PC contrôlé à distance

PC contrôlé à distance

Message non lupar Cedric339 le 27 Nov 2017 21:31

Bonjour,

Voilà je me suis fait piraté et quelqu'un à pris le contrôle de mon pc à distance.

J'ai installé Malwarebytes puis j'ai effectué un nettoyage
J'ai fait un diag ZHP par la suite et voilà le résultat:
Code: Tout sélectionner
~ Rapport de ZHPDiag v2014.4.24.43 - Nicolas Coolman  (24/04/2014)
~ Lancé par admin (27/11/2017 21:24:59)
~ Adresse du Site Web  http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.17609
GCIE: Google Chrome v62.0.3202.94

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : 9P63G
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
McAfee Security Scan Plus v3.11.523.1
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 27 NPAPI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8120 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 31 GB (3%) free of 931 GB

---\\ Mode de connexion au système
~ Computer Name: PC
~ User Name: admin
~ All Users Names: HomeGroupUser$, Administrateur, admin,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\admin\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\admin\AppData\Roaming\
~ %Desktop% : C:\Users\admin\Desktop\
~ %Favorites% : C:\Users\admin\Favorites\
~ %LocalAppData% : C:\Users\admin\AppData\Local\
~ %StartMenu% : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 31 Go of 931 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.38AE1B3C38FAEF56FE4907922F0385BA] - (.Microsoft Corporation - Explorateur Windows.) (.29/08/2016 - 16:04:37.) -- C:\Windows\Explorer.exe [3229696]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F34A9FB73E8EF1CC099BCAA5D1E3B716] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/12/2015 - 15:36:42.) -- C:\Windows\System32\wininet.dll [2238976]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.0DC2A9882540DEA4A55B08785E09D8FC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/04/2017 - 15:53:18.) -- C:\Windows\system32\Drivers\AFD.sys [496128]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9B38580063D281A99E68EF5813022A5F] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.08/09/2016 - 15:55:13.) -- C:\Windows\system32\Drivers\DfsC.sys [106496]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.767C6DF04C5758B9F0790D400541B44F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/09/2017 - 15:53:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [159744]
[MD5.734837208CAFD6E0959A7A0333C95C9D] - (.Microsoft Corporation - MBT Transport driver.) (.11/08/2017 - 07:00:01.) -- C:\Windows\system32\Drivers\netBT.sys [262656]
[MD5.1065D9AFE491706EB00AD3CBB76C9E54] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.17/10/2017 - 00:07:21.) -- C:\Windows\system32\Drivers\ntfs.sys [1680616]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.4DD986720F7CB7A8A5D1226793097B9A] - (.Microsoft Corporation - TDI Translation Driver.) (.29/07/2017 - 15:56:30.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes musiques (My Musics) : 6/12
~ Mes Videos (My Videos) : 2/7
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 1/10504
~ Mon Bureau (My Desktop) : 2/7504
~ Menu demarrer (Programs) : 1/49
~ Hidden Files:  Scanned in 00mn 22s



---\\ Processus lancés
[MD5.B7EFCDAC37FDD07C379F2F66E46CCFEA] - (.NVIDIA Corporation - NVIDIA Container.) -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe   [462784] [PID.1772]
[MD5.A398FACC30544E0412FA853584D72446] - (.Discord Inc. - Discord.) -- C:\Users\admin\AppData\Local\Discord\app-0.0.298\Discord.exe   [57477112] [PID.3968]
[MD5.7EE61FA64639248E67C134BA05EC7373] - (.NVIDIA Corporation - NVIDIA Share.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe   [1540544] [PID.4116]
[MD5.2FB0002B41A368A6A4837F41A2BA0491] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe   [777840] [PID.4264]
[MD5.63DA8D81C46AE1C08DB45AD81E2AD541] - (.Intel Corporation - ISCT SysTray.) -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe   [5545448] [PID.4380]
[MD5.094E4E76FB9AB960A73F841BC6733F42] - (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe   [292848] [PID.4504]
[MD5.34D296AFC913E302953C70463EF09A48] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe   [96056] [PID.4652]
[MD5.A46AA8E9170EDA094F319EF2BF0176A5] - (.Node.js - NVIDIA Web Helper Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe   [15554496] [PID.5624]
[MD5.80372D68706078E41AEC519F4EA48B5E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7867904] [PID.4624]
[MD5.38622FFE9369D3EC01C0097235BD9279] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [83984] [PID.1452]
[MD5.A7EDADFB0AE38AE6F0488F0F2448D8B5] - (.MICRO-STAR INTERNATIONAL CO., LTD. - MSI_Trigger_Service.) -- C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe   [30240] [PID.1712]
[MD5.C8480E5ECBDA858EFB07F9727486CFA1] - (.NVIDIA Corporation - NVIDIA Container.) -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe   [449984] [PID.2148]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe   [169432] [PID.5208]
[MD5.08E2B577DB95156F9A658C988EE71F5D] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe   [390616] [PID.3840]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
~ IE Browser: 21 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 02s
~ Nombre de lignes (Lines number): 16179



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: True Key - [HKLM]{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} . (.Intel Security - True Key Internet Explorer Extension.) -- C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Acrobat Reader DC.lnk . (.Adobe Systems Incorporated - Adobe Acrobat Reader DC.)  -- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
O4 - GS\Desktop [Public]: Acrobat Reader DC.lnk . (.Adobe Systems Incorporated - Adobe Acrobat Reader DC.)  -- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
O4 - GS\Desktop [Public]: Battle.net.lnk . (.Blizzard Entertainment - Blizzard File Switcher.)  -- C:\Program Files (x86)\Battle.net\Battle.net.exe
O4 - GS\Desktop [Public]: FileZilla Client.lnk . (.FileZilla Project - FileZilla FTP Client.)  -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
O4 - GS\Desktop [Public]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.)  -- C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
O4 - GS\Desktop [Public]: GeForce Experience.lnk . (.NVIDIA Corporation - NVIDIA GeForce Experience.)  -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.)  -- C:\Program Files\McAfee Security Scan\3.11.523\McUICnt.exe
O4 - GS\Desktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.)  -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\Desktop [Public]: True Key.lnk . (...)  -- C:\Program Files (x86)\Intel Security\True Key\application\truekey.exe (.not file.)
O4 - GS\Program [Public]: Acrobat Reader DC.lnk . (.Flexera Software LLC - InstallShield.)  -- C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico 
O4 - GS\Program [Public]: Acrobat Reader DC.lnk . (.Flexera Software LLC - InstallShield.)  -- C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico 
O4 - GS\Program [Public]: Epic Games Launcher.lnk . (.Epic Games, Inc. - EpicGamesLauncher.)  -- C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
O4 - GS\Program [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [Public]: Sublime Text 3.lnk . (...)  -- C:\Program Files\Sublime Text 3\sublime_text.exe
O4 - GS\Program [Public]: True Key.lnk . (...)  -- C:\Program Files (x86)\Intel Security\True Key\application\truekey.exe (.not file.)
O4 - GS\QuickLaunch [admin]: CodeBlocks.lnk . (.Code::Blocks Team - Cross-platform IDE built around wxWidgets,.)  -- C:\Program Files (x86)\CodeBlocks\codeblocks.exe
O4 - GS\QuickLaunch [admin]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [admin]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [admin]: Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [admin]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [admin]: Start Tor Browser.lnk . (.Mozilla Corporation - Tor Browser.)  -- C:\Users\admin\Desktop\Tor Browser\Browser\firefox.exe
O4 - GS\SystemTools [admin]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [admin]: Discord.lnk . (.GitHub - Update.)  -- C:\Users\admin\AppData\Local\Discord\Update.exe
O4 - GS\Desktop [admin]: Divers - Raccourci.lnk . (...)  -- C:\Users\Divers
O4 - GS\Desktop [admin]: DTLite - Raccourci.lnk . (.Disc Soft Ltd - DAEMON Tools Lite.)  -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - GS\Desktop [admin]: Film.lnk . (...)  -- C:\Users\Film
O4 - GS\Desktop [admin]: firefox - Raccourci.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [admin]: mumble - Raccourci.lnk . (.Thorvald Natvig - Mumble - Low-latency VoIP client.)  -- C:\Program Files (x86)\Mumble\mumble.exe
O4 - GS\Desktop [admin]: obs64 - Raccourci.lnk . (...)  -- C:\Users\admin\Desktop\Desktop\OBS-Studio-18.0.1-Full\bin\64bit\obs64.exe
O4 - GS\Desktop [admin]: Start Tor Browser.lnk . (.Mozilla Corporation - Tor Browser.)  -- C:\Users\admin\Desktop\Tor Browser\Browser\firefox.exe
O4 - GS\Desktop [admin]: Sublime Text 3.lnk . (...)  -- C:\Program Files (x86)\Sublime Text 3\sublime_text.exe (.not file.)
O4 - GS\Desktop [admin]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Global Startup: 85 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Public]: ISCTSystray.lnk . (...)  -- C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (.not file.)
O4 - GS\Startup [admin]: Alertes de surveillance de l'encre - HP Deskjet 1510 series.lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.)  -- C:\Program Files\HP\HP Deskjet 1510 series\bin\HPStatusBL.dll   =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe   =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKCU\..\Run: [Discord] . (.Discord Inc. - Discord.) -- C:\Users\admin\AppData\Local\Discord\app-0.0.298\Discord.exe
O4 - HKCU\..\Run: [EKNN3S0SI5] . (...) -- C:\Users\admin\AppData\Roaming\Facture.vbs
O4 - HKCU\..\Run: [pluginsChrome.vbs] . (...) -- C:\Users\admin\AppData\Roaming\pluginsChrome.vbs
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe
O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe   =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [amd_dc_opt] . (.AMD - AMD Dual-Core Optimizer.) -- C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2266930556-2297734009-3988504760-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2266930556-2297734009-3988504760-1000\..\Run: [Discord] . (.Discord Inc. - Discord.) -- C:\Users\admin\AppData\Local\Discord\app-0.0.298\Discord.exe
O4 - HKUS\S-1-5-21-2266930556-2297734009-3988504760-1000\..\Run: [EKNN3S0SI5] . (...) -- C:\Users\admin\AppData\Roaming\Facture.vbs
O4 - HKUS\S-1-5-21-2266930556-2297734009-3988504760-1000\..\Run: [pluginsChrome.vbs] . (...) -- C:\Users\admin\AppData\Roaming\pluginsChrome.vbs
O4 - HKUS\S-1-5-21-2266930556-2297734009-3988504760-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-2266930556-2297734009-3988504760-1000\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: HP Smart Print [64Bits] - {22CC3EBD-C286-43aa-B8E6-06B115F74162} . (...) -- C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrint.ico
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C431800-3CBD-4B71-8181-6921364C21EE}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.0.254 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{8C431800-3CBD-4B71-8181-6921364C21EE}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.0.254 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{8C431800-3CBD-4B71-8181-6921364C21EE}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.0.254 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.0.254 212.27.40.240 212.27.40.241
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service Installer TrueKey (InstallerService) . (...) - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe (.not file.)
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) . (.Pas de propriétaire - ISCT Agent Application.) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
~ Services: 14 Legitimates Filtered in 00mn 01s



---\\ Tâches planifiées en automatique (O39)
[MD5.D41D8CD98F00B204E9800998ECF8427E] [APT] [CleanTemps] (...) -- C:\MaConfig\Process\CleanTemps.cmd"    [198]
[MD5.00000000000000000000000000000000] [APT] [{1930847B-8C76-4525-9993-DF6B39E1E8B6}] (...) -- C:\Users\admin\AppData\Roaming\mystartsearch\UninstallManager.exe (.not file.)   [0]  =>PUP.StartSearch
[MD5.00000000000000000000000000000000] [APT] [{3B5B6D31-CDA0-4231-AE08-41D19A660669}] (...) -- C:\Users\admin\AppData\Roaming\oursurfing\UninstallManager.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{9FEB2860-8828-4E89-A82B-0DDC5E57A934}] (...) -- C:\Users\admin\Downloads\LoLRADS_EUW\lol.launcher.admin.exe (.not file.)   [0]
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{B49E5B76-D8C4-4237-ACCA-3284F27ECC77}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe   [97856]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 01s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver:  (ESProtectionDriver) . (...) - C:\Windows\system32\drivers\mbae64.sys
~ Drivers: 70 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: ASTRONEER - (.System Era Softworks.) [HKLM][64Bits] -- Steam App 361420
O42 - Logiciel: Banished - (.Shining Rock Software LLC.) [HKLM][64Bits] -- Steam App 242920
O42 - Logiciel: Blackwake - (.Mastfire Studios Pty Ltd.) [HKLM][64Bits] -- Steam App 420290
O42 - Logiciel: Discord - (.Discord Inc..) [HKCU][64Bits] -- Discord
O42 - Logiciel: Expeditions: Viking - (.Logic Artists.) [HKLM][64Bits] -- Steam App 445190
O42 - Logiciel: Foxhole - (.Clapfoot.) [HKLM][64Bits] -- Steam App 505460
O42 - Logiciel: Friday the 13th: The Game - (.IllFonic.) [HKLM][64Bits] -- Steam App 438740
O42 - Logiciel: Mushroom Wars 2 - (.Zillion Whales.) [HKLM][64Bits] -- Steam App 457730
O42 - Logiciel: PLAYERUNKNOWN'S BATTLEGROUNDS - (.Bluehole, Inc..) [HKLM][64Bits] -- Steam App 578080
O42 - Logiciel: Patch Jpogland v3 premium - (.Jpogland.) [HKLM][64Bits] -- {20066218-72F3-4E21-8FB2-6E042F205FB0}_is1
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM][64Bits] -- PokerStars.fr
O42 - Logiciel: Rolistik 1.1 - (.Romain CAMPIONI.) [HKLM][64Bits] -- Rolistik_is1
O42 - Logiciel: Sauro et Ultra - (...) [HKLM][64Bits] -- Sauro et Ultra
O42 - Logiciel: Vulkan Run Time Libraries 1.0.3.0 - (.LunarG, Inc..) [HKLM][64Bits] -- VulkanRT1.0.3.0
O42 - Logiciel: Vulkan Run Time Libraries 1.0.42.1 - (.LunarG, Inc..) [HKLM][64Bits] -- VulkanRT1.0.42.1
~ Logic: 32 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\DefaultCompany]
[HKCU\Software\Dire Wolf Digital]
[HKCU\Software\Home Net Games]
[HKCU\Software\JutsuGames]
[HKCU\Software\Kitfox Games]
[HKCU\Software\Kromtech]
[HKCU\Software\LionsShade]
[HKCU\Software\Logic Artists]
[HKCU\Software\Ludeon Studios]
[HKCU\Software\Madruga Works]
[HKCU\Software\Mastfire Studios]
[HKCU\Software\MuHa Games]
[HKCU\Software\Pando Networks]
[HKCU\Software\ProtectedStorage]
[HKCU\Software\Robot Gentleman]
[HKCU\Software\SKS]
[HKCU\Software\Sandbox Interactive GmbH]
[HKCU\Software\SandboxInteractive]
[HKCU\Software\TrueKey]
[HKCU\Software\U-Play online]
[HKCU\Software\Zillion Whales]
[HKCU\Software\canortic]
[HKCU\Software\inXile]
[HKLM\Software\BigNox]
[HKLM\Software\Wow6432Node\AIM Toolbar]
[HKLM\Software\Wow6432Node\BigNox]
[HKLM\Software\Wow6432Node\EpicGames]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\Sandbox Interactive GmbH]
[HKLM\Software\Wow6432Node\SpeedBit]
[HKLM\Software\Wow6432Node\TrueKey]
[HKLM\Software\Wow6432Node\inXile]
~ Key Software: 475 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/02/2015 - 16:42:17 - [] ----D C:\Program Files (x86)\Free Codec Pack
O43 - CFD: 22/04/2014 - 12:58:43 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 14/04/2017 - 21:24:54 - [] ----D C:\Program Files (x86)\PokerStars.FR
O43 - CFD: 22/08/2015 - 23:08:00 - [] ----D C:\Program Files (x86)\Rolistik
O43 - CFD: 21/06/2015 - 19:00:33 - [] ----D C:\Program Files (x86)\Universal Interactive
O43 - CFD: 27/05/2017 - 18:13:14 - [] ----D C:\Program Files (x86)\VulkanRT
O43 - CFD: 14/04/2017 - 21:43:16 - [0] ----D C:\Program Files (x86)\Common Files\AV
O43 - CFD: 16/07/2015 - 19:23:42 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 22/04/2014 - 13:00:43 - [] ----D C:\ProgramData\Elder Scrolls Online
O43 - CFD: 12/06/2016 - 20:24:57 - [] ----D C:\ProgramData\Epic
O43 - CFD: 06/04/2017 - 08:31:18 - [] ----D C:\ProgramData\SquirrelMachineInstalls
O43 - CFD: 14/09/2016 - 21:45:00 - [] ----D C:\ProgramData\TrueKey
O43 - CFD: 19/11/2014 - 18:35:30 - [] ----D C:\Users\admin\AppData\Roaming\11bitstudios
O43 - CFD: 05/03/2017 - 22:46:44 - [] ----D C:\Users\admin\AppData\Roaming\7DaysToDie
O43 - CFD: 19/03/2017 - 17:34:13 - [0] ----D C:\Users\admin\AppData\Roaming\Albion
O43 - CFD: 21/03/2017 - 22:14:00 - [] ----D C:\Users\admin\AppData\Roaming\AlbionOnline
O43 - CFD: 06/04/2016 - 19:28:40 - [] ----D C:\Users\admin\AppData\Roaming\cef-cache
O43 - CFD: 06/04/2016 - 21:29:05 - [] ----D C:\Users\admin\AppData\Roaming\cef3-cache
O43 - CFD: 09/08/2017 - 20:33:01 - [] ----D C:\Users\admin\AppData\Roaming\discord
O43 - CFD: 27/11/2017 - 21:11:44 - [0] ----D C:\Users\admin\AppData\Roaming\Google Player html5
O43 - CFD: 12/08/2016 - 20:33:02 - [] ----D C:\Users\admin\AppData\Roaming\HelloGames
O43 - CFD: 27/11/2017 - 21:11:44 - [] ----D C:\Users\admin\AppData\Roaming\Imminent
O43 - CFD: 16/08/2014 - 14:14:15 - [0] ----D C:\Users\admin\AppData\Roaming\Mediatronic
O43 - CFD: 14/10/2017 - 14:25:16 - [] ----D C:\Users\admin\AppData\Roaming\obs-studio
O43 - CFD: 06/04/2016 - 19:28:34 - [] ----D C:\Users\admin\AppData\Roaming\PartyFrance
O43 - CFD: 06/05/2014 - 01:08:09 - [] ----D C:\Users\admin\AppData\Roaming\wam
O43 - CFD: 07/06/2015 - 12:23:03 - [] ----D C:\Users\admin\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 22/07/2015 - 08:34:34 - [] ----D C:\Users\admin\AppData\Local\CEF
O43 - CFD: 20/10/2014 - 19:28:02 - [] ----D C:\Users\admin\AppData\Local\DayZ
O43 - CFD: 09/08/2017 - 00:32:14 - [] ----D C:\Users\admin\AppData\Local\Discord
O43 - CFD: 06/08/2017 - 00:17:16 - [] ----D C:\Users\admin\AppData\Local\Foxhole
O43 - CFD: 19/04/2017 - 15:08:54 - [] ----D C:\Users\admin\AppData\Local\Frontier_Developments
O43 - CFD: 22/07/2015 - 09:11:08 - [] ----D C:\Users\admin\AppData\Local\GWX
O43 - CFD: 05/03/2016 - 01:00:45 - [] ----D C:\Users\admin\AppData\Local\kt
O43 - CFD: 21/09/2016 - 05:42:04 - [] ----D C:\Users\admin\AppData\Local\Nox
O43 - CFD: 14/04/2017 - 21:24:47 - [] ----D C:\Users\admin\AppData\Local\PokerStars.FR
O43 - CFD: 19/03/2017 - 16:29:02 - [] ----D C:\Users\admin\AppData\Local\Sandbox Interactive GmbH
O43 - CFD: 06/04/2017 - 20:49:48 - [] ----D C:\Users\admin\AppData\Local\SquirrelTemp
O43 - CFD: 26/05/2017 - 17:57:58 - [] ----D C:\Users\admin\AppData\Local\SummerCamp
O43 - CFD: 28/01/2017 - 13:43:08 - [] ----D C:\Users\admin\AppData\Local\tkdata
O43 - CFD: 30/03/2017 - 21:18:05 - [] ----D C:\Users\admin\AppData\Local\TslGame
O43 - CFD: 19/03/2017 - 16:26:41 - [] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albion Online
O43 - CFD: 09/08/2017 - 00:32:29 - [0] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
O43 - CFD: 06/04/2017 - 20:49:45 - [] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
O43 - CFD: 21/06/2015 - 20:27:18 - [0] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sauro et Ultra
O43 - CFD: 21/06/2015 - 19:01:01 - [] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Universal Interactive
~ Program Folder: 311 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7D0520A12B31E6858B3BB7E675AFA34E] - 27/11/2017 - 21:02:41 ---A- . (...) -- C:\Windows\System32\Drivers\mbae64.sys   [77432]
~ Files: 81 Legitimates Filtered in 00mn 01s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
~ LSA: 11 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{2fbadafd-cc7d-11e3-bf79-448a5b26c9e6}\AutoRun\command. (...) -- F:\setup.exe (.not file.)
O51 - MPSK:{5a5b624e-cc82-11e3-80b3-806e6f6e6963}\AutoRun\command. (...) -- E:\setup.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Discord  [Key] . (.Hammer & Chisel, Inc. - Discord - https://discordapp.com/.) -- C:\ProgramData\SquirrelMachineInstalls\Discord.exe
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:01/08/2013 - 16:01:32 ---A- . (.Pas de propriétaire - Intel Keyboard Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\ikbevent.sys   [21408]
O58 - SDL:01/08/2013 - 16:01:34 ---A- . (.Pas de propriétaire - Intel Mouse Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\imsevent.sys   [21920]
O58 - SDL:01/08/2013 - 16:01:32 ---A- . (...) -- C:\Windows\System32\Drivers\INETMON.sys   [29088]
O58 - SDL:01/08/2013 - 16:01:32 ---A- . (.Pas de propriétaire - Intel(R) Smart Connect Technology Device Driver.) -- C:\Windows\System32\Drivers\ISCTD64.sys   [46568]
O58 - SDL:01/11/2017 - 08:54:56 ---A- . (...) -- C:\Windows\System32\Drivers\mbae64.sys   [77432]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
~ Drivers: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 01/08/2013 - C:\Windows\system32\Drivers\INETMON.sys (INETMON) .(...) - LEGACY_INETMON
~ Legacy: 91 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{67B76DBC-EAD0-4765-9745-FACE0DE0321C}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{E4AEF2D8-934C-43F3-A66B-54CE5F764B87}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 03s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.E82D3ACB5440AD573BA89AB4E8403427] [WIS][21/02/2003] (.Universal Interactive - Jurassic Park Operation Genesis.) -- C:\Windows\Installer\23fed463.msi   [29706752]  =>PUP.Genesis
~ WIS: 1 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/11/2017 272384 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 05/08/2017 1465352 |  (BEService) . (...) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
SS - | Demand 12/04/2014 477960 |  (BRSptSvc) . (.BitRaider, LLC.) - C:\ProgramData\BitRaider\BRSptSvc.exe
SS - | Auto 28/08/2015 144200 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/08/2015 144200 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 10/07/1658 0 |  (InstallerService) . (...) - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe
SS - | Demand 27/08/2013 828376 |  (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 25/07/2013 54976 |  (intelsba) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
SS - | Auto 01/11/2017 6234056 |  (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
SS - | Demand 20/03/2017 404376 |  (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe
SS - | Demand 20/11/2017 194000 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 19/09/2017 512960 |  (NvContainerNetworkService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
SS - | Auto 27/02/2017 317400 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 31/10/2017 1641248 |  (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 26/06/2017 87760 |  (TrueKeyServiceHelper) . (.McAfee, Inc..) - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
SS - | Demand 01/05/2014 24576 |  (wampapache64) . (.Apache Software Foundation.) - c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
SS - | Demand 01/05/2014 12942848 |  (wampmysqld64) . (...) - c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe
SR - | Auto 27/09/2017 83984 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 27/08/2013 747520 |  (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 01/08/2013 198120 |  (ISCTAgent) . (...) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
SR - | Auto 16/09/2013 169432 |  (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 16/09/2013 390616 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 26/09/2013 30240 |  (MSI_Trigger_Service) . (.MICRO-STAR INTERNATIONAL CO., LTD..) - C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
SR - | Auto 19/09/2017 512960 |  (NvContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
SR - | Auto 18/05/2017 462968 |  (NVDisplay.ContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
SR - | Auto 19/09/2017 449984 |  (NvTelemetryContainer) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
SR - | Auto 26/06/2017 1001920 |  (TrueKey) . (.McAfee, Inc..) - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
SR - | Auto 26/06/2017 16928 |  (TrueKeyScheduler) . (.McAfee, Inc..) - C:\Program Files\TrueKey\McTkSchedulerService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 03s



---\\ Scan Additionnel (O88)
Database Version : 13045 - (24/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 1

C:\Windows\Installer\23fed463.msi   =>PUP.Genesis^
~ Additionnel Scan: 656786 Items scanned in 03mn 05s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch  =>PUP.StartSearch
~ MSI: 1 link(s) detected in 00mn 00s



~ 1134 Legitimates filtered by white list
End of the scan (542 lines in 03mn 55s)(0)

Merci de me dire ce que je peut faire de plus
Cedric339
 
Messages: 10
Enregistré le: 25 Avr 2014 11:12

Re: PC contrôlé à distance

Message non lupar PapyNet le 28 Nov 2017 10:04

Hello!

Attention à désactiver votre antivirus le temps des opérations de décontamination (sauf si MSE ou Defender).

Appliquez le point 7 de la procédure :http://www.saamu.net/topic1545.html#p27406
c'est à dire ceci :

7°Recommandations pour une meilleure protection

Le Fichier Hosts : il permet de bloquer les accès aux sites "dangereux" pour TOUTES les navigations
Pour installer le fichier Hosts du saamu : http://www.saamu.net/topic3112.html
Pour en savoir plus sur le fichier hosts : http://assiste.com.free.fr/p/hosts/hosts_introduction_a_hosts.html

Le Nettoyage des Dossiers Temps
Normalement ces dossiers devraient être vides lorsqu'on arrête l'ordinateur. Dans les faits il n'en est rien.
Pour l'installer regardez ceci : http://www.saamu.net/topic3704.html


ZPHCLEANER :
Il combine l'analyse, et le nettoyage

Systématiquement le télécharger

https://www.nicolascoolman.com/fr/download/zhpcleaner/

Petit tuto ! : http://sospc.name/zhpcleaner-nouvelle-version-tuto-complet/




L'installation crée un icône sur le bureau et utilisez le pour lancer ZhpCleaner

Pour avoir cette fenêtre

La 1ère chose à faire c'est le Scan
Image

SCANNER :
il est possible que vous receviez des messages comme celui-ci
Image
Si vous avez spécifié les adresses ip pour les DNS, il faut surtout répondre OUI ! (sinon vous n'aurez plus d'accès aux sites)

Image

Il signale le nombre de suspects ! (3 dans mon exemple)


ensuite
NETTOYER


et affichage du rapport de nettoyage dans blocnotes

Ensuite mettez ici les liens des rapports hébergés
en suivant cette procédure : http://www.saamu.net/topic1545.html#p18377
- du rapport zhpcleaner nettoyage
- d'une nouvelle prise de sang zhpdiag
Bien cordialement
Georges (P@py.net)
La Connaissance s'accroît quand on la partage (Socrate)
Avatar de l’utilisateur
PapyNet
Fondateur
Fondateur
 
Messages: 11462
Enregistré le: 03 Avr 2008 16:41
Localisation: Machecoul France

Re: PC contrôlé à distance

Message non lupar Malko61 le 28 Nov 2017 10:42

Salut Cedric339

Vu que tu as posté un Log de ZHP, il serait souhaitable, avant de procéder au nettoyage de PapyNet, de traiter le contenu de ton Log. Nénamoins, si tu as déjà effectué les corrections conseillées par PapyNet, il ne faudra plus tenir compte de ton 1er Log ZHP, et tu devras ré-effectuer une nouvelle analyse via ZHP pour générer un nouveau Log.

Ensuite, pour analyser ton Log ZHP, tu peux utiliser ZHPLite du même développeur. Il te permettra de générer automatiquement un script de nettoyage pour corriger les quelques erreurs qui restent.

 !  "PapyNet":
SVP, laissez notre ami faire ce que je lui ai conseillé !
La connaissance s’accroît quand on la partage (Socrate / JC Bellamy).
Carpe Diem
Avatar de l’utilisateur
Malko61
 
Messages: 8
Enregistré le: 28 Nov 2017 09:16
Localisation: Normandie ! (enfin à 400m...)

Re: PC contrôlé à distance

Message non lupar Cedric339 le 28 Nov 2017 19:04

Bonjour,

Merci pour vos réponses

Alors je n'ai pas pu utiliser le site de partage de fichier celui-ci étant payant donc je vous transmet directement les résultats

ZHPCleaner
Code: Tout sélectionner
~ ZHPCleaner v2017.6.3.265 by Nicolas Coolman (2015\06\3)
~ Run by admin (Administrator)  (28/11/2017 18:25:59)
~ Site : http://nicolascoolman.com/fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scanner
~ Report : C:\Users\admin\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\admin\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Service. (0)
~ Aucun élément malicieux trouvé.


---\\  Navigateur internet. (0)
~ Aucun élément malicieux trouvé.


---\\  Fichier hôte. (0)
~ Aucun élément malicieux trouvé.


---\\  Tâche planifiée. (0)
~ Aucun élément malicieux trouvé.


---\\  Explorateur  ( Dossiers, Fichiers ). (0)
~ Aucun élément malicieux trouvé.


---\\  Base de Registres ( Clés, Valeurs, Données ). (0)
~ Aucun élément malicieux trouvé.


---\\ Bilan de la réparation
~ Aucune réparation effectuée.
~ Ce navigateur est absent  (Opera Software)


---\\ Statistiques
~ Items scannés : 64107
~ Items trouvés : 0
~ Items annulés : 0
~ Items réparés : 0


End of clean at 18:28:46
===================
ZHPCleaner-[R]-14042017-23_19_49.txt
ZHPCleaner-[S]-14042017-23_14_28.txt
ZHPCleaner-[S]-14062015-15_01_59.txt
ZHPCleaner-[S]-27112017-21_24_17.txt
ZHPCleaner-[S]-28112017-18_25_03.txt
ZHPCleaner-[S]-28112017-18_28_46.txt


ZHPDiag
Code: Tout sélectionner
~ Rapport de ZHPDiag v2014.4.24.43 - Nicolas Coolman  (24/04/2014)
~ Lancé par admin (28/11/2017 18:53:55)
~ Adresse du Site Web  http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.17609
GCIE: Google Chrome v62.0.3202.94

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : 9P63G
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
McAfee Security Scan Plus v3.11.523.1
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 27 NPAPI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8120 MB (63% free)
System Restore: Activé (Enable)
System drive C: has 24 GB (2%) free of 931 GB

---\\ Mode de connexion au système
~ Computer Name: PC
~ User Name: admin
~ All Users Names: HomeGroupUser$, Administrateur, admin,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\admin\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\admin\AppData\Roaming\
~ %Desktop% : C:\Users\admin\Desktop\
~ %Favorites% : C:\Users\admin\Favorites\
~ %LocalAppData% : C:\Users\admin\AppData\Local\
~ %StartMenu% : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 24 Go of 931 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.38AE1B3C38FAEF56FE4907922F0385BA] - (.Microsoft Corporation - Explorateur Windows.) (.29/08/2016 - 16:04:37.) -- C:\Windows\Explorer.exe [3229696]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F34A9FB73E8EF1CC099BCAA5D1E3B716] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/12/2015 - 15:36:42.) -- C:\Windows\System32\wininet.dll [2238976]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.0DC2A9882540DEA4A55B08785E09D8FC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/04/2017 - 15:53:18.) -- C:\Windows\system32\Drivers\AFD.sys [496128]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9B38580063D281A99E68EF5813022A5F] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.08/09/2016 - 15:55:13.) -- C:\Windows\system32\Drivers\DfsC.sys [106496]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.767C6DF04C5758B9F0790D400541B44F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/09/2017 - 15:53:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [159744]
[MD5.734837208CAFD6E0959A7A0333C95C9D] - (.Microsoft Corporation - MBT Transport driver.) (.11/08/2017 - 07:00:01.) -- C:\Windows\system32\Drivers\netBT.sys [262656]
[MD5.1065D9AFE491706EB00AD3CBB76C9E54] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.17/10/2017 - 00:07:21.) -- C:\Windows\system32\Drivers\ntfs.sys [1680616]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.4DD986720F7CB7A8A5D1226793097B9A] - (.Microsoft Corporation - TDI Translation Driver.) (.29/07/2017 - 15:56:30.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes musiques (My Musics) : 6/12
~ Mes Videos (My Videos) : 2/21
~ Mes Favoris (My Favorites) : 1/75
~ Mes Documents (My Documents) : 1/31512
~ Mon Bureau (My Desktop) : 2/22518
~ Menu demarrer (Programs) : 1/141
~ Hidden Files:  Scanned in 00mn 02s



---\\ Processus lancés
[MD5.B7EFCDAC37FDD07C379F2F66E46CCFEA] - (.NVIDIA Corporation - NVIDIA Container.) -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe   [462784] [PID.1128]
[MD5.7EE61FA64639248E67C134BA05EC7373] - (.NVIDIA Corporation - NVIDIA Share.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe   [1540544] [PID.592]
[MD5.A46AA8E9170EDA094F319EF2BF0176A5] - (.Node.js - NVIDIA Web Helper Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe   [15554496] [PID.2868]
[MD5.2FB0002B41A368A6A4837F41A2BA0491] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe   [777840] [PID.5860]
[MD5.97C4CC689E4DE577466F19F9E88BA795] - (.Spotify Ltd - Spotify.) -- C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe   [21076080] [PID.5136]
[MD5.63DA8D81C46AE1C08DB45AD81E2AD541] - (.Intel Corporation - ISCT SysTray.) -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe   [5545448] [PID.2040]
[MD5.094E4E76FB9AB960A73F841BC6733F42] - (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe   [292848] [PID.5564]
[MD5.34D296AFC913E302953C70463EF09A48] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe   [96056] [PID.5336]
[MD5.80372D68706078E41AEC519F4EA48B5E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7867904] [PID.7376]
[MD5.38622FFE9369D3EC01C0097235BD9279] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [83984] [PID.1444]
[MD5.A7EDADFB0AE38AE6F0488F0F2448D8B5] - (.MICRO-STAR INTERNATIONAL CO., LTD. - MSI_Trigger_Service.) -- C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe   [30240] [PID.1816]
[MD5.C8480E5ECBDA858EFB07F9727486CFA1] - (.NVIDIA Corporation - NVIDIA Container.) -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe   [449984] [PID.1936]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe   [169432] [PID.1168]
[MD5.08E2B577DB95156F9A658C988EE71F5D] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe   [390616] [PID.3780]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
~ IE Browser: 21 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 01s
~ Nombre de lignes (Lines number): 15093



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: True Key - [HKLM]{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} . (.Intel Security - True Key Internet Explorer Extension.) -- C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Acrobat Reader DC.lnk . (.Adobe Systems Incorporated - Adobe Acrobat Reader DC.)  -- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
O4 - GS\Desktop [Public]: Acrobat Reader DC.lnk . (.Adobe Systems Incorporated - Adobe Acrobat Reader DC.)  -- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
O4 - GS\Desktop [Public]: Battle.net.lnk . (.Blizzard Entertainment - Blizzard File Switcher.)  -- C:\Program Files (x86)\Battle.net\Battle.net.exe
O4 - GS\Desktop [Public]: FileZilla Client.lnk . (.FileZilla Project - FileZilla FTP Client.)  -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
O4 - GS\Desktop [Public]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.)  -- C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
O4 - GS\Desktop [Public]: GeForce Experience.lnk . (.NVIDIA Corporation - NVIDIA GeForce Experience.)  -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.)  -- C:\Program Files\McAfee Security Scan\3.11.523\McUICnt.exe
O4 - GS\Desktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.)  -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\Desktop [Public]: True Key.lnk . (...)  -- C:\Program Files (x86)\Intel Security\True Key\application\truekey.exe (.not file.)
O4 - GS\Program [Public]: Acrobat Reader DC.lnk . (.Flexera Software LLC - InstallShield.)  -- C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico 
O4 - GS\Program [Public]: Acrobat Reader DC.lnk . (.Flexera Software LLC - InstallShield.)  -- C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico 
O4 - GS\Program [Public]: Epic Games Launcher.lnk . (.Epic Games, Inc. - EpicGamesLauncher.)  -- C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
O4 - GS\Program [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [Public]: Sublime Text 3.lnk . (...)  -- C:\Program Files\Sublime Text 3\sublime_text.exe
O4 - GS\Program [Public]: True Key.lnk . (...)  -- C:\Program Files (x86)\Intel Security\True Key\application\truekey.exe (.not file.)
O4 - GS\QuickLaunch [admin]: CodeBlocks.lnk . (.Code::Blocks Team - Cross-platform IDE built around wxWidgets,.)  -- C:\Program Files (x86)\CodeBlocks\codeblocks.exe
O4 - GS\QuickLaunch [admin]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [admin]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [admin]: Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [admin]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [admin]: Start Tor Browser.lnk . (.Mozilla Corporation - Tor Browser.)  -- C:\Users\admin\Desktop\Tor Browser\Browser\firefox.exe
O4 - GS\SystemTools [admin]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [admin]: Discord.lnk . (.GitHub - Update.)  -- C:\Users\admin\AppData\Local\Discord\Update.exe
O4 - GS\Desktop [admin]: Divers - Raccourci.lnk . (...)  -- C:\Users\Divers
O4 - GS\Desktop [admin]: DTLite - Raccourci.lnk . (.Disc Soft Ltd - DAEMON Tools Lite.)  -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - GS\Desktop [admin]: Film.lnk . (...)  -- C:\Users\Film
O4 - GS\Desktop [admin]: firefox - Raccourci.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [admin]: mumble - Raccourci.lnk . (.Thorvald Natvig - Mumble - Low-latency VoIP client.)  -- C:\Program Files (x86)\Mumble\mumble.exe
O4 - GS\Desktop [admin]: obs64 - Raccourci.lnk . (...)  -- C:\Users\admin\Desktop\Desktop\OBS-Studio-18.0.1-Full\bin\64bit\obs64.exe
O4 - GS\Desktop [admin]: Start Tor Browser.lnk . (.Mozilla Corporation - Tor Browser.)  -- C:\Users\admin\Desktop\Tor Browser\Browser\firefox.exe
O4 - GS\Desktop [admin]: Sublime Text 3.lnk . (...)  -- C:\Program Files (x86)\Sublime Text 3\sublime_text.exe (.not file.)
O4 - GS\Desktop [admin]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Global Startup: 85 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Public]: ISCTSystray.lnk . (...)  -- C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (.not file.)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe   =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKCU\..\Run: [Discord] . (.Discord Inc. - Discord.) -- C:\Users\admin\AppData\Local\Discord\app-0.0.298\Discord.exe
O4 - HKCU\..\Run: [EKNN3S0SI5] . (...) -- C:\Users\admin\AppData\Roaming\Facture.vbs
O4 - HKCU\..\Run: [pluginsChrome.vbs] . (...) -- C:\Users\admin\AppData\Roaming\pluginsChrome.vbs
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe
O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe   =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [amd_dc_opt] . (.AMD - AMD Dual-Core Optimizer.) -- C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2266930556-2297734009-3988504760-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2266930556-2297734009-3988504760-1000\..\Run: [Discord] . (.Discord Inc. - Discord.) -- C:\Users\admin\AppData\Local\Discord\app-0.0.298\Discord.exe
O4 - HKUS\S-1-5-21-2266930556-2297734009-3988504760-1000\..\Run: [EKNN3S0SI5] . (...) -- C:\Users\admin\AppData\Roaming\Facture.vbs
O4 - HKUS\S-1-5-21-2266930556-2297734009-3988504760-1000\..\Run: [pluginsChrome.vbs] . (...) -- C:\Users\admin\AppData\Roaming\pluginsChrome.vbs
O4 - HKUS\S-1-5-21-2266930556-2297734009-3988504760-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-2266930556-2297734009-3988504760-1000\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: HP Smart Print [64Bits] - {22CC3EBD-C286-43aa-B8E6-06B115F74162} . (...) -- C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrint.ico
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C431800-3CBD-4B71-8181-6921364C21EE}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.0.254 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{8C431800-3CBD-4B71-8181-6921364C21EE}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.0.254 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{8C431800-3CBD-4B71-8181-6921364C21EE}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.0.254 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.0.254 212.27.40.240 212.27.40.241
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service Installer TrueKey (InstallerService) . (...) - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe (.not file.)
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) . (.Pas de propriétaire - ISCT Agent Application.) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
~ Services: 14 Legitimates Filtered in 00mn 01s



---\\ Tâches planifiées en automatique (O39)
[MD5.D41D8CD98F00B204E9800998ECF8427E] [APT] [CleanTemps] (...) -- C:\MaConfig\Process\CleanTemps.cmd"    [269]
[MD5.00000000000000000000000000000000] [APT] [{1930847B-8C76-4525-9993-DF6B39E1E8B6}] (...) -- C:\Users\admin\AppData\Roaming\mystartsearch\UninstallManager.exe (.not file.)   [0]  =>PUP.StartSearch
[MD5.00000000000000000000000000000000] [APT] [{3B5B6D31-CDA0-4231-AE08-41D19A660669}] (...) -- C:\Users\admin\AppData\Roaming\oursurfing\UninstallManager.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{9FEB2860-8828-4E89-A82B-0DDC5E57A934}] (...) -- C:\Users\admin\Downloads\LoLRADS_EUW\lol.launcher.admin.exe (.not file.)   [0]
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{B49E5B76-D8C4-4237-ACCA-3284F27ECC77}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe   [97856]
~ Scheduled Task: 63 Legitimates Filtered in 00mn 00s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver:  (ESProtectionDriver) . (...) - C:\Windows\system32\drivers\mbae64.sys
~ Drivers: 70 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: ASTRONEER - (.System Era Softworks.) [HKLM][64Bits] -- Steam App 361420
O42 - Logiciel: Banished - (.Shining Rock Software LLC.) [HKLM][64Bits] -- Steam App 242920
O42 - Logiciel: Blackwake - (.Mastfire Studios Pty Ltd.) [HKLM][64Bits] -- Steam App 420290
O42 - Logiciel: Discord - (.Discord Inc..) [HKCU][64Bits] -- Discord
O42 - Logiciel: Expeditions: Viking - (.Logic Artists.) [HKLM][64Bits] -- Steam App 445190
O42 - Logiciel: Foxhole - (.Clapfoot.) [HKLM][64Bits] -- Steam App 505460
O42 - Logiciel: Friday the 13th: The Game - (.IllFonic.) [HKLM][64Bits] -- Steam App 438740
O42 - Logiciel: Mushroom Wars 2 - (.Zillion Whales.) [HKLM][64Bits] -- Steam App 457730
O42 - Logiciel: PLAYERUNKNOWN'S BATTLEGROUNDS - (.Bluehole, Inc..) [HKLM][64Bits] -- Steam App 578080
O42 - Logiciel: Patch Jpogland v3 premium - (.Jpogland.) [HKLM][64Bits] -- {20066218-72F3-4E21-8FB2-6E042F205FB0}_is1
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM][64Bits] -- PokerStars.fr
O42 - Logiciel: Rolistik 1.1 - (.Romain CAMPIONI.) [HKLM][64Bits] -- Rolistik_is1
O42 - Logiciel: Sauro et Ultra - (...) [HKLM][64Bits] -- Sauro et Ultra
O42 - Logiciel: Vulkan Run Time Libraries 1.0.3.0 - (.LunarG, Inc..) [HKLM][64Bits] -- VulkanRT1.0.3.0
O42 - Logiciel: Vulkan Run Time Libraries 1.0.42.1 - (.LunarG, Inc..) [HKLM][64Bits] -- VulkanRT1.0.42.1
~ Logic: 32 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\DefaultCompany]
[HKCU\Software\Dire Wolf Digital]
[HKCU\Software\Home Net Games]
[HKCU\Software\JutsuGames]
[HKCU\Software\Kitfox Games]
[HKCU\Software\Kromtech]
[HKCU\Software\LionsShade]
[HKCU\Software\Logic Artists]
[HKCU\Software\Ludeon Studios]
[HKCU\Software\Madruga Works]
[HKCU\Software\Mastfire Studios]
[HKCU\Software\MuHa Games]
[HKCU\Software\Pando Networks]
[HKCU\Software\ProtectedStorage]
[HKCU\Software\Robot Gentleman]
[HKCU\Software\SKS]
[HKCU\Software\Sandbox Interactive GmbH]
[HKCU\Software\SandboxInteractive]
[HKCU\Software\TrueKey]
[HKCU\Software\U-Play online]
[HKCU\Software\Zillion Whales]
[HKCU\Software\canortic]
[HKCU\Software\inXile]
[HKLM\Software\BigNox]
[HKLM\Software\Wow6432Node\AIM Toolbar]
[HKLM\Software\Wow6432Node\BigNox]
[HKLM\Software\Wow6432Node\EpicGames]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\Sandbox Interactive GmbH]
[HKLM\Software\Wow6432Node\SpeedBit]
[HKLM\Software\Wow6432Node\TrueKey]
[HKLM\Software\Wow6432Node\inXile]
~ Key Software: 476 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/02/2015 - 16:42:17 - [] ----D C:\Program Files (x86)\Free Codec Pack
O43 - CFD: 22/04/2014 - 12:58:43 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 14/04/2017 - 21:24:54 - [] ----D C:\Program Files (x86)\PokerStars.FR
O43 - CFD: 22/08/2015 - 23:08:00 - [] ----D C:\Program Files (x86)\Rolistik
O43 - CFD: 21/06/2015 - 19:00:33 - [] ----D C:\Program Files (x86)\Universal Interactive
O43 - CFD: 27/05/2017 - 18:13:14 - [] ----D C:\Program Files (x86)\VulkanRT
O43 - CFD: 14/04/2017 - 21:43:16 - [0] ----D C:\Program Files (x86)\Common Files\AV
O43 - CFD: 16/07/2015 - 19:23:42 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 22/04/2014 - 13:00:43 - [] ----D C:\ProgramData\Elder Scrolls Online
O43 - CFD: 12/06/2016 - 20:24:57 - [] ----D C:\ProgramData\Epic
O43 - CFD: 06/04/2017 - 08:31:18 - [] ----D C:\ProgramData\SquirrelMachineInstalls
O43 - CFD: 14/09/2016 - 21:45:00 - [] ----D C:\ProgramData\TrueKey
O43 - CFD: 19/11/2014 - 18:35:30 - [] ----D C:\Users\admin\AppData\Roaming\11bitstudios
O43 - CFD: 05/03/2017 - 22:46:44 - [] ----D C:\Users\admin\AppData\Roaming\7DaysToDie
O43 - CFD: 19/03/2017 - 17:34:13 - [0] ----D C:\Users\admin\AppData\Roaming\Albion
O43 - CFD: 21/03/2017 - 22:14:00 - [] ----D C:\Users\admin\AppData\Roaming\AlbionOnline
O43 - CFD: 06/04/2016 - 19:28:40 - [] ----D C:\Users\admin\AppData\Roaming\cef-cache
O43 - CFD: 06/04/2016 - 21:29:05 - [] ----D C:\Users\admin\AppData\Roaming\cef3-cache
O43 - CFD: 09/08/2017 - 20:33:01 - [] ----D C:\Users\admin\AppData\Roaming\discord
O43 - CFD: 27/11/2017 - 21:11:44 - [0] ----D C:\Users\admin\AppData\Roaming\Google Player html5
O43 - CFD: 12/08/2016 - 20:33:02 - [] ----D C:\Users\admin\AppData\Roaming\HelloGames
O43 - CFD: 27/11/2017 - 21:11:44 - [] ----D C:\Users\admin\AppData\Roaming\Imminent
O43 - CFD: 16/08/2014 - 14:14:15 - [0] ----D C:\Users\admin\AppData\Roaming\Mediatronic
O43 - CFD: 14/10/2017 - 14:25:16 - [] ----D C:\Users\admin\AppData\Roaming\obs-studio
O43 - CFD: 06/04/2016 - 19:28:34 - [] ----D C:\Users\admin\AppData\Roaming\PartyFrance
O43 - CFD: 06/05/2014 - 01:08:09 - [] ----D C:\Users\admin\AppData\Roaming\wam
O43 - CFD: 07/06/2015 - 12:23:03 - [] ----D C:\Users\admin\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 22/07/2015 - 08:34:34 - [] ----D C:\Users\admin\AppData\Local\CEF
O43 - CFD: 20/10/2014 - 19:28:02 - [] ----D C:\Users\admin\AppData\Local\DayZ
O43 - CFD: 09/08/2017 - 00:32:14 - [] ----D C:\Users\admin\AppData\Local\Discord
O43 - CFD: 06/08/2017 - 00:17:16 - [] ----D C:\Users\admin\AppData\Local\Foxhole
O43 - CFD: 19/04/2017 - 15:08:54 - [] ----D C:\Users\admin\AppData\Local\Frontier_Developments
O43 - CFD: 22/07/2015 - 09:11:08 - [] ----D C:\Users\admin\AppData\Local\GWX
O43 - CFD: 05/03/2016 - 01:00:45 - [] ----D C:\Users\admin\AppData\Local\kt
O43 - CFD: 21/09/2016 - 05:42:04 - [] ----D C:\Users\admin\AppData\Local\Nox
O43 - CFD: 14/04/2017 - 21:24:47 - [] ----D C:\Users\admin\AppData\Local\PokerStars.FR
O43 - CFD: 19/03/2017 - 16:29:02 - [] ----D C:\Users\admin\AppData\Local\Sandbox Interactive GmbH
O43 - CFD: 06/04/2017 - 20:49:48 - [] ----D C:\Users\admin\AppData\Local\SquirrelTemp
O43 - CFD: 26/05/2017 - 17:57:58 - [] ----D C:\Users\admin\AppData\Local\SummerCamp
O43 - CFD: 28/01/2017 - 13:43:08 - [] ----D C:\Users\admin\AppData\Local\tkdata
O43 - CFD: 30/03/2017 - 21:18:05 - [] ----D C:\Users\admin\AppData\Local\TslGame
O43 - CFD: 19/03/2017 - 16:26:41 - [] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albion Online
O43 - CFD: 09/08/2017 - 00:32:29 - [0] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
O43 - CFD: 06/04/2017 - 20:49:45 - [] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
O43 - CFD: 21/06/2015 - 20:27:18 - [0] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sauro et Ultra
O43 - CFD: 21/06/2015 - 19:01:01 - [] ----D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Universal Interactive
~ Program Folder: 312 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7D0520A12B31E6858B3BB7E675AFA34E] - 27/11/2017 - 21:02:41 ---A- . (...) -- C:\Windows\System32\Drivers\mbae64.sys   [77432]
~ Files: 82 Legitimates Filtered in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
~ LSA: 11 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{2fbadafd-cc7d-11e3-bf79-448a5b26c9e6}\AutoRun\command. (...) -- F:\setup.exe (.not file.)
O51 - MPSK:{5a5b624e-cc82-11e3-80b3-806e6f6e6963}\AutoRun\command. (...) -- E:\setup.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Discord  [Key] . (.Hammer & Chisel, Inc. - Discord - https://discordapp.com/.) -- C:\ProgramData\SquirrelMachineInstalls\Discord.exe
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 9 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:01/08/2013 - 16:01:32 ---A- . (.Pas de propriétaire - Intel Keyboard Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\ikbevent.sys   [21408]
O58 - SDL:01/08/2013 - 16:01:34 ---A- . (.Pas de propriétaire - Intel Mouse Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\imsevent.sys   [21920]
O58 - SDL:01/08/2013 - 16:01:32 ---A- . (...) -- C:\Windows\System32\Drivers\INETMON.sys   [29088]
O58 - SDL:01/08/2013 - 16:01:32 ---A- . (.Pas de propriétaire - Intel(R) Smart Connect Technology Device Driver.) -- C:\Windows\System32\Drivers\ISCTD64.sys   [46568]
O58 - SDL:01/11/2017 - 08:54:56 ---A- . (...) -- C:\Windows\System32\Drivers\mbae64.sys   [77432]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
~ Drivers: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 01/08/2013 - C:\Windows\system32\Drivers\INETMON.sys (INETMON) .(...) - LEGACY_INETMON
~ Legacy: 91 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{67B76DBC-EAD0-4765-9745-FACE0DE0321C}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{E4AEF2D8-934C-43F3-A66B-54CE5F764B87}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.E82D3ACB5440AD573BA89AB4E8403427] [WIS][21/02/2003] (.Universal Interactive - Jurassic Park Operation Genesis.) -- C:\Windows\Installer\23fed463.msi   [29706752]  =>PUP.Genesis
~ WIS: 1 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/11/2017 272384 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 05/08/2017 1465352 |  (BEService) . (...) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
SS - | Demand 12/04/2014 477960 |  (BRSptSvc) . (.BitRaider, LLC.) - C:\ProgramData\BitRaider\BRSptSvc.exe
SS - | Auto 28/08/2015 144200 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/08/2015 144200 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 10/07/1658 0 |  (InstallerService) . (...) - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe
SS - | Demand 27/08/2013 828376 |  (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 25/07/2013 54976 |  (intelsba) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
SS - | Auto 01/11/2017 6234056 |  (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
SS - | Demand 20/03/2017 404376 |  (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe
SS - | Demand 20/11/2017 194000 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 19/09/2017 512960 |  (NvContainerNetworkService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
SS - | Auto 27/02/2017 317400 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 31/10/2017 1641248 |  (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Auto 26/06/2017 1001920 |  (TrueKey) . (.McAfee, Inc..) - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
SS - | Demand 26/06/2017 87760 |  (TrueKeyServiceHelper) . (.McAfee, Inc..) - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
SS - | Demand 01/05/2014 24576 |  (wampapache64) . (.Apache Software Foundation.) - c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
SS - | Demand 01/05/2014 12942848 |  (wampmysqld64) . (...) - c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe
SR - | Auto 27/09/2017 83984 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 27/08/2013 747520 |  (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 01/08/2013 198120 |  (ISCTAgent) . (...) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
SR - | Auto 16/09/2013 169432 |  (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 16/09/2013 390616 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 26/09/2013 30240 |  (MSI_Trigger_Service) . (.MICRO-STAR INTERNATIONAL CO., LTD..) - C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
SR - | Auto 19/09/2017 512960 |  (NvContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
SR - | Auto 18/05/2017 462968 |  (NVDisplay.ContainerLocalSystem) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
SR - | Auto 19/09/2017 449984 |  (NvTelemetryContainer) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
SR - | Auto 26/06/2017 16928 |  (TrueKeyScheduler) . (.McAfee, Inc..) - C:\Program Files\TrueKey\McTkSchedulerService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 03s



---\\ Scan Additionnel (O88)
Database Version : 13045 - (24/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 1

C:\Windows\Installer\23fed463.msi   =>PUP.Genesis^
~ Additionnel Scan: 656780 Items scanned in 00mn 11s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch  =>PUP.StartSearch
~ MSI: 1 link(s) detected in 00mn 00s



~ 1197 Legitimates filtered by white list
End of the scan (541 lines in 00mn 30s)(0)
Cedric339
 
Messages: 10
Enregistré le: 25 Avr 2014 11:12

Re: PC contrôlé à distance

Message non lupar Papy40 le 28 Nov 2017 20:51

Bonsoir Cédric

Alors je n'ai pas pu utiliser le site de partage de fichier celui-ci étant payant

Ou tes lunettes sont particulièrement sales et il faut les nettoyer, ou tu n'avais aucune envie d'héberger tes rapports
Cordialement - Claude - Papy_40 sur Skype -
Loin d'être le meilleur, je ne suis pas le plus mauvais...quoi que...
http://papy40.wordpress.com - http://www.gigatribe.com/software/29/default
Avatar de l’utilisateur
Papy40
Fondateur
Fondateur
 
Messages: 1430
Enregistré le: 03 Avr 2008 17:25
Localisation: Mont de Marsan - Landes - FRANCE

Re: PC contrôlé à distance

Message non lupar Cedric339 le 28 Nov 2017 21:28

En allant sur le site cela m'a proposé d'ouvrir un compte payant maintenant lorsque j'y retourne il me donne la possibilité de déposer un fichier enfin bon les voilà:

ZHPDiag
https://www.partage-fichiers.com/upload/yuia3bqf

ZHPCleaner
https://www.partage-fichiers.com/upload/afcratej
Cedric339
 
Messages: 10
Enregistré le: 25 Avr 2014 11:12

Re: PC contrôlé à distance

Message non lupar PapyNet le 29 Nov 2017 09:18

Hello!
Avec zhpfix fixez ce qui suit

Code: Tout sélectionner
Script Zhpfix
[MD5.00000000000000000000000000000000] [APT] [{1930847B-8C76-4525-9993-DF6B39E1E8B6}] (...) -- C:\Users\admin\AppData\Roaming\mystartsearch\UninstallManager.exe (.not file.)   [0]
C:\Windows\Installer\23fed463.msi
EmptyPrefetch
ShortcutFix
Emptytemp
EmptyClsid



Mettez ici les liens des rapports zhpfix
et d'une nouvelle prise de sang de contrôle (zhpdiag)
Bien cordialement
Georges (P@py.net)
La Connaissance s'accroît quand on la partage (Socrate)
Avatar de l’utilisateur
PapyNet
Fondateur
Fondateur
 
Messages: 11462
Enregistré le: 03 Avr 2008 16:41
Localisation: Machecoul France

Re: PC contrôlé à distance

Message non lupar Cedric339 le 29 Nov 2017 19:39

Cedric339
 
Messages: 10
Enregistré le: 25 Avr 2014 11:12

Re: PC contrôlé à distance

Message non lupar PapyNet le 30 Nov 2017 06:11

Hello!
Votre PC est clean !


Téléchargez DelFix de Xplode pour supprimer les logs et outils d'aide sur le bureau
https://toolslib.net/downloads/viewdownload/2-delfix/

Lancez avec Elévation des droits (si pas XP) c'est à dire clic droit et "Exécuter en tant qu'administrateur"
Cocher les cases comme suit :
Ne pas cocher effectuer une sauvegarde du registre car elle n'est pas utile

Image




Abonnez vous aux changements de versions des logiciels suivis par le saamu, par courriel
topic3586.html
Bien cordialement
Georges (P@py.net)
La Connaissance s'accroît quand on la partage (Socrate)
Avatar de l’utilisateur
PapyNet
Fondateur
Fondateur
 
Messages: 11462
Enregistré le: 03 Avr 2008 16:41
Localisation: Machecoul France

Re: PC contrôlé à distance

Message non lupar Cedric339 le 30 Nov 2017 11:33

Très bien

Merci beaucoup pour vôtre aide
Cedric339
 
Messages: 10
Enregistré le: 25 Avr 2014 11:12


Retourner vers Windows 7

Qui est en ligne

Utilisateurs parcourant ce forum : Aucun utilisateur enregistré et 0 invités