Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014)
~ Lancé par Administrateur (27/12/2014 12:20:28)
~ Adresse du Site Web http://nicolascoolman.fr
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.17116 (Defaut)
MFIE: Mozilla Firefox 34.0.5
GCIE: Google Chrome v38.0.2125.111
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : D9H36
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Spybot - Search & Destroy v1.6.2
Windows Defender W8 (Activate)
---\\ Logiciels d'optimisation du système
CCleaner v4.18
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 16 NPAPI
---\\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3673 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 113 GB (25%) free of 440 GB
---\\ Mode de connexion au système
~ Computer Name: MINOU
~ User Name: Administrateur
~ All Users Names: HomeGroupUser$, chien, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Administrateur\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Administrateur\AppData\Roaming\
~ %Desktop% : C:\Users\Administrateur\Desktop\
~ %Favorites% : C:\Users\Administrateur\Favorites\
~ %LocalAppData% : C:\Users\Administrateur\AppData\Local\
~ %StartMenu% : C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 113 Go of 440 Go)
D: CD-ROM drive (Free 0 Go of 0 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.949C61BEF8501BD244C50A7F182CEC74] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/09/2014 - 06:17:42.) -- C:\Windows\System32\wininet.dll [2236928]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.12/04/2014 - 10:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.FE7FB9612D354EB41DF4F0FF5D6FB259] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.29/05/2014 - 23:24:46.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.16/01/2014 - 00:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.58CC013EFA9893057160EDA018D8ADCE] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.15/07/2014 - 23:51:05.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.14EE56050E1637926F5CFA65B1F4209B] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.12/07/2014 - 05:34:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404480]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/01/2014 - 04:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.AA37946941ED3805AB3A924965907147] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.04/07/2014 - 11:52:10.) -- C:\Windows\system32\Drivers\volsnap.sys [328000]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 0/0
~ Mes musiques (My Musics) : 0/0
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 0/14
~ Mes Documents (My Documents) : 0/98
~ Mon Bureau (My Desktop) : 0/45
~ Menu demarrer (Programs) : 0/18
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.A1741C3B79F9DF8895E05EF43579E74B] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488] [PID.2656]
[MD5.DADDD62BEDC91BC96CFC794A2CA0D94A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [337520] [PID.1704]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8099328] [PID.964]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\hof45hyk.default\prefs.js
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (1)
~ Hosts File: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [chien]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\chien\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 20s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FB2F4CA-6ED8-4105-A582-EC5C0D51C3A3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A04BF144-D459-44D3-86D5-EF7078E012A0}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FB2F4CA-6ED8-4105-A582-EC5C0D51C3A3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A04BF144-D459-44D3-86D5-EF7078E012A0}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Super Optimizer (cae99edb) . (...) - c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll (.not file.)
O23 - Service: Service Google Update (gupdate) (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (.not file.)
~ Services: 3 Legitimates Filtered in 00mn 06s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [$dMM6KqyKu+JyN+{$] (...) -- C:\Users\Administrateur\AppData\Roaming\playnowradio\playnowradio\1.3.4.8\playnowradio.exe (.not file.) [0] =>PUP.PlayNowRadio
[MD5.00000000000000000000000000000000] [APT] [969d12c9-04b5-429a-85aa-89ab4d7b2cae-2] (...) -- C:\Program Files (x86)\Freeven pro 1.2\969d12c9-04b5-429a-85aa-89ab4d7b2cae-2.exe (.not file.) [0] =>PUP.Freeven
[MD5.00000000000000000000000000000000] [APT] [gameo_update] (...) -- C:\Users\Administrateur\AppData\Roaming\Gameo\gameo.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4AB37338-3486-48BA-A772-F0FE44EA2521}] (...) -- E:\RECUPERATION D\Généalogie\Généalogie Heredis pro 10.1\cerise Heredis Pro 10.1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{604C6E0A-1601-4AE8-BB25-E15013622F8A}] (...) -- D:\UPDATE\MSAOE10A.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D8C59EBE-764C-4D8A-AF1F-3ADED25579CE}] (...) -- D:\aoeadons.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F022BCF3-7AF6-47B4-8F9B-E8850C8CEC8D}] (...) -- E:\RECUPERATION D\WinRAR 3.42 fr -Version craqu- pas de serial et activation Marche Ok par fatah.fr-.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 4 [358]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 5 [362]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryOneClickOptimizer 5 [408]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1ce7c90f3815efb [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1088]
~ Scheduled Task: 27 Legitimates Filtered in 00mn 14s
---\\ Logiciels installés (O42)
O42 - Logiciel: FTPGetter Professional 5.55 - (.FTPGetter Team.) [HKLM][64Bits] -- FTPGetter Professional_is1
O42 - Logiciel: Gameo - (.IronSource Ltd..) [HKCU][64Bits] -- Gameo
O42 - Logiciel: SafeIP - (.SafeIP.) [HKLM][64Bits] -- SAFEIP_is1
O42 - Logiciel: Shopping Helper Smartbar Engine - (.ReSoft Ltd..) [HKCU][64Bits] -- {a75e6670-7578-4ccc-b6af-fe0ad00e2786} =>Hijacker.SmartBar
O42 - Logiciel: Windows Product Key Finder Pro® 2.3 - (...) [HKLM][64Bits] -- Windows Product Key Finder Pro®_is1
~ Logic: 15 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\DriverWhiz]
[HKCU\Software\GoldenGate]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\SafeIP]
[HKCU\Software\Super Optimizer]
[HKCU\Software\Toocharger]
[HKLM\Software\Wow6432Node\AVerFilters]
[HKLM\Software\Wow6432Node\SecretSauce] =>Adware.SecretSauce
[HKLM\Software\Wow6432Node\Veloxum]
[HKLM\Software\Wow6432Node\asmwsoft]
[HKLM\Software\Wow6432Node\b1.org]
~ Key Software: 265 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/11/2013 - 09:31:26 - [] ----D C:\Program Files (x86)\DGP1000
O43 - CFD: 21/09/2014 - 08:03:26 - [] ----D C:\Program Files (x86)\FTPGetter
O43 - CFD: 20/11/2014 - 11:49:38 - [] ----D C:\Program Files (x86)\HQVid-v2.5V15.11
O43 - CFD: 29/12/2013 - 19:56:30 - [] ----D C:\Program Files (x86)\MyDrive Connect
O43 - CFD: 19/08/2014 - 18:01:30 - [] ----D C:\Program Files (x86)\RegUtility
O43 - CFD: 07/06/2014 - 14:45:40 - [] ----D C:\Program Files (x86)\SafeIP
O43 - CFD: 01/11/2013 - 09:31:36 - [] ----D C:\Program Files (x86)\SketchList 3D Pro
O43 - CFD: 22/10/2012 - 09:35:20 - [] ----D C:\ProgramData\FreeRide Games
O43 - CFD: 21/09/2014 - 08:03:51 - [0] ----D C:\ProgramData\FTPGetter
O43 - CFD: 23/04/2014 - 19:11:54 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 11/09/2013 - 10:20:23 - [] ----D C:\ProgramData\KRSHistory
O43 - CFD: 11/08/2013 - 15:24:09 - [] ----D C:\ProgramData\SketchList 3D
O43 - CFD: 15/04/2013 - 20:40:13 - [] ----D C:\ProgramData\Thinix
O43 - CFD: 05/06/2014 - 18:28:11 - [0] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 03/12/2014 - 13:10:19 - [] --H-D C:\Users\Administrateur\AppData\Roaming\GoldenGate
O43 - CFD: 03/12/2014 - 13:09:36 - [] ----D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo
O43 - CFD: 29/10/2014 - 16:29:13 - [] ----D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
~ Program Folder: 253 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.62CF64DDAD6E8266A64CD110081846CB] - 27/12/2014 - 09:36:06 ---A- . (...) -- C:\immudebug.log [17568761]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 27/12/2014 - 10:57:27 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 27/12/2014 - 10:57:27 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 27/12/2014 - 10:57:27 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 27/12/2014 - 10:57:27 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 27/12/2014 - 10:57:27 ---A- . (...) -- C:\Windows\zip.exe [68096]
~ Files: 16 Legitimates Filtered in 00mn 40s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.6593AAE4969D8F63EEA4EA04E06A8716] - 27/12/2014 - 12:02:09 ---A- - C:\Windows\Prefetch\DISKCLEANER.EXE-C159D9A9.pf =>Rogue.DiskCleaner
~ Prefetcher: 1 Legitimates Filtered in 00mn 00s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
~ CSB: 21 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:28/04/2011 - 18:23:36 ---A- . (.ITE Tech. Inc. - ITE Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\itecir.sys [70760]
O58 - SDL:20/06/2012 - 08:31:02 ---A- . (.ITE Tech. Inc. - ITECIR Filter Driver.) -- C:\Windows\System32\Drivers\ITECIRfilter.sys [18064]
O58 - SDL:26/07/2012 - 09:11:43 ---A- . (...) -- C:\Windows\System32\Drivers\secdrv.sys [23040]
O58 - SDL:26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:23/09/2013 - 13:19:12 ---A- . (.Windows (R) Win 7 DDK provider - Spyware Terminator 2012 driver.) -- C:\Windows\System32\Drivers\stflt.sys [51496]
O58 - SDL:13/12/2012 - 12:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:25/09/1999 - 18:03:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS [14368]
O58 - SDL:28/04/2005 - 12:08:46 ----- . (...) -- C:\Windows\SysWOW64\AVerIO.sys [3456]
~ Drivers: 62 Legitimates Filtered in 00mn 05s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 27/12/2014 - 12:22:24 ---A- . (...) -- C:\Users\Administrateur\AppData\Local\Microsoft\Windows\1036\StructuredQuerySchema.bin [361866]
~ 2 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 1 Legitimates Filtered in 00mn 41s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche dans la clé de registre Feature Controls (IFC) (O81)
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
~ Keys: Scanned in 00mn 00s
---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\bin\Debug\WindowsFormsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\bin\Debug\WindowsFormsApplication1.vshost.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\bin\Debug\WindowsFormsApplication1.vshost.exe.manifest =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\obj\x86\Debug\WindowsFormsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\WindowsFormsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_CPPBuilder(XE2)\Project1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_Delphi(XE2)\Project1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\bin\Debug\WindowsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\bin\Debug\WindowsApplication1.vshost.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\bin\Debug\WindowsApplication1.vshost.exe.manifest =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\obj\x86\Debug\WindowsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\WindowsApplication1.exe =>.Crack,Keygen
C:\RECUPERATION D\DISQUE DUR MAISON\Nouveau dossier (2)\SketchList3D.Pro.v3.0.1.2149.WiN\Nouveau dossier\SketchList.3D.1.5.0.19.cracked-SND\SketchList 3D.exe =>.Crack,Keygen
C:\RECUPERATION D\DISQUE DUR MAISON\Nouveau dossier (2)\SketchList3D.Pro.v3.0.1.2149.WiN\SketchList.3D.1.5.0.19.cracked-SND(1).zip =>.Crack,Keygen
C:\RECUPERATION D\DISQUE DUR MAISON\Nouveau dossier (2)\SketchList3D.Pro.v3.0.1.2149.WiN\SketchList.3D.1.5.0.19.cracked-SND.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\EPUB\Adobe CS5.5 Master Collection (Keygen)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\ADOBE_Keygen.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\Adobe_Keygen_Generator_v2.04.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier\Nouveau dossier\Crack Cs5 tout produit x86 x64.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (2)\Adobe CS5.5 Master Collection (Keygen)\Adobe CS5.5 Master Collection (Keygen)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (2)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (3)\Adobe CS5 Expired Fix - Serial, Activation - amtlib.dll - Patch, Crack.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (5)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\Soft\logiciels\3d +photos\3dsmax fr V 4\KEYGEN\3DSMAX4.EXE =>.Crack,Keygen
C:\RECUPERATION D\Soft\logiciels\3d +photos\3dsmax fr V 4\keygen.zip =>.Crack,Keygen
C:\RECUPERATION D\Soft\logiciels\3d +photos\InDesign\ADOBE.INDESIGN.CS.V3.0 keygen.exe =>.Crack,Keygen
C:\RECUPERATION D\Soft\Soft Divers\PhotoFiltre_6.2.4_Incl.Keygen_FRENCH-BS\bs-qyr00.zip =>.Crack,Keygen
C:\RECUPERATION D\Soft\TELECHARGEMENTS\WinZip.Pro.v11.0.7313.WinALL.Incl.Keygen-ViRiLiTY\winzip110.exe =>.Crack,Keygen
C:\RECUPERATION D\USB\Brothersoft_downloader_For_KeyGen_Software_License_Key_Generator.exe =>.Crack,Keygen
C:\Users\chien\AppData\Roaming\uTorrent\Adobe CS5 Keygen.exe.torrent =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\disable_activation.cmd =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\install.txt =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\Video.MP4 =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\xf-adobecc.exe =>.Crack,Keygen
C:\Users\chien\Downloads\NTI_Media_Maker_9.0.1.9011_Premium_eng_Trial\keygen.rar =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\bin\Debug\WindowsFormsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\bin\Debug\WindowsFormsApplication1.vshost.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\bin\Debug\WindowsFormsApplication1.vshost.exe.manifest =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\obj\x86\Debug\WindowsFormsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\WindowsFormsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_CPPBuilder(XE2)\Project1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_Delphi(XE2)\Project1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\bin\Debug\WindowsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\bin\Debug\WindowsApplication1.vshost.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\bin\Debug\WindowsApplication1.vshost.exe.manifest =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\obj\x86\Debug\WindowsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\WindowsApplication1.exe =>.Crack,Keygen
C:\RECUPERATION D\DISQUE DUR MAISON\Nouveau dossier (2)\SketchList3D.Pro.v3.0.1.2149.WiN\Nouveau dossier\SketchList.3D.1.5.0.19.cracked-SND\SketchList 3D.exe =>.Crack,Keygen
C:\RECUPERATION D\DISQUE DUR MAISON\Nouveau dossier (2)\SketchList3D.Pro.v3.0.1.2149.WiN\SketchList.3D.1.5.0.19.cracked-SND(1).zip =>.Crack,Keygen
C:\RECUPERATION D\DISQUE DUR MAISON\Nouveau dossier (2)\SketchList3D.Pro.v3.0.1.2149.WiN\SketchList.3D.1.5.0.19.cracked-SND.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\EPUB\Adobe CS5.5 Master Collection (Keygen)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\ADOBE_Keygen.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\Adobe_Keygen_Generator_v2.04.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier\Nouveau dossier\Crack Cs5 tout produit x86 x64.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (2)\Adobe CS5.5 Master Collection (Keygen)\Adobe CS5.5 Master Collection (Keygen)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (2)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (3)\Adobe CS5 Expired Fix - Serial, Activation - amtlib.dll - Patch, Crack.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (5)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\Soft\logiciels\3d +photos\3dsmax fr V 4\KEYGEN\3DSMAX4.EXE =>.Crack,Keygen
C:\RECUPERATION D\Soft\logiciels\3d +photos\3dsmax fr V 4\keygen.zip =>.Crack,Keygen
C:\RECUPERATION D\Soft\logiciels\3d +photos\InDesign\ADOBE.INDESIGN.CS.V3.0 keygen.exe =>.Crack,Keygen
C:\RECUPERATION D\Soft\Soft Divers\PhotoFiltre_6.2.4_Incl.Keygen_FRENCH-BS\bs-qyr00.zip =>.Crack,Keygen
C:\RECUPERATION D\Soft\TELECHARGEMENTS\WinZip.Pro.v11.0.7313.WinALL.Incl.Keygen-ViRiLiTY\winzip110.exe =>.Crack,Keygen
C:\RECUPERATION D\USB\Brothersoft_downloader_For_KeyGen_Software_License_Key_Generator.exe =>.Crack,Keygen
C:\Users\chien\AppData\Roaming\uTorrent\Adobe CS5 Keygen.exe.torrent =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\disable_activation.cmd =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\install.txt =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\Video.MP4 =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\xf-adobecc.exe =>.Crack,Keygen
C:\Users\chien\Downloads\NTI_Media_Maker_9.0.1.9011_Premium_eng_Trial\keygen.rar =>.Crack,Keygen
~ Files: Scanned in 03mn 27s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.2712A358944C065D61A38282EC47AEAA] [SPRF][30/10/2014] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.157D8B324855BFE2EB25723E123BE5C9] [SPRF][22/04/2014] (...) -- C:\Users\Administrateur\Desktop\cc_20140422_224854.reg [4610]
[MD5.9B70C4BD5E0260D586D175E86FBC3117] [SPRF][01/06/2014] (...) -- C:\Users\Administrateur\Desktop\cc_20140601_150507.reg [19284]
[MD5.C5114505E0F151E57AA9F271ECE60C8C] [SPRF][29/10/2014] (...) -- C:\Users\Administrateur\Desktop\cc_20141029_191650.reg [50652]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{3B21C931-496B-4BFE-AEF0-CC16ED1E6C2C}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\chien\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{BD49F5AD-AE37-4046-A5F0-D451C73EECD8}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\chien\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 03s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.BC8FAF80A6FEE9CA7D51F744A6F0D45E] [WIS][22/04/2014] (.ReSoft Ltd. - Shopping Helper Smartbar.) -- C:\Windows\Installer\c0275ec.msi [9502720] =>Hijacker.SmartBar
[MD5.0A517BFDBF16092D7D813FAA69BB7F65] [WIS][09/02/2014] (.LPT - LPT System Updater Service.) -- C:\Windows\Installer\c0275f0.msi [1712128] =>Adware.IncrediBar
~ WIS: 2 Legitimates Filtered in 00mn 06s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 16/12/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 06/08/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SS - | Demand 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Demand 08/08/2012 364544 | (AVerRemote) . (.AVerMedia.) - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
SS - | Demand 01/04/2011 403456 | (AVerScheduleService) . (...) - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
SS - | Auto 10/07/1658 0 | (cae99edb) . (...) - c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll
SS - | Demand 12/10/2013 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 10/07/1658 0 | (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/07/1658 0 | (gupdatem) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SS - | Demand 17/05/2012 7680 | (IdeaTouch.LocalDataServer.Education) . (.Microsoft.) - C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
SS - | Demand 01/10/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 15/03/2011 32768 | (JME Keyboard) . (...) - C:\Windows\jmesoft\Service.exe
SS - | Demand 20/06/2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 09/12/2014 114800 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 28/06/2013 3860480 | (SafeIPS) . (.SafeIP.) - C:\Program Files (x86)\SafeIP\SafeIPs.exe
SS - | Demand 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Disabled 12/09/2013 5071712 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SS - | Disabled 05/06/2014 93040 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
SS - | Demand 11/05/2012 211968 | (VolumeCtlSrv) . (.Wistron Corporation.) - C:\Program Files\VolumeOSD\VolumeCtlSrv.exe
SS - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/09/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 24s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Administrateur at 27/12/2014 12:27:31
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Administrateur at 27/12/2014 12:27:33
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 3
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{a75e6670-7578-4ccc-b6af-fe0ad00e2786}] =>Hijacker.SmartBar^
[HKCU\Software\InstallCore] =>Adware.InstallCore
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\ProgramData\FreeRide Games =>Toolbar.FreeRide
[HKLM\Software\Wow6432Node\SecretSauce] =>Adware.SecretSauce^
C:\Windows\Installer\c0275ec.msi =>Hijacker.SmartBar^
C:\Windows\Installer\c0275f0.msi =>Adware.IncrediBar^
~ Additionnel Scan: 453059 Items scanned in 01mn 07s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 2 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-playnowradio =>PUP.PlayNowRadio
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/adware-secretsauce =>Adware.SecretSauce
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/crapware-spyhunter =>Crapware.SpyHunter
http://nicolascoolman.fr/rootkit-tdss =>Rootkit.TDSS
http://nicolascoolman.fr/adware-incredibar =>Adware.IncrediBar
~ MSI: 8 link(s) detected in 00mn 00s
~ 767 Legitimates filtered by white list
End of the scan (538 lines in 08mn 14s)(74)
~ Lancé par Administrateur (27/12/2014 12:20:28)
~ Adresse du Site Web http://nicolascoolman.fr
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.17116 (Defaut)
MFIE: Mozilla Firefox 34.0.5
GCIE: Google Chrome v38.0.2125.111
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : D9H36
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Spybot - Search & Destroy v1.6.2
Windows Defender W8 (Activate)
---\\ Logiciels d'optimisation du système
CCleaner v4.18
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 16 NPAPI
---\\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3673 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 113 GB (25%) free of 440 GB
---\\ Mode de connexion au système
~ Computer Name: MINOU
~ User Name: Administrateur
~ All Users Names: HomeGroupUser$, chien, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Administrateur\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Administrateur\AppData\Roaming\
~ %Desktop% : C:\Users\Administrateur\Desktop\
~ %Favorites% : C:\Users\Administrateur\Favorites\
~ %LocalAppData% : C:\Users\Administrateur\AppData\Local\
~ %StartMenu% : C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 113 Go of 440 Go)
D: CD-ROM drive (Free 0 Go of 0 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.949C61BEF8501BD244C50A7F182CEC74] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/09/2014 - 06:17:42.) -- C:\Windows\System32\wininet.dll [2236928]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.12/04/2014 - 10:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.FE7FB9612D354EB41DF4F0FF5D6FB259] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.29/05/2014 - 23:24:46.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.16/01/2014 - 00:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.58CC013EFA9893057160EDA018D8ADCE] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.15/07/2014 - 23:51:05.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.14EE56050E1637926F5CFA65B1F4209B] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.12/07/2014 - 05:34:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404480]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/01/2014 - 04:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.AA37946941ED3805AB3A924965907147] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.04/07/2014 - 11:52:10.) -- C:\Windows\system32\Drivers\volsnap.sys [328000]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 0/0
~ Mes musiques (My Musics) : 0/0
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 0/14
~ Mes Documents (My Documents) : 0/98
~ Mon Bureau (My Desktop) : 0/45
~ Menu demarrer (Programs) : 0/18
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.A1741C3B79F9DF8895E05EF43579E74B] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488] [PID.2656]
[MD5.DADDD62BEDC91BC96CFC794A2CA0D94A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [337520] [PID.1704]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8099328] [PID.964]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\hof45hyk.default\prefs.js
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (1)
~ Hosts File: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [chien]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\chien\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 20s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FB2F4CA-6ED8-4105-A582-EC5C0D51C3A3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A04BF144-D459-44D3-86D5-EF7078E012A0}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FB2F4CA-6ED8-4105-A582-EC5C0D51C3A3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A04BF144-D459-44D3-86D5-EF7078E012A0}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Super Optimizer (cae99edb) . (...) - c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll (.not file.)
O23 - Service: Service Google Update (gupdate) (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (.not file.)
~ Services: 3 Legitimates Filtered in 00mn 06s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [$dMM6KqyKu+JyN+{$] (...) -- C:\Users\Administrateur\AppData\Roaming\playnowradio\playnowradio\1.3.4.8\playnowradio.exe (.not file.) [0] =>PUP.PlayNowRadio
[MD5.00000000000000000000000000000000] [APT] [969d12c9-04b5-429a-85aa-89ab4d7b2cae-2] (...) -- C:\Program Files (x86)\Freeven pro 1.2\969d12c9-04b5-429a-85aa-89ab4d7b2cae-2.exe (.not file.) [0] =>PUP.Freeven
[MD5.00000000000000000000000000000000] [APT] [gameo_update] (...) -- C:\Users\Administrateur\AppData\Roaming\Gameo\gameo.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4AB37338-3486-48BA-A772-F0FE44EA2521}] (...) -- E:\RECUPERATION D\Généalogie\Généalogie Heredis pro 10.1\cerise Heredis Pro 10.1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{604C6E0A-1601-4AE8-BB25-E15013622F8A}] (...) -- D:\UPDATE\MSAOE10A.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D8C59EBE-764C-4D8A-AF1F-3ADED25579CE}] (...) -- D:\aoeadons.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F022BCF3-7AF6-47B4-8F9B-E8850C8CEC8D}] (...) -- E:\RECUPERATION D\WinRAR 3.42 fr -Version craqu- pas de serial et activation Marche Ok par fatah.fr-.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 4 [358]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 5 [362]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryOneClickOptimizer 5 [408]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1ce7c90f3815efb [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1088]
~ Scheduled Task: 27 Legitimates Filtered in 00mn 14s
---\\ Logiciels installés (O42)
O42 - Logiciel: FTPGetter Professional 5.55 - (.FTPGetter Team.) [HKLM][64Bits] -- FTPGetter Professional_is1
O42 - Logiciel: Gameo - (.IronSource Ltd..) [HKCU][64Bits] -- Gameo
O42 - Logiciel: SafeIP - (.SafeIP.) [HKLM][64Bits] -- SAFEIP_is1
O42 - Logiciel: Shopping Helper Smartbar Engine - (.ReSoft Ltd..) [HKCU][64Bits] -- {a75e6670-7578-4ccc-b6af-fe0ad00e2786} =>Hijacker.SmartBar
O42 - Logiciel: Windows Product Key Finder Pro® 2.3 - (...) [HKLM][64Bits] -- Windows Product Key Finder Pro®_is1
~ Logic: 15 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\DriverWhiz]
[HKCU\Software\GoldenGate]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\SafeIP]
[HKCU\Software\Super Optimizer]
[HKCU\Software\Toocharger]
[HKLM\Software\Wow6432Node\AVerFilters]
[HKLM\Software\Wow6432Node\SecretSauce] =>Adware.SecretSauce
[HKLM\Software\Wow6432Node\Veloxum]
[HKLM\Software\Wow6432Node\asmwsoft]
[HKLM\Software\Wow6432Node\b1.org]
~ Key Software: 265 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/11/2013 - 09:31:26 - [] ----D C:\Program Files (x86)\DGP1000
O43 - CFD: 21/09/2014 - 08:03:26 - [] ----D C:\Program Files (x86)\FTPGetter
O43 - CFD: 20/11/2014 - 11:49:38 - [] ----D C:\Program Files (x86)\HQVid-v2.5V15.11
O43 - CFD: 29/12/2013 - 19:56:30 - [] ----D C:\Program Files (x86)\MyDrive Connect
O43 - CFD: 19/08/2014 - 18:01:30 - [] ----D C:\Program Files (x86)\RegUtility
O43 - CFD: 07/06/2014 - 14:45:40 - [] ----D C:\Program Files (x86)\SafeIP
O43 - CFD: 01/11/2013 - 09:31:36 - [] ----D C:\Program Files (x86)\SketchList 3D Pro
O43 - CFD: 22/10/2012 - 09:35:20 - [] ----D C:\ProgramData\FreeRide Games
O43 - CFD: 21/09/2014 - 08:03:51 - [0] ----D C:\ProgramData\FTPGetter
O43 - CFD: 23/04/2014 - 19:11:54 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 11/09/2013 - 10:20:23 - [] ----D C:\ProgramData\KRSHistory
O43 - CFD: 11/08/2013 - 15:24:09 - [] ----D C:\ProgramData\SketchList 3D
O43 - CFD: 15/04/2013 - 20:40:13 - [] ----D C:\ProgramData\Thinix
O43 - CFD: 05/06/2014 - 18:28:11 - [0] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 03/12/2014 - 13:10:19 - [] --H-D C:\Users\Administrateur\AppData\Roaming\GoldenGate
O43 - CFD: 03/12/2014 - 13:09:36 - [] ----D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo
O43 - CFD: 29/10/2014 - 16:29:13 - [] ----D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
~ Program Folder: 253 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.62CF64DDAD6E8266A64CD110081846CB] - 27/12/2014 - 09:36:06 ---A- . (...) -- C:\immudebug.log [17568761]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 27/12/2014 - 10:57:27 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 27/12/2014 - 10:57:27 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 27/12/2014 - 10:57:27 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 27/12/2014 - 10:57:27 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 27/12/2014 - 10:57:27 ---A- . (...) -- C:\Windows\zip.exe [68096]
~ Files: 16 Legitimates Filtered in 00mn 40s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.6593AAE4969D8F63EEA4EA04E06A8716] - 27/12/2014 - 12:02:09 ---A- - C:\Windows\Prefetch\DISKCLEANER.EXE-C159D9A9.pf =>Rogue.DiskCleaner
~ Prefetcher: 1 Legitimates Filtered in 00mn 00s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
~ CSB: 21 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:28/04/2011 - 18:23:36 ---A- . (.ITE Tech. Inc. - ITE Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\itecir.sys [70760]
O58 - SDL:20/06/2012 - 08:31:02 ---A- . (.ITE Tech. Inc. - ITECIR Filter Driver.) -- C:\Windows\System32\Drivers\ITECIRfilter.sys [18064]
O58 - SDL:26/07/2012 - 09:11:43 ---A- . (...) -- C:\Windows\System32\Drivers\secdrv.sys [23040]
O58 - SDL:26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:23/09/2013 - 13:19:12 ---A- . (.Windows (R) Win 7 DDK provider - Spyware Terminator 2012 driver.) -- C:\Windows\System32\Drivers\stflt.sys [51496]
O58 - SDL:13/12/2012 - 12:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:25/09/1999 - 18:03:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS [14368]
O58 - SDL:28/04/2005 - 12:08:46 ----- . (...) -- C:\Windows\SysWOW64\AVerIO.sys [3456]
~ Drivers: 62 Legitimates Filtered in 00mn 05s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 27/12/2014 - 12:22:24 ---A- . (...) -- C:\Users\Administrateur\AppData\Local\Microsoft\Windows\1036\StructuredQuerySchema.bin [361866]
~ 2 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 1 Legitimates Filtered in 00mn 41s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche dans la clé de registre Feature Controls (IFC) (O81)
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
~ Keys: Scanned in 00mn 00s
---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\bin\Debug\WindowsFormsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\bin\Debug\WindowsFormsApplication1.vshost.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\bin\Debug\WindowsFormsApplication1.vshost.exe.manifest =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\obj\x86\Debug\WindowsFormsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\WindowsFormsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_CPPBuilder(XE2)\Project1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_Delphi(XE2)\Project1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\bin\Debug\WindowsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\bin\Debug\WindowsApplication1.vshost.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\bin\Debug\WindowsApplication1.vshost.exe.manifest =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\obj\x86\Debug\WindowsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\WindowsApplication1.exe =>.Crack,Keygen
C:\RECUPERATION D\DISQUE DUR MAISON\Nouveau dossier (2)\SketchList3D.Pro.v3.0.1.2149.WiN\Nouveau dossier\SketchList.3D.1.5.0.19.cracked-SND\SketchList 3D.exe =>.Crack,Keygen
C:\RECUPERATION D\DISQUE DUR MAISON\Nouveau dossier (2)\SketchList3D.Pro.v3.0.1.2149.WiN\SketchList.3D.1.5.0.19.cracked-SND(1).zip =>.Crack,Keygen
C:\RECUPERATION D\DISQUE DUR MAISON\Nouveau dossier (2)\SketchList3D.Pro.v3.0.1.2149.WiN\SketchList.3D.1.5.0.19.cracked-SND.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\EPUB\Adobe CS5.5 Master Collection (Keygen)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\ADOBE_Keygen.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\Adobe_Keygen_Generator_v2.04.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier\Nouveau dossier\Crack Cs5 tout produit x86 x64.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (2)\Adobe CS5.5 Master Collection (Keygen)\Adobe CS5.5 Master Collection (Keygen)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (2)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (3)\Adobe CS5 Expired Fix - Serial, Activation - amtlib.dll - Patch, Crack.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (5)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\Soft\logiciels\3d +photos\3dsmax fr V 4\KEYGEN\3DSMAX4.EXE =>.Crack,Keygen
C:\RECUPERATION D\Soft\logiciels\3d +photos\3dsmax fr V 4\keygen.zip =>.Crack,Keygen
C:\RECUPERATION D\Soft\logiciels\3d +photos\InDesign\ADOBE.INDESIGN.CS.V3.0 keygen.exe =>.Crack,Keygen
C:\RECUPERATION D\Soft\Soft Divers\PhotoFiltre_6.2.4_Incl.Keygen_FRENCH-BS\bs-qyr00.zip =>.Crack,Keygen
C:\RECUPERATION D\Soft\TELECHARGEMENTS\WinZip.Pro.v11.0.7313.WinALL.Incl.Keygen-ViRiLiTY\winzip110.exe =>.Crack,Keygen
C:\RECUPERATION D\USB\Brothersoft_downloader_For_KeyGen_Software_License_Key_Generator.exe =>.Crack,Keygen
C:\Users\chien\AppData\Roaming\uTorrent\Adobe CS5 Keygen.exe.torrent =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\disable_activation.cmd =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\install.txt =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\Video.MP4 =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\xf-adobecc.exe =>.Crack,Keygen
C:\Users\chien\Downloads\NTI_Media_Maker_9.0.1.9011_Premium_eng_Trial\keygen.rar =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\bin\Debug\WindowsFormsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\bin\Debug\WindowsFormsApplication1.vshost.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\bin\Debug\WindowsFormsApplication1.vshost.exe.manifest =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\Source\WindowsFormsApplication1\obj\x86\Debug\WindowsFormsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_C#.NET(2010)\WindowsFormsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_CPPBuilder(XE2)\Project1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_Delphi(XE2)\Project1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\bin\Debug\WindowsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\bin\Debug\WindowsApplication1.vshost.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\bin\Debug\WindowsApplication1.vshost.exe.manifest =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\Source\WindowsApplication1\obj\x86\Debug\WindowsApplication1.exe =>.Crack,Keygen
C:\Program Files (x86)\Serial Key Generator 5.0\Example Apps\SerialKeyGenerator_VB.NET(2010)\WindowsApplication1.exe =>.Crack,Keygen
C:\RECUPERATION D\DISQUE DUR MAISON\Nouveau dossier (2)\SketchList3D.Pro.v3.0.1.2149.WiN\Nouveau dossier\SketchList.3D.1.5.0.19.cracked-SND\SketchList 3D.exe =>.Crack,Keygen
C:\RECUPERATION D\DISQUE DUR MAISON\Nouveau dossier (2)\SketchList3D.Pro.v3.0.1.2149.WiN\SketchList.3D.1.5.0.19.cracked-SND(1).zip =>.Crack,Keygen
C:\RECUPERATION D\DISQUE DUR MAISON\Nouveau dossier (2)\SketchList3D.Pro.v3.0.1.2149.WiN\SketchList.3D.1.5.0.19.cracked-SND.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\EPUB\Adobe CS5.5 Master Collection (Keygen)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\ADOBE_Keygen.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\Adobe_Keygen_Generator_v2.04.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier\Nouveau dossier\Crack Cs5 tout produit x86 x64.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (2)\Adobe CS5.5 Master Collection (Keygen)\Adobe CS5.5 Master Collection (Keygen)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (2)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (3)\Adobe CS5 Expired Fix - Serial, Activation - amtlib.dll - Patch, Crack.zip =>.Crack,Keygen
C:\RECUPERATION D\DOSSIERS\Photoshop\crack et keygen cs5\Keygen Adobe Master CS5.5\Nouveau dossier (5)\Adobe CS5.5 Master Collection (Keygen).zip =>.Crack,Keygen
C:\RECUPERATION D\Soft\logiciels\3d +photos\3dsmax fr V 4\KEYGEN\3DSMAX4.EXE =>.Crack,Keygen
C:\RECUPERATION D\Soft\logiciels\3d +photos\3dsmax fr V 4\keygen.zip =>.Crack,Keygen
C:\RECUPERATION D\Soft\logiciels\3d +photos\InDesign\ADOBE.INDESIGN.CS.V3.0 keygen.exe =>.Crack,Keygen
C:\RECUPERATION D\Soft\Soft Divers\PhotoFiltre_6.2.4_Incl.Keygen_FRENCH-BS\bs-qyr00.zip =>.Crack,Keygen
C:\RECUPERATION D\Soft\TELECHARGEMENTS\WinZip.Pro.v11.0.7313.WinALL.Incl.Keygen-ViRiLiTY\winzip110.exe =>.Crack,Keygen
C:\RECUPERATION D\USB\Brothersoft_downloader_For_KeyGen_Software_License_Key_Generator.exe =>.Crack,Keygen
C:\Users\chien\AppData\Roaming\uTorrent\Adobe CS5 Keygen.exe.torrent =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\disable_activation.cmd =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\install.txt =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\Video.MP4 =>.Crack,Keygen
C:\Users\chien\Desktop\INDISIGN V9.2\Adobe.InDesign.CC.v9.2.Final.www.IR-DL.com\Adobe InDesign CC v9.2 Final (www.IR-DL.com)\Keygen\xf-adobecc.exe =>.Crack,Keygen
C:\Users\chien\Downloads\NTI_Media_Maker_9.0.1.9011_Premium_eng_Trial\keygen.rar =>.Crack,Keygen
~ Files: Scanned in 03mn 27s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.2712A358944C065D61A38282EC47AEAA] [SPRF][30/10/2014] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.157D8B324855BFE2EB25723E123BE5C9] [SPRF][22/04/2014] (...) -- C:\Users\Administrateur\Desktop\cc_20140422_224854.reg [4610]
[MD5.9B70C4BD5E0260D586D175E86FBC3117] [SPRF][01/06/2014] (...) -- C:\Users\Administrateur\Desktop\cc_20140601_150507.reg [19284]
[MD5.C5114505E0F151E57AA9F271ECE60C8C] [SPRF][29/10/2014] (...) -- C:\Users\Administrateur\Desktop\cc_20141029_191650.reg [50652]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{3B21C931-496B-4BFE-AEF0-CC16ED1E6C2C}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\chien\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{BD49F5AD-AE37-4046-A5F0-D451C73EECD8}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\chien\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 03s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.BC8FAF80A6FEE9CA7D51F744A6F0D45E] [WIS][22/04/2014] (.ReSoft Ltd. - Shopping Helper Smartbar.) -- C:\Windows\Installer\c0275ec.msi [9502720] =>Hijacker.SmartBar
[MD5.0A517BFDBF16092D7D813FAA69BB7F65] [WIS][09/02/2014] (.LPT - LPT System Updater Service.) -- C:\Windows\Installer\c0275f0.msi [1712128] =>Adware.IncrediBar
~ WIS: 2 Legitimates Filtered in 00mn 06s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 16/12/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 06/08/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SS - | Demand 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Demand 08/08/2012 364544 | (AVerRemote) . (.AVerMedia.) - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
SS - | Demand 01/04/2011 403456 | (AVerScheduleService) . (...) - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
SS - | Auto 10/07/1658 0 | (cae99edb) . (...) - c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll
SS - | Demand 12/10/2013 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 10/07/1658 0 | (gupdate) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/07/1658 0 | (gupdatem) . (...) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SS - | Demand 17/05/2012 7680 | (IdeaTouch.LocalDataServer.Education) . (.Microsoft.) - C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
SS - | Demand 01/10/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 15/03/2011 32768 | (JME Keyboard) . (...) - C:\Windows\jmesoft\Service.exe
SS - | Demand 20/06/2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 09/12/2014 114800 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 28/06/2013 3860480 | (SafeIPS) . (.SafeIP.) - C:\Program Files (x86)\SafeIP\SafeIPs.exe
SS - | Demand 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Disabled 12/09/2013 5071712 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SS - | Disabled 05/06/2014 93040 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
SS - | Demand 11/05/2012 211968 | (VolumeCtlSrv) . (.Wistron Corporation.) - C:\Program Files\VolumeOSD\VolumeCtlSrv.exe
SS - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/09/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 24s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Administrateur at 27/12/2014 12:27:31
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Administrateur at 27/12/2014 12:27:33
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 3
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{a75e6670-7578-4ccc-b6af-fe0ad00e2786}] =>Hijacker.SmartBar^
[HKCU\Software\InstallCore] =>Adware.InstallCore
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\ProgramData\FreeRide Games =>Toolbar.FreeRide
[HKLM\Software\Wow6432Node\SecretSauce] =>Adware.SecretSauce^
C:\Windows\Installer\c0275ec.msi =>Hijacker.SmartBar^
C:\Windows\Installer\c0275f0.msi =>Adware.IncrediBar^
~ Additionnel Scan: 453059 Items scanned in 01mn 07s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 2 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-playnowradio =>PUP.PlayNowRadio
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/adware-secretsauce =>Adware.SecretSauce
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/crapware-spyhunter =>Crapware.SpyHunter
http://nicolascoolman.fr/rootkit-tdss =>Rootkit.TDSS
http://nicolascoolman.fr/adware-incredibar =>Adware.IncrediBar
~ MSI: 8 link(s) detected in 00mn 00s
~ 767 Legitimates filtered by white list
End of the scan (538 lines in 08mn 14s)(74)