS] [HKCU\Software\ActivCard] [HKCU\Software\Connected] [HKCU\Software\Inverse] [HKCU\Software\Kalkitech] [HKCU\Software\MOXA] [HKCU\Software\Mercury Interactive] [HKCU\Software\Miguel Angel C] [HKCU\Software\N3NNetwork] [HKCU\Software\Novadigm] [HKCU\Software\PiotrZuk] [HKLM\Software\ActivCard] [HKLM\Software\GSC] [HKLM\Software\JRockit] [HKLM\Software\Wow6432Node\ACS] [HKLM\Software\Wow6432Node\ActivCard] [HKLM\Software\Wow6432Node\Connected] [HKLM\Software\Wow6432Node\Entercept] [HKLM\Software\Wow6432Node\GSC] [HKLM\Software\Wow6432Node\Mercury Interactive] [HKLM\Software\Wow6432Node\Novadigm] [HKLM\Software\Wow6432Node\Trilogy] ~ Key Software: 426 Legitimates Filtered in 00mn AMs ---\\ Contents of the Common Files folders (O43) O43 - CFD: 1/4/2013 - 5:15:36 PM - [] ----D C:\Program Files (x86)\Attachmate O43 - CFD: 6/2/2014 - 9:29:43 AM - [] ----D C:\Program Files (x86)\DirectAccess Connectivity Assistant O43 - CFD: 3/5/2014 - 4:38:58 PM - [] ----D C:\Program Files (x86)\KalkiTech O43 - CFD: 1/30/2015 - 4:53:59 PM - [] ----D C:\Program Files (x86)\PC Backup O43 - CFD: 4/22/2013 - 7:52:53 AM - [] ----D C:\Program Files (x86)\Products O43 - CFD: 11/9/2011 - 8:59:38 AM - [] ----D C:\Program Files (x86)\SafeBoot Tray Manager O43 - CFD: 1/27/2015 - 11:49:33 PM - [] ----D C:\Program Files (x86)\SmartClient O43 - CFD: 12/19/2014 - 9:39:34 PM - [] ----D C:\Program Files (x86)\XMLTranslator O43 - CFD: 12/19/2011 - 5:00:32 PM - [] ----D C:\Program Files (x86)\Common Files\Mercury Interactive O43 - CFD: 1/4/2013 - 5:18:56 PM - [] ----D C:\ProgramData\Attachmate O43 - CFD: 1/29/2015 - 10:44:01 PM - [] ----D C:\ProgramData\ITSEC O43 - CFD: 1/30/2015 - 9:31:59 AM - [] ----D C:\ProgramData\Time Service O43 - CFD: 3/21/2014 - 6:06:37 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astah Community O43 - CFD: 8/22/2012 - 10:21:50 AM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Restore O43 - CFD: 7/14/2011 - 3:40:26 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COE Utils O43 - CFD: 11/15/2013 - 5:18:58 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit O43 - CFD: 3/5/2014 - 4:39:00 PM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KalkiTech O43 - CFD: 1/20/2015 - 9:25:40 AM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myITsupportIcon O43 - CFD: 10/11/2013 - 10:31:24 AM - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Encryption O43 - CFD: 11/21/2010 - 7:30:38 AM - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 1/27/2015 - 8:23:04 PM - [0] -SH-D C:\Users\agiraud\AppData\Roaming\3600540-NN O43 - CFD: 12/14/2014 - 7:08:31 PM - [0] -SH-D C:\Users\agiraud\AppData\Roaming\4059116-NN O43 - CFD: 12/19/2014 - 9:58:39 PM - [] ----D C:\Users\agiraud\AppData\Roaming\XMLTranslator O43 - CFD: 9/11/2014 - 7:43:06 AM - [] ----D C:\Users\agiraud\AppData\Local\E3T O43 - CFD: 12/30/2014 - 6:48:57 PM - [] -SH-D C:\Users\agiraud\AppData\Local\EmieBrowserModeList O43 - CFD: 4/15/2014 - 7:02:02 PM - [] ----D C:\Users\agiraud\AppData\Local\Mega Limited O43 - CFD: 1/25/2015 - 12:35:43 PM - [] ----D C:\Users\agiraud\AppData\Local\MEGAsync O43 - CFD: 4/6/2012 - 12:51:35 PM - [] ----D C:\Users\agiraud\AppData\Local\Mercury Interactive O43 - CFD: 12/28/2014 - 10:36:59 AM - [] ----D C:\Users\agiraud\AppData\Local\X_DataNet_S.r.l O43 - CFD: 11/15/2011 - 7:31:19 AM - [0] ----D C:\Users\agiraud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COE Network Startup O43 - CFD: 9/18/2013 - 10:52:45 AM - [] ----D C:\Users\agiraud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HHD Hex Editor Neo O43 - CFD: 3/5/2014 - 4:39:00 PM - [] ----D C:\Users\agiraud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KalkiTech O43 - CFD: 4/15/2014 - 7:02:00 PM - [] ----D C:\Users\agiraud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync ~ Program Folder: 308 Legitimates Filtered in 00mn AMs ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 1/20/2015 - 9:29:09 AM ---A- . (...) -- C:\Windows\win.ini [478] ~ Files: 19 Legitimates Filtered in 41mn AMs ---\\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn AMs ---\\ MountPoints2 Shell Key (MPSK) (O51) O51 - MPSK:{d709baaa-ae5f-11e0-bdf4-806e6f6e6963}\AutoRun\command. (...) -- D:\OFFICE2007-KB954711-FULLFILE-X86-GLB-DVD1-P1.exe (.not file.) ~ Keys: Scanned in 00mn AMs ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=4 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "disablecad"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylockeduserid"=1 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1 O55 - MWPS:[HKLM\...\Policies\System] - "LogonType"=0 O55 - MWPS:[HKLM\...\Policies\System] - "HideFastUserSwitching"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ReportControllerMissing"=0 O55 - MWPS:[HKLM\...\Policies\System] - "DisableNT4Policy"=1 ~ MWPS: 24 Legitimates Filtered in 00mn AMs ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "TaskbarNoNotification"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "HideSCAHealth"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "HideSCAHealth"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "TaskbarNoNotification"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoWebServices"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoPublishingWizard"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoAutorun"=1 ~ MWPE Keys: 19 Legitimates Filtered in 00mn AMs ---\\ System Drivers List (SDL) (O58) O58 - SDL:3/4/2011 - 12:51:50 PM ---A- . (...) -- C:\Windows\System32\Drivers\CVPNDRVA.sys [306536] O58 - SDL:7/14/2009 - 2:47:48 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:6/10/2009 - 9:31:59 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:6/25/2010 - 4:08:10 PM ---A- . (.Windows ® Win 7 DDK provider - RawPacket NDIS Protocol Driver.) -- C:\Windows\System32\Drivers\htcnprot.sys [36928] O58 - SDL:5/17/2012 - 4:56:08 PM ---A- . (...) -- C:\Windows\System32\Drivers\LV_Tracker64.sys [54824] O58 - SDL:7/15/2010 - 3:54:28 PM ---A- . (.Moxa Inc. - NPort Server Device Driver.) -- C:\Windows\System32\Drivers\npdrv.sys [60984] O58 - SDL:7/15/2010 - 3:55:18 PM ---A- . (.Moxa Inc. - NPort Server Device Driver.) -- C:\Windows\System32\Drivers\npdrvfilter.sys [42040] O58 - SDL:8/13/2008 - 1:51:44 PM ---A- . (.SafeBoot N.V. - SafeBoot FIPS AES Algorithm (256 bit).) -- C:\Windows\System32\Drivers\sbalg.sys [60128] O58 - SDL:7/14/2009 - 2:45:55 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:5/27/2011 - 11:06:16 AM ---A- . (.IDT, Inc. - IDT PC Audio TPE.) -- C:\Windows\System32\Drivers\stwrt64.sys [528384] O58 - SDL:8/22/2013 - 1:40:24 PM ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664] O58 - SDL:9/2/2010 - 8:18:46 AM ---A- . (.Shrew Soft Inc - Shrew Lightweight Filter Driver.) -- C:\Windows\System32\Drivers\vfilter.sys [21504] O58 - SDL:9/2/2010 - 8:18:46 AM ---A- . (.Shrew Soft Inc - Shrew Soft Virtual Network Driver.) -- C:\Windows\System32\Drivers\virtualnet.sys [17408] O58 - SDL:8/13/2008 - 1:51:44 PM ---A- . (.SafeBoot N.V. - SafeBoot FIPS AES Algorithm (256 bit).) -- C:\Windows\SysWOW64\drivers\SbAlg.sys [60128] ~ Drivers: 129 Legitimates Filtered in 08mn AMs ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn AMs ---\\ List all legacy services(LALS) (O64) O64 - Services: CurCS - 12/18/2013 - C:\Windows\system32\drivers\HipShieldK.sys (HipShieldK) .(.McAfee, Inc. - McAfee HIP IPS Driver.) - LEGACY_HIPSHIELDK O64 - Services: CurCS - 4/22/2013 - C:\ProgramData\Application Data\Time Service\mktools.sys (Mandiant_Tools) .(...) - LEGACY_MANDIANT_TOOLS O64 - Services: CurCS - 7/15/2010 - C:\Windows\system32\drivers\npdrv.sys (npdrv) .(.Moxa Inc. - NPort Server Device Driver.) - LEGACY_NPDRV O64 - Services: CurCS - 7/15/2010 - C:\Windows\system32\drivers\npdrvfilter.sys (npdrvfilter) .(.Moxa Inc. - NPort Server Device Driver.) - LEGACY_NPDRVFILTER O64 - Services: CurCS - 6/10/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV ~ Legacy: 112 Legitimates Filtered in 00mn AMs ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn AMs ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {3A4BD30C-6ADE-4536-A668-BFFA1D20DE74} - (HP Intranet Search) - http://search.portal.hp.com O69 - SBI: SearchScopes [HKCU] {6C336C69-4D05-4234-956F-525EC5BB10C6} - (HP PeopleFinder) - http://peoplefinder.portal.hp.com ~ Keys: Scanned in 00mn AMs ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.85B2AC626A258B767FA052F4EAE37659] [sPRF][4/23/2013] (...) -- C:\ProgramData\ntuser.dat [262144] [MD5.FC77986C2F2B9752EE344FACA1880BA2] [sPRF][1/28/2015] (.No owner - Aut2Exe.) -- C:\Users\agiraud\Desktop\adwcleaner_4.109.exe [2194432] [MD5.0DC9E740762A383BB935340EC5ABDBC3] [sPRF][1/28/2015] (.No owner - Contrôle et suppression restrictions.) -- C:\Users\agiraud\Desktop\CTR.exe [1196032] [MD5.A3CCFD0AA0B17FD23AA9FD0D84B86C05] [sPRF][11/19/2012] (.Simon Tatham - SSH, Telnet and Rlogin client.) -- C:\Users\agiraud\Desktop\putty.exe [483328] [MD5.8DA935E5025B2503DF2C77967A711C6A] [sPRF][1/29/2015] (.No owner - Nettoyage des fichiers temporaires.) -- C:\Users\agiraud\Desktop\SFTGC.exe [1348096] [MD5.8B7DB7FE0AE619028998EB46D42511FE] [sPRF][1/27/2015] (.No owner - ZHPCleaner.) -- C:\Users\agiraud\Desktop\ZHPCleaner.exe [1458176] [MD5.68CB83512F8EEE8049A272AAEDDCD6A0] [sPRF][11/15/2013] (...) -- C:\Windows\Downloaded Program Files\JuniperExt.exe [411992] [MD5.8A0E19D3AD7B4BD9A5FC9C8DAE1A798C] [sPRF][11/15/2013] (...) -- C:\Windows\Downloaded Program Files\JuniperExt64.exe [327512] ~ Files: 16 Legitimates Filtered in 27mn AMs ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 2/27/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 2/27/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Auto 8/7/2014 166232 | (JuniperAccessService) . (.Juniper Networks, Inc..) - c:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe SS - | Demand 5/11/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 10/18/2012 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SS - | Demand 6/5/2014 37176 | (OpenVPNService) . (.The OpenVPN Project.) - C:\Program Files\OpenVPN\bin\openvpnserv.exe SS - | Auto 10/18/2012 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SS - | Demand 6/25/2010 117264 | (rpcapd) . (.CACE Technologies, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe SS - | Demand 8/1/2012 724888 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe SS - | Auto 6/12/2014 14407384 | (VMwareHostd) . (...) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe =>.VMware, Inc SS - | Disabled 10/18/2012 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SS - | Auto 7/22/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 6/3/2009 277032 | (ac.sharedstore) . (.ActivIdentity.) - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe SR - | Auto 9/12/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 3/3/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe SR - | Auto 5/17/2012 6775632 | (AgentService) . (.Autonomy Corporation plc.) - C:\Program Files (x86)\PC Backup\AgentService.exe SR - | Auto 12/3/2009 28672 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe SR - | Auto 4/24/2011 951584 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe SR - | Auto 3/4/2011 1529856 | (CVPND) . (.Cisco Systems, Inc..) - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe SR - | Auto 3/21/2014 610640 | (enterceptAgent) . (.McAfee, Inc..) - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe SR - | Auto 6/29/2014 341360 | (FileOpenManager) . (.FileOpen Systems Inc..) - C:\Program Files\FileOpen\Services\FileOpenManager64.exe SR - | Auto 12/18/2013 153832 | (HipMgmt) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe SR - | Auto 6/2/2011 133688 | (HP Power Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe SR - | Auto 7/21/2010 103992 | (HP Wireless Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe SR - | Auto 7/5/2011 227384 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe SR - | Auto 7/6/2011 1698360 | (hpHotkeyMonitor) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe SR - | Demand 7/5/2011 988216 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe SR - | Auto 5/13/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe SR - | Auto 1/26/2011 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 5/19/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe SR - | Auto 1/17/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe SR - | Auto 12/4/2013 127520 | (McAfeeFramework) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe SR - | Auto 6/23/2014 242448 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe SR - | Auto 1/15/2014 208416 | (McTaskManager) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe SR - | Auto 12/18/2013 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe SR - | Auto 6/23/2014 185280 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe SR - | Auto 6/24/2011 72192 | (NovacomD) . (.Palm.) - C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe SR - | Auto 6/5/2011 993896 | (NVSvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe SR - | Auto 9/15/2011 88576 | (PassThru Service) . (...) - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe SR - | Auto 3/16/2011 113264 | (PdiService) . (.Portrait Displays, Inc..) - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe SR - | Auto 11/22/2012 346160 | (Radexecd) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe SR - | Auto 11/22/2012 247856 | (Radsched) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe SR - | Auto 11/22/2012 378928 | (Radstgms) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe SR - | Auto 12/14/2010 380988 | (SafeBootClientManager) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe SR - | Auto 5/27/2011 301568 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe SR - | Auto 9/11/2012 13387128 | (svctimehpc) . (...) - C:\Program Files (x86)\Products\Time Service\svctimehpc.exe SR - | Auto 1/17/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe SR - | Auto 3/24/2011 3161904 | (vcsFPService) . (.Validity Sensors, Inc..) - C:\Windows\system32\vcsFPService.exe SR - | Auto 6/12/2014 86744 | (VMAuthdService) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe =>.VMware, Inc SR - | Auto 7/22/1658 0 | (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\system32\vmnetdhcp.exe SR - | Auto 2/27/2014 906432 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe SR - | Auto 7/22/1658 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe SR - | Auto 12/20/2010 602872 | (vpnagent) . (.Cisco Systems, Inc..) - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe SR - | Auto 10/18/2012 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 09mn AMs ---\\ Scan Additionnel (O88) Database Version : 13008 - (1/27/2015) Clés trouvées (Keys found) : 4 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Classes\com.hp.watson.datamodel.SearchQuoteReq] =>Adware.Bandoo [HKLM\Software\Classes\com.hp.watson.datamodel.SearchQuoteRes] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\com.hp.watson.datamodel.SearchQuoteReq] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Classes\com.hp.watson.datamodel.SearchQuoteRes] =>Adware.Bandoo ~ Additionnel Scan: 435786 Items scanned in 16mn AMs ---\\ Additional information about modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4) ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.MountPoints2 Shell Key (MPSK) (O51) ~ AMI: 4 Legitimates Filtered in 00mn AMs ---\\ Summary of the detections found on your workstation http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo ~ MSI: 1 link(s) detected in 00mn AMs ~ 1097 Legitimates filtered by white list End of the scan (652 lines in 19mn AMs)(0)
  6. Bonjour Appolo j'avais bien fait touner u AdwCleaner recent mais je n'avais pas vu ou etait le fichier de resulat. le security center demmarre Le reste des rapports si dessous. MBAM ne trouve pas de menaces et ne fait pas redemmaré le PC. # AdwCleaner v4.109 - Report created 28/01/2015 at 19:22:13 # Updated 24/01/2015 by Xplode # Database : 2015-01-26.1 [Live] # Operating System : Windows 7 Enterprise Service Pack 1 (64 bits) # Username : agiraud - AGIRAUD2 # Running from : C:\Users\agiraud\Desktop\adwcleaner_4.109.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17420 -\\ Mozilla Firefox v29.0.1 (en-US) -\\ Google Chrome v40.0.2214.93 ************************* AdwCleaner[R0].txt - [655 octets] - [28/01/2015 19:22:13] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [714 octets] ########## SFTGC.tst http://cjoint.com/?EADwvNqh5N9 MBAM Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 1/29/2015 Scan Time: 9:19:12 PM Logfile: mbam.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.29.10 Rootkit Database: v2015.01.14.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: agiraud Scan Type: Threat Scan Result: Completed Objects Scanned: 420341 Time Elapsed: 32 min, 59 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  7. Bonjour le pc redemmare. Il ya eu 2 erreurs de dll manquante mais j'ai pas pu noter pop up just avant le logon. j'ai arreté windows update on a une mise a jour en parelle de windows par des packages pre-etabli. Security center semble toujour arreté
  8. Bonjour Apollo J'ai lancé les outils dans l'ordre J'ai aussi vu les precautions et je fais le maximum pour ne pas installer de barre d'outil etc. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 7 Enterprise x64 Ran by agiraud on Wed 01/28/2015 at 19:13:59.47 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\agiraud\AppData\Roaming\mozilla\firefox\profiles\jvexvpj8.default\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 01/28/2015 at 19:18:17.30 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.306 - Rapport créé le 05/08/2013 à 19:08:01 # Mis à jour le 19/07/2013 par Xplode # Système d'exploitation : Windows 7 Home Premium (64 bits) # Nom d'utilisateur : Yséyes - ELEXISE # Mode de démarrage : Normal # Exécuté depuis : C:\Users\Yséyes\Downloads\adwcleaner.exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\Program Files (x86)\AskTBar Dossier Supprimé : C:\Program Files (x86)\Conduit Dossier Supprimé : C:\Program Files (x86)\uTorrentBar_FR Dossier Supprimé : C:\Users\Yséyes\AppData\Local\Conduit Dossier Supprimé : C:\Users\Yséyes\AppData\Local\PackageAware Dossier Supprimé : C:\Users\Yséyes\AppData\LocalLow\Conduit Dossier Supprimé : C:\Users\Yséyes\AppData\LocalLow\uTorrentBar_FR Dossier Supprimé : C:\Users\Yséyes\AppData\Roaming\OfferBox Fichier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk ***** [Registre] ***** Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar Clé Supprimée : HKCU\Software\AppDataLow\Software\uTorrentBar_FR Clé Supprimée : HKCU\Software\AppDataLow\Toolbar Clé Supprimée : HKCU\Software\Conduit Clé Supprimée : HKCU\Software\FissaSearch Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} Clé Supprimée : HKCU\Software\Offerbox Clé Supprimée : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2851639 Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Clé Supprimée : HKLM\Software\Conduit Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASAPI32 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASMANCS Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D6533F74-218B-41BE-9D91-5BD471FECFFD} Clé Supprimée : HKLM\Software\Offerbox Clé Supprimée : HKLM\Software\uTorrentBar_FR Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D6533F74-218B-41BE-9D91-5BD471FECFFD} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81549CDC-BD54-4743-AEF1-B6DDD7599DE3} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3A24E03-CE65-429F-8B56-E99F263CE8F7} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403E-8DD8-394C54984B2C} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_FR Toolbar Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}] ***** [Navigateurs] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Le registre ne contient aucune entrée illégitime. -\\ Opera v12.16.1860.0 Fichier : C:\Users\Yséyes\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[R1].txt - [5492 octets] - [05/08/2013 19:05:50] AdwCleaner[s1].txt - [5483 octets] - [05/08/2013 19:08:01] ########## EOF - C:\AdwCleaner[s1].txt - [5543 octets] ########## Rapport de Contrôle restrictions Pierre13 (CTR version 2.0.0.2 ) du 28\01\2015 à 19:58:16 PC de agiraud Windows 7 Enterprise Service Pack 1 (64 bits) Réparation erreur 2203 effectuée. Contrôle présence restrictions [TROJ_POWELIKS.B] clé feature_browser_emulation supprimée. [bKDR_BLACKEN.A] clé Check_Associations supprimée. [bKDR_BLACKEN.A] clé DisableFirstRunCustomize supprimée. [bKDR_BLACKEN.A] clé WarnOnClose corrigée. Autorisation installation sponsor Java(x86) supprimée. Autorisation installation sponsor Java(x64) supprimée. Restriction Affichage Documents récents supprimée. Restriction Affichage Documents supprimée. Restriction synchronisation en arrière-plan des flux d’informations et des Web Slices supprimée. Restriction découverte des flux RSS et des Web Slices supprimée. Restriction barre de menus Internet Explorer supprimée. Clé registre de restrictions générale supprimée. Pavé numérique activé. Restriction sur l’inventaire des programmes supprimée. Restriction utilisateur pour Windows Installer supprimée. Restriction Impression via HTTP supprimée. Restriction changement rapide utilisateur supprimée. Restriction Protéger les écrans de veille à l’aide d’un mot de passe supprimée. Configuration Windows Update rétablie. Recherche Windows Update rétablie. Service Pare feu Windows activé. 233 restrictions contrôlées. 21 restriction(s) réparée(s). Re démarrer le PC pour prendre en compte la ou les réparations. Le rapport est sur le bureau (C:\Users\agiraud\Desktop\CTR.txt)
  9. Bonjour Appolo voici le rapport http://cjoint.com/?3ACaewfUUN9 Cordialement Moebuis
  10. Bonjour Appolo Merci pour ton temps. je suis en retard pour la response .... voici le rapport zhpdiag http://cjoint.com/?EABuXjEOIFH Moebuis
  11. Bonjour, Bonne Année 2015 Mon PC m'indique que le Windows Security Center est arrête. Lorsque je redémmare le service, il y a un message d'erreur qui dit que le service n' a pas pu redémmaré. J'ai fait tourner MBAM il y a un certain temps qui a enlevé un virus. Mais je n'avais pas le temps a ce moment la de regarder plus. Mon PC tourne Windows 7. C'est un portable Intel. Que puis je faire ? Cordialement Moebuis
  12. Merci beaucoup, c'est parfait je suis en effet aller chercher un des outils du un site du type 01net car le lien fourni ne marchait pas. Mais je ne sais plus quel outil.
  13. Bonjour, voici le rapport zhpfix Rapport de ZHPFix 2013.7.20.5 par Nicolas Coolman, Update du 20/07/2013 Fichier d'export Registre : Run by Yséyes at 06/08/2013 20:55:56 High Elevated Privileges : OK Windows 7 Home Premium Edition, 64-bit (Build 7600) Corbeille vidée ========== Logiciel(s) ========== SUPPRIME Ask Toolbar ========== Processus mémoire ========== SUPPRIME Memory Process: C:\Users\Yséyes\AppData\Roaming\Uninstal.exe ========== Clé(s) du Registre ========== SUPPRIME [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AskTBar Uninstall] SUPPRIME Key: HKLM\Software\Wow6432Node\AskTBar SUPPRIME Key: SearchScopes :{4CBB2EF1-B6F4-4E72-A437-F453E5C4EF72} ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AskTBar Uninstall SUPPRIME Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fe063dbb-4ec0-403e-8dd8-394c54984b2c} ========== Valeur(s) du Registre ========== ABSENT Valeur Standard Profile: FirewallRaz : ABSENT Valeur Domain Profile: FirewallRaz : SUPPRIME FirewallRaz (None) : {FEAD7D0A-E2BF-4DC0-92A2-3BB18AC6C956} ========== Dossier(s) ========== Aucun dossiers CLSID Local utilisateur vide ========== Fichier(s) ========== SUPPRIME File: c:\users\yséyes\appdata\roaming\uninstal.exe ABSENT File: c:\users\yséyes\desktop\mybookworld (192.168.1..lnk SUPPRIME Temporaires Windows ========== Restauration Système ========== Point de restauration du système créé avec succès ========== Récapitulatif ========== 1 : Processus mémoire 5 : Clé(s) du Registre 3 : Valeur(s) du Registre 1 : Dossier(s) 3 : Fichier(s) 1 : Logiciel(s) 1 : Restauration Système End of clean in 00mn 27s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 06/08/2013 20:55:57 [1748]
  14. Bonjour, par erreur, je n'ai pas joint le fichier de destruction des virus MBAM/suppression que j'ai fait hier. MBAM de destruction © CJoint.com, 2012 le ficher MBAM/recherche fait maintenant ou je ne voit plus de virus MBAM de recherche © CJoint.com, 2012 ZHPdiag © CJoint.com, 2012 et voila
×
×
  • Créer...