~ Report of ZHPDiag v2015.6.4.54 - Nicolas Coolman (31/05/2015) ~ Launched by nouiouar (24/07/2015 10:29:31) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Web forum address : http://forum.nicolascoolman.fr ~ Translated by ~ Version State : New version available ~ White List : Deactivate by user ~ Elevation of privilege : OK ~ User Account Control : Deactivate by program ---\\ Internet browsers MSIE: Internet Explorer v11.0.9600.17905 (Defaut) ---\\ Windows product information ~ Langage: Anglais Windows Server License Manager Script : OK ~ Windows(R) Operating System, VOLUME_KMSCLIENT channel ~ Windows Partial Key : MKKG7 Windows License : OK Expiration Licence Windows : 238351 minute(s) (166 jour(s)) ~ Windows Remaining Initializations Number : 999 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK Windows 8.1 Enterprise, 32-bit (Build 9600) ---\\ System protection software Windows Defender W8 (Activate) ---\\ System optimization software ---\\ Sharing software PeerToPeer ---\\ Surveillance software ---\\ Information on the system ~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 969 MB (33% free) System Restore: Activé (Enable) System drive C: has 19 GB (49%) free of 39 GB ---\\ Connection to the system mode ~ Computer Name: MOHAMMED ~ User Name: nouiouar ~ All Users Names: nouiouar, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\nouiouar\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\nouiouar\AppData\Roaming\ ~ %Desktop% : C:\Users\nouiouar\Desktop\ ~ %Favorites% : C:\Users\nouiouar\Favorites\ ~ %LocalAppData% : C:\Users\nouiouar\AppData\Local\ ~ %StartMenu% : C:\Users\nouiouar\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 19 Go of 39 Go) D: Hard drive, Flash drive, Thumb drive (Free 40 Go of 49 Go) E: Hard drive, Flash drive, Thumb drive (Free 31 Go of 61 Go) F: CD-ROM drive (Not Inserted) G: Hard drive, Flash drive, Thumb drive (Free 117 Go of 596 Go) I: CD-ROM drive (Not Inserted) J: CD-ROM drive (Not Inserted) ---\\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: 43 Scanned in 00mn 00s ---\\ Search Generic System Files [MD5.91E24273FCA076EA9E65DAFA98901225] - (.Microsoft Corporation - Explorateur Windows.) (.27/01/2015 - 23:41:17.) -- C:\Windows\Explorer.exe [2207488] [MD5.DC02677945BDABD6B0C6A29914AA21EF] - (.Microsoft Corporation - Application de démarrage de Windows.) (.29/10/2014 - 01:02:57.) -- C:\Windows\System32\Wininit.exe [115712] [MD5.E2B8238F0A0D1ADBA3AE4A6D6F0EC756] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.15/06/2015 - 20:07:27.) -- C:\Windows\System32\wininet.dll [1951232] [MD5.E36FB29A2158B7D5DCA0F4E08DE75442] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.29/10/2014 - 01:01:18.) -- C:\Windows\System32\Winlogon.exe [465408] [MD5.BFB9E1202225113991F981D29BFB9029] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 08:08:12.) -- C:\Windows\System32\sppcomapi.dll [438272] [MD5.D75FB05E8DBF21FA0EF313C7503243F1] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.30/05/2014 - 03:05:35.) -- C:\Windows\system32\Drivers\AFD.sys [461312] [MD5.72FCAE2CE6DFEAB2AB072435017F3417] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 05:33:25.) -- C:\Windows\system32\Drivers\atapi.sys [23392] [MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 04:11:55.) -- C:\Windows\system32\Drivers\Cdfs.sys [73728] [MD5.E2FC132D48EA4E8B04432C33EFB77801] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 01:59:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [124928] [MD5.55758EBBC45E1628161121D7CFEAD4A1] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 08:23:11.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.7E0EDA9EE53E344D1604EB2A7E8DED47] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/07/2014 - 10:45:58.) -- C:\Windows\system32\Drivers\HDAudBus.sys [69632] [MD5.7A708934CC652100A94944EC808C3916] - (.Microsoft Corporation - Pilote de port i8042.) (.04/11/2014 - 05:03:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [83456] [MD5.FA6C94C754A566EA8A61D658932F32DE] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 11:03:35.) -- C:\Windows\system32\Drivers\IpNat.sys [126976] [MD5.49EDA7967848465645E2D809384D0EBA] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.27/06/2015 - 02:17:45.) -- C:\Windows\system32\Drivers\MRxSmb.sys [328704] [MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 04:08:26.) -- C:\Windows\system32\Drivers\netBT.sys [218624] [MD5.C52E578E3F8182C2EE6AAF0AC2B61C9B] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.15/10/2014 - 08:37:09.) -- C:\Windows\system32\Drivers\ntfs.sys [1689408] [MD5.4F30970F15ADCC382544B31D5D7E368E] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 04:11:49.) -- C:\Windows\system32\Drivers\Parport.sys [81408] [MD5.C51AB62AB41A2E8560D12472B204CC00] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 04:07:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [81920] [MD5.67E91843B0344411820A012063E876B2] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 - 03:49:28.) -- C:\Windows\system32\Drivers\rdpdr.sys [143872] [MD5.DB0C184142CF9FA1746F598A16EE92B2] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 06:13:54.) -- C:\Windows\system32\Drivers\tdx.sys [87040] [MD5.31A2AA48C1ECD390E2707E5C21B75DCE] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/06/2014 - 00:56:11.) -- C:\Windows\system32\Drivers\volsnap.sys [264512] ~ Generic Processes: Scanned in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/3 ~ Mes Favoris (My Favorites) : 1/2 ~ Mes Documents (My Documents) : 1/6 ~ Mon Bureau (My Desktop) : 1/12 ~ Menu demarrer (Programs) : 1/29 ~ Hidden Files: Scanned in 00mn 00s ---\\ Process running [MD5.5B7288EA34AB9B1BD91633737933E100] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) -- C:\Windows\system32\taskhostex.exe [67656] [PID.2764] [MD5.D957D405B01A04DEB1C066F787B70B16] - (.No owner - Update Platform Application.) -- C:\Program Files\ToolsUpdatePlatform\UpdatePlatform.exe [576456] [PID.2976] [MD5.A68AD9BF6C308F4EB50B147D6FBF6992] - (.No owner - ScreenSn Application.) -- C:\Program Files\ScreenSnapshotTool\1.0.1.10301\ScreenSnapshot.exe [1831584] [PID.3036] [MD5.7172E394D61CE38BB4D862CBB2F28A74] - (.Baidu, Inc. - Baidu AndroidStore Helper.) -- C:\Program Files\Baidu Security\MoboMarket\1.2.8.4379\bas_helper.exe [2201632] [PID.3588] [MD5.3801D7C7512EFE17788E375334E7E888] - (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files\PowerISO\PWRISOVM.exe [366904] [PID.3956] [MD5.79D4F45F45B0BB48625B474D29656E6A] - (.No owner - HiPlayer.) -- C:\Program Files\Hi\HiPlayer\1.18.1.104\HiPlayer.exe [1287592] [PID.4028] [MD5.1CF45B67AF6370CAF2E7622B3EBC34AC] - (.Baidu, Inc. - PC Faster Tray.) -- C:\Program Files\PC Faster\5.1.0.0\PCFTray.exe [2333152] [PID.4076] [MD5.FB1955D6BBC5F560711F938B3B6E89E1] - (.www.hi-player.com. - Media Streaming Service.) -- C:\Program Files\Hi\HiPlayer\1.18.1.104\HiP2PService.exe [521640] [PID.3076] [MD5.6CC003BBDFE70E2A8DE72C999EBFE54B] - (.Nicolas Coolman - ZHPFix.) -- C:\Program Files\ZHPDiag\ZHPFix\ZHPFix.exe [3060224] [PID.3944] [MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8214016] [PID.1836] ~ Processes Running: Scanned in 00mn 01s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - The plugin allows you to have a better experience with Microsoft Lync.) -- C:\Program Files\Mozilla Firefox\Plugins\npMeetingJoinPluginOC.dll P2 - FPN: [HKLM] [@hi.com/npxbdyy] - (.No owner - HiPlayer Browser Plugin.) -- C:\Program Files\Hi\HiPlayer\1.18.1.104\npxhiyy.dll P2 - FPN: [HKLM] [@microsoft.com/Lync,version=15.0] - (.Microsoft Corporation - The plugin allows you to have a better experience with Microsoft Lync.) -- C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) -- C:\Program Files\Microsoft Office\Office14\NPSPWRAP.dll ~ Firefox Browser: 6 Scanned in 00mn 00s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) (No version) -- (.not file.) ~ IE Browser: 9 Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 00s ---\\ Browser Helper Objects (O2) O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office\Office15\OCHelper.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files\Microsoft Office\Office14\URLREDIR.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft OneDrive for Business Extensions.) -- C:\Program Files\Microsoft Office\Office15\GROOVEEX.dll =>.Microsoft Corporation ~ BHO: 6 Scanned in 00mn 00s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [Baidu PC Faster 5.1.0.0] . (.Baidu, Inc. - PC Faster Tray.) -- C:\Program Files\PC Faster\5.1.0.0\PCFTray.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files\PowerISO\PWRISOVM.exe O4 - HKCU\..\Run: [HIMEDIA] . (.No owner - HiPlayer.) -- C:\Program Files\Hi\HiPlayer\1.18.1.104\HiPlayer.exe O4 - HKUS\S-1-5-21-1823229679-2137987844-2560219132-1001\..\Run: [HIMEDIA] . (.No owner - HiPlayer.) -- C:\Program Files\Hi\HiPlayer\1.18.1.104\HiPlayer.exe ~ Application: Scanned in 00mn 00s ---\\ IE Options icon not visible in Control Panel (O5) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ IE Control Panel: 1 Scanned in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office15\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: Cliquer pour appeler Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Skype for Business.) -- C:\Program Files\Microsoft Office\Office15\lync.exe O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office15\ONBTTN~1.dll =>.Microsoft Corporation ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll =>.Microsoft Corporation O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll ~ Winsock: 6 Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{1A86DAF5-FDEB-46F6-8B50-573B7AA8EC12}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1A86DAF5-FDEB-46F6-8B50-573B7AA8EC12}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ ShellServiceObjectDelayLoad (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ SSODL: 1 Scanned in 00mn 00s ---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Baidu MoboMarket Service (BASSVC) . (.Baidu, Inc. - Baidu MoboMarket Service.) - C:\Program Files\Baidu Security\MoboMarket\1.2.8.4379\bassvc.exe O23 - Service: Baidu PC Faster Service 5.1.0.0 (PCFasterSvc_{PCFaster_5.1.0.0}) . (.Baidu, Inc. - Baidu PC Faster Service.) - C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe O23 - Service: The Screen Snapshot Service (TheScreenSnapshotService) . (.No owner - The Screen Snapshot Service.) - C:\Program Files\ScreenSnapshotTool\1.0.1.10301\ScreenShotServ.exe ~ Services: 3 Scanned in 00mn 02s ---\\ Windows Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Desktop Component: 4 Scanned in 00mn 00s ---\\ BootExecute (BEX) (O34) O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ BEX: 1 Scanned in 00mn 00s ---\\ Task Planned Automatically (039) [MD5.E3FEA8060978EAB6FA5D40E74DE6308B] [APT] [AutoPico Daily Restart] (...) -- C:\Program Files\KMSpico\AutoPico.exe [1051416] =>PUA.KMSpico [MD5.909A77678E447339DB1880CDB1EA2F47] [APT] [Baidu PC Faster Service] (.Baidu, Inc..) -- C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe [1714448] [MD5.1E5F6A7543B676324A95E4474762F363] [APT] [Baidu PC Faster Update] (.Baidu, Inc..) -- C:\Program Files\PC Faster\5.1.0.0\Updater.exe [1359120] [MD5.D957D405B01A04DEB1C066F787B70B16] [APT] [ToolsUpdatePlatform_ScheduledTask] (...) -- C:\Program Files\ToolsUpdatePlatform\UpdatePlatform.exe [576456] [MD5.9E3D8ACED98F353064A6D8493E92CF04] [APT] [{61FFE1F9-137D-4c31-A181-3415FCAA5946}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}] (...) -- C:\Program Files\ScreenSnapshotTool\1.0.1.10301\InstallHelper.exe [849568] O39 - APT: ToolsUpdatePlatform_ScheduledTask - (...) -- C:\Windows\Tasks\ToolsUpdatePlatform_ScheduledTask.job [442] O39 - APT: ToolsUpdatePlatform_ScheduledTask - (...) -- C:\Windows\System32\Tasks\ToolsUpdatePlatform_ScheduledTask [442] O39 - APT: {61FFE1F9-137D-4c31-A181-3415FCAA5946}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} - (...) -- C:\Windows\Tasks\{61FFE1F9-137D-4c31-A181-3415FCAA5946}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job [646] O39 - APT: {61FFE1F9-137D-4c31-A181-3415FCAA5946}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} - (...) -- C:\Windows\System32\Tasks\{61FFE1F9-137D-4c31-A181-3415FCAA5946}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} [646] ~ Scheduled Task: 8 Scanned in 00mn 07s ---\\ ActiveSetup Installed Components (O40) O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll =>.Microsoft Corporation O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation O40 - ASIC: Disable SSL3 - {7D715857-A67C-4C2F-A929-038448584D63} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\System32\mscories.dll ~ Active Setup: 10 Scanned in 00mn 00s ---\\ Drivers launched at startup (O41) O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: C:\Windows\System32\drivers\ahcache.sys (ahcache) . (.Microsoft Corporation - Application Compatibility Cache.) - C:\Windows\System32\DRIVERS\ahcache.sys O41 - Driver: (BasicDisplay) . (.Microsoft Corporation - Microsoft Basic Display Driver.) - C:\Windows\system32\drivers\BasicDisplay.sys O41 - Driver: (BasicRender) . (.Microsoft Corporation - Microsoft Basic Render Driver.) - C:\Windows\system32\drivers\BasicRender.sys O41 - Driver: cdrom.inf (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys O41 - Driver: C:\Windows\System32\drivers\dam.sys (dam) . (.Microsoft Corporation - DAM Kernel Driver.) - C:\Windows\System32\drivers\dam.sys O41 - Driver: C:\Windows\System32\wkssvc.dll (Dfsc) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys O41 - Driver: (MpKsl1ff0858e) . (. - .) - C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6440825-E28E-4CD7-8CC1-87658AF34151}\MpKsl1ff0858e.sys (.not file.) O41 - Driver: (MpKslffcf3526) . (. - .) - C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6440825-E28E-4CD7-8CC1-87658AF34151}\MpKslffcf3526.sys (.not file.) O41 - Driver: mssmbios.inf (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys O41 - Driver: netnb.inf (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys O41 - Driver: npsvctrig.inf (npsvctrig) . (.Microsoft Corporation - Named pipe service triggers.) - C:\Windows\system32\drivers\npsvctrig.sys O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys O41 - Driver: C:\Windows\System32\drivers\vwififlt.sys (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\system32\DRIVERS\vwififlt.sys ~ Drivers: 38 Scanned in 00mn 00s ---\\ Software installed (O42) O42 - Logiciel: Advanced ScreenSnapshot 1.0 - (.qiusheng xie.) [HKLM] -- {61FFE1F9-137D-4c31-A181-3415FCAA5946} O42 - Logiciel: Baidu PC Faster - (.Baidu, Inc..) [HKLM] -- Baidu PC Faster 5.1.0.0 O42 - Logiciel: HiPlayer1.18.1.104 - (.http://www.hi-player.com.) [HKLM] -- HiPlayer O42 - Logiciel: KMSpico v9.1.3 - (...) [HKLM] -- KMSpico_is1 =>PUA.KMSpico O42 - Logiciel: MPC-HC 1.6.6.6500 (32f7082) - (.MPC-HC Team.) [HKLM] -- {2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1 O42 - Logiciel: Microsoft Access MUI (French) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0015-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft DCF MUI (French) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0090-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Excel MUI (French) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0016-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Groove MUI (French) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-00BA-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft InfoPath MUI (French) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0044-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Lync MUI (French) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-012B-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft OneNote MUI (French) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-00A1-040C-0000-0000000FF1CE} =>.Microsoft Corporation O42 - Logiciel: Microsoft Outlook MUI (French) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-001A-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft PowerPoint MUI (French) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0018-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Publisher MUI (French) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-0019-040C-0000-0000000FF1CE} O42 - Logiciel: Microsoft Visio Premium 2010 - (.Microsoft Corporation.) [HKLM] -- Office14.VISIO O42 - Logiciel: Microsoft Word MUI (French) 2013 - (.Microsoft Corporation.) [HKLM] -- {90150000-001B-040C-0000-0000000FF1CE} O42 - Logiciel: PowerISO - (.Power Software Ltd.) [HKLM] -- PowerISO O42 - Logiciel: Tools Update Platform - (.Beijing Zhihuimen Techology co,.Ltd.) [HKLM] -- {6A128791-4857-4484-9BB2-71D4C1257200} O42 - Logiciel: Update for Skype for Business 2015 (KB2889853) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90150000-012B-040C-0000-0000000FF1CE}_Office15.PROPLUS_{AE1BB975-11D1-49A0-82E8-1D26DD62AFE7} O42 - Logiciel: Update for Skype for Business 2015 (KB3054946) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8} O42 - Logiciel: Update for Skype for Business 2015 (KB3054946) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90150000-012B-040C-0000-0000000FF1CE}_Office15.PROPLUS_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8} O42 - Logiciel: WinRAR 5.00 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver O42 - Logiciel: WinSetupFromUSB - (...) [HKCU] -- WinSetupFromUSB ~ Logic: 23 Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AppDataLow] [HKCU\Software\Baidu Security] [HKCU\Software\Classes] [HKCU\Software\CoreAAC] [HKCU\Software\Gabest] [HKCU\Software\IM Providers] [HKCU\Software\Macromedia] [HKCU\Software\Mine] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\Policies] [HKCU\Software\PowerISO] [HKCU\Software\RegisteredApplications] [HKCU\Software\Sysinternals] [HKCU\Software\UsbFix] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\ZebHelpProcess Helper] [HKLM\Software\Baidu Security] [HKLM\Software\Baidu_Drp_pos] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\CloudOpt] [HKLM\Software\CoreCodec] [HKLM\Software\DtsEncodeTools] [HKLM\Software\EVP] [HKLM\Software\HaaliMkx] [HKLM\Software\Hi] [HKLM\Software\IM Providers] [HKLM\Software\Intel] [HKLM\Software\Macromedia] [HKLM\Software\MozillaPlugins] [HKLM\Software\ODBC] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\SOSVirus] [HKLM\Software\ScreenSnapshotTool] [HKLM\Software\ToolsUpdatePlatform] [HKLM\Software\WeatherTool] [HKLM\Software\WinRAR] ~ Key Software: 91 Scanned in 00mn 00s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 26/06/2015 - 20:09:25 - [] ----D C:\Program Files\Baidu Security O43 - CFD: 26/06/2015 - 17:52:24 - [] ----D C:\Program Files\Common Files O43 - CFD: 26/06/2015 - 17:31:05 - [] -SH-D C:\Program Files\Fichiers communs O43 - CFD: 26/06/2015 - 18:55:32 - [] ----D C:\Program Files\Hi O43 - CFD: 15/07/2015 - 22:37:19 - [] ----D C:\Program Files\Internet Explorer O43 - CFD: 26/06/2015 - 17:58:39 - [] ----D C:\Program Files\KMSpico =>PUA.KMSpico O43 - CFD: 26/06/2015 - 17:47:45 - [] ----D C:\Program Files\Microsoft Analysis Services O43 - CFD: 26/06/2015 - 18:55:58 - [] ----D C:\Program Files\Microsoft Office O43 - CFD: 26/06/2015 - 17:52:00 - [] ----D C:\Program Files\Microsoft SQL Server O43 - CFD: 08/07/2015 - 12:27:32 - [] ----D C:\Program Files\Microsoft.NET O43 - CFD: 09/07/2015 - 15:48:05 - [] ----D C:\Program Files\Mozilla Firefox O43 - CFD: 26/06/2015 - 19:23:21 - [] ----D C:\Program Files\MPC-HC O43 - CFD: 26/06/2015 - 18:58:56 - [] ----D C:\Program Files\PC Faster O43 - CFD: 23/07/2015 - 22:47:50 - [] ----D C:\Program Files\PowerISO O43 - CFD: 10/07/2015 - 00:06:33 - [] ----D C:\Program Files\ScreenSnapshotTool O43 - CFD: 23/07/2015 - 23:51:38 - [] ----D C:\Program Files\shamela O43 - CFD: 10/07/2015 - 00:06:43 - [] ----D C:\Program Files\ToolsUpdatePlatform O43 - CFD: 22/08/2013 - 07:24:44 - [0] --H-D C:\Program Files\Uninstall Information O43 - CFD: 02/07/2015 - 02:40:56 - [] ----D C:\Program Files\Windows Defender O43 - CFD: 02/07/2015 - 02:39:15 - [] ----D C:\Program Files\Windows Journal O43 - CFD: 02/07/2015 - 02:40:26 - [] ----D C:\Program Files\Windows Mail =>.Microsoft Corporation O43 - CFD: 02/07/2015 - 02:40:26 - [] ----D C:\Program Files\Windows Media Player =>.Microsoft Corporation O43 - CFD: 02/07/2015 - 02:40:26 - [] ----D C:\Program Files\Windows Multimedia Platform O43 - CFD: 26/06/2015 - 17:31:05 - [] ----D C:\Program Files\Windows NT O43 - CFD: 02/07/2015 - 02:40:25 - [] ----D C:\Program Files\Windows Photo Viewer O43 - CFD: 02/07/2015 - 02:40:26 - [] ----D C:\Program Files\Windows Portable Devices O43 - CFD: 22/08/2013 - 08:17:26 - [] -SH-D C:\Program Files\Windows Sidebar O43 - CFD: 14/07/2015 - 23:09:31 - [] --H-D C:\Program Files\WindowsApps O43 - CFD: 02/07/2015 - 02:39:33 - [] ----D C:\Program Files\WindowsPowerShell O43 - CFD: 26/06/2015 - 19:06:38 - [] ----D C:\Program Files\WinRAR O43 - CFD: 24/07/2015 - 09:45:17 - [] ----D C:\Program Files\ZHPDiag =>.Nicolas Coolman O43 - CFD: 09/07/2015 - 16:21:49 - [] ----D C:\Program Files\Common Files\DESIGNER O43 - CFD: 08/07/2015 - 12:27:28 - [] ----D C:\Program Files\Common Files\microsoft shared O43 - CFD: 22/08/2013 - 08:17:35 - [] ----D C:\Program Files\Common Files\Services O43 - CFD: 08/07/2015 - 12:19:44 - [] ----D C:\Program Files\Common Files\System O43 - CFD: 22/08/2013 - 07:23:42 - [] -SH-D C:\ProgramData\Application Data O43 - CFD: 26/06/2015 - 20:09:31 - [] ----D C:\ProgramData\Baidu O43 - CFD: 26/06/2015 - 20:10:31 - [] ----D C:\ProgramData\Baidu Security O43 - CFD: 26/06/2015 - 17:31:05 - [] -SH-D C:\ProgramData\Bureau O43 - CFD: 22/08/2013 - 07:23:42 - [] -SH-D C:\ProgramData\Desktop O43 - CFD: 22/08/2013 - 07:23:42 - [] -SH-D C:\ProgramData\Documents O43 - CFD: 26/06/2015 - 18:57:18 - [] ----D C:\ProgramData\Hi O43 - CFD: 26/06/2015 - 17:31:05 - [] -SH-D C:\ProgramData\Menu Démarrer O43 - CFD: 24/07/2015 - 02:31:37 - [] -S--D C:\ProgramData\Microsoft O43 - CFD: 19/07/2015 - 11:16:02 - [] ----D C:\ProgramData\Microsoft Help O43 - CFD: 26/06/2015 - 17:31:05 - [] -SH-D C:\ProgramData\Modèles O43 - CFD: 26/06/2015 - 19:02:04 - [] ----D C:\ProgramData\PC Faster O43 - CFD: 02/07/2015 - 02:39:37 - [] ----D C:\ProgramData\regid.1991-06.com.microsoft O43 - CFD: 24/07/2015 - 09:46:21 - [] ----D C:\ProgramData\RogueKiller O43 - CFD: 22/08/2013 - 07:23:42 - [] -SH-D C:\ProgramData\Start Menu O43 - CFD: 22/08/2013 - 07:23:42 - [] -SH-D C:\ProgramData\Templates O43 - CFD: 24/07/2015 - 10:02:56 - [] ----D C:\ProgramData\ToolsUpdatePlatform O43 - CFD: 02/07/2015 - 02:40:46 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility O43 - CFD: 02/07/2015 - 02:40:46 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 02/07/2015 - 02:40:59 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 24/07/2015 - 10:12:05 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster O43 - CFD: 26/06/2015 - 18:57:07 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiPlayer O43 - CFD: 26/06/2015 - 17:58:24 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUA.KMSpico O43 - CFD: 22/08/2013 - 08:17:27 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 26/06/2015 - 18:58:24 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office O43 - CFD: 15/07/2015 - 14:44:35 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 O43 - CFD: 26/06/2015 - 19:23:22 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC O43 - CFD: 23/07/2015 - 22:47:51 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO O43 - CFD: 22/08/2013 - 08:17:27 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp O43 - CFD: 02/07/2015 - 02:40:46 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools O43 - CFD: 30/09/2013 - 03:49:33 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 26/06/2015 - 19:05:58 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 24/07/2015 - 09:45:18 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP =>.Nicolas Coolman O43 - CFD: 26/06/2015 - 17:32:28 - [] ----D C:\Users\nouiouar\AppData\Roaming\Adobe O43 - CFD: 26/06/2015 - 20:43:53 - [] ----D C:\Users\nouiouar\AppData\Roaming\Baidu O43 - CFD: 26/06/2015 - 18:57:34 - [] ----D C:\Users\nouiouar\AppData\Roaming\Baidu Security O43 - CFD: 02/07/2015 - 10:29:05 - [] ----D C:\Users\nouiouar\AppData\Roaming\Identities O43 - CFD: 26/06/2015 - 20:37:21 - [] ----D C:\Users\nouiouar\AppData\Roaming\Macromedia O43 - CFD: 26/06/2015 - 19:24:38 - [] ----D C:\Users\nouiouar\AppData\Roaming\Media Player Classic O43 - CFD: 24/07/2015 - 02:31:29 - [] -S--D C:\Users\nouiouar\AppData\Roaming\Microsoft O43 - CFD: 26/06/2015 - 19:00:35 - [] ----D C:\Users\nouiouar\AppData\Roaming\PC Faster O43 - CFD: 23/07/2015 - 22:48:33 - [] ----D C:\Users\nouiouar\AppData\Roaming\PowerISO O43 - CFD: 10/07/2015 - 00:06:42 - [] ----D C:\Users\nouiouar\AppData\Roaming\ScreenSnapshotTool O43 - CFD: 23/07/2015 - 22:01:15 - [] ----D C:\Users\nouiouar\AppData\Roaming\WinRAR O43 - CFD: 24/07/2015 - 10:29:59 - [] ----D C:\Users\nouiouar\AppData\Roaming\ZHP =>.Nicolas Coolman O43 - CFD: 26/06/2015 - 17:32:15 - [] -SH-D C:\Users\nouiouar\AppData\Local\Application Data O43 - CFD: 26/06/2015 - 20:46:37 - [] ----D C:\Users\nouiouar\AppData\Local\Diagnostics O43 - CFD: 05/07/2015 - 01:50:33 - [] ----D C:\Users\nouiouar\AppData\Local\ElevatedDiagnostics O43 - CFD: 26/06/2015 - 17:32:15 - [] -SH-D C:\Users\nouiouar\AppData\Local\Historique O43 - CFD: 24/07/2015 - 02:31:36 - [] ----D C:\Users\nouiouar\AppData\Local\Microsoft O43 - CFD: 26/06/2015 - 17:47:39 - [0] ----D C:\Users\nouiouar\AppData\Local\Microsoft Help O43 - CFD: 26/06/2015 - 17:33:47 - [] ----D C:\Users\nouiouar\AppData\Local\Packages O43 - CFD: 26/06/2015 - 17:57:25 - [] ----D C:\Users\nouiouar\AppData\Local\Programs O43 - CFD: 24/07/2015 - 10:28:27 - [] ----D C:\Users\nouiouar\AppData\Local\Temp O43 - CFD: 26/06/2015 - 17:32:15 - [] -SH-D C:\Users\nouiouar\AppData\Local\Temporary Internet Files O43 - CFD: 23/07/2015 - 16:12:37 - [] ----D C:\Users\nouiouar\AppData\Local\VirtualStore O43 - CFD: 22/08/2013 - 08:17:27 - [] R---D C:\Users\nouiouar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility O43 - CFD: 22/08/2013 - 08:17:27 - [] R---D C:\Users\nouiouar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 16/07/2015 - 00:57:16 - [] R---D C:\Users\nouiouar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 26/06/2015 - 19:00:55 - [] ----D C:\Users\nouiouar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster O43 - CFD: 22/08/2013 - 08:17:27 - [] ----D C:\Users\nouiouar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 16/07/2015 - 00:57:16 - [] R---D C:\Users\nouiouar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 22/08/2013 - 08:17:27 - [] R---D C:\Users\nouiouar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools O43 - CFD: 26/06/2015 - 19:05:58 - [] ----D C:\Users\nouiouar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR ~ Program Folder: 99 Scanned in 00mn 00s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.2F3B77569241883F1B0FD7821A1EFB60] - 09/07/2015 - 15:31:37 ---A- . (.Microsoft Corporation - Expérience utilisateur du client Windows Up.) -- C:\Windows\System32\wucltux.dll [2163200] O44 - LFC:[MD5.00AFDE50445AE39F2B6DE0FAC937D7DF] - 09/07/2015 - 15:34:40 ---A- . (.Microsoft Corporation - API du client Windows Update.) -- C:\Windows\System32\wuapi.dll [721920] O44 - LFC:[MD5.DE3A47073AE1D0554C6BC8209EAA61D6] - 09/07/2015 - 15:35:19 ---A- . (.Microsoft Corporation - Windows Update WUDriver Stub.) -- C:\Windows\System32\wudriver.dll [81920] O44 - LFC:[MD5.9D0E38EB647C88D55869EB9B173AAFF3] - 09/07/2015 - 15:35:33 ---A- . (.Microsoft Corporation - Windows Update Modern WuApp.) -- C:\Windows\System32\WUSettingsProvider.dll [334336] O44 - LFC:[MD5.73C97B94FDCA957A2BEF94EEF66B9D82] - 09/07/2015 - 15:37:44 ---A- . (.Microsoft Corporation - Windows Update Vista Web Control.) -- C:\Windows\System32\wuwebv.dll [124928] O44 - LFC:[MD5.9F8E5FF86AD54E60537158E30230A4FD] - 09/07/2015 - 15:38:21 ---A- . (.Microsoft Corporation - Windows Update Application Launcher.) -- C:\Windows\System32\wuapp.exe [29696] O44 - LFC:[MD5.18C0283595B3082D6ADD3F0863258FF8] - 09/07/2015 - 15:39:51 ---A- . (.Microsoft Corporation - Agent de mise à jour automatique Windows Up.) -- C:\Windows\System32\wuaueng.dll [3062784] O44 - LFC:[MD5.1363812D50F19B484B6C42F64D2ACA2E] - 09/07/2015 - 16:26:48 ---A- . (...) -- C:\Windows\vbaddin.ini [39] O44 - LFC:[MD5.CD3BFFB7B15A95E49C07AC19FABE3F28] - 09/07/2015 - 18:05:05 ---A- . (.Microsoft Corporation - Windows Update.) -- C:\Windows\System32\wuauclt.exe [128568] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/07/2015 - 19:36:18 ---A- . (...) -- C:\Windows\setuperr.log [0] O44 - LFC:[MD5.2D37586F7FC15B86FFCEE3DB5A932538] - 13/07/2015 - 21:10:13 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\System32\FlashPlayerApp.exe [792568] O44 - LFC:[MD5.FF1F8C8A8272121420E23E05815A346A] - 13/07/2015 - 21:10:13 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [178168] O44 - LFC:[MD5.48814EF371C4C7A5AE6DAAEA63E6F614] - 14/07/2015 - 14:14:02 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\System32\atmlib.dll [35840] O44 - LFC:[MD5.EFAEF87C3500B146CBD620EDD815B75D] - 14/07/2015 - 14:14:06 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\System32\atmfd.dll [301056] O44 - LFC:[MD5.E5DDB8D6AF261A73BB4E127F3F3C15C3] - 15/07/2015 - 13:41:41 ---A- . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\System32\audiosrv.dll [694272] O44 - LFC:[MD5.798ECCEB169C290378D98D79816EC3E4] - 15/07/2015 - 13:41:49 ---A- . (.Microsoft Corporation - Générateur de points de terminaison du serv.) -- C:\Windows\System32\AudioEndpointBuilder.dll [193536] O44 - LFC:[MD5.1F6FF782DCFAF4CBBD3D9DB3CAB63B6A] - 15/07/2015 - 13:42:04 ---A- . (.Microsoft Corporation - Pilote de miniport Bluetooth pour les périp.) -- C:\Windows\System32\Drivers\hidbth.sys [83456] O44 - LFC:[MD5.2BCF45C6D36801C93805FFE50AC5D76E] - 15/07/2015 - 13:42:06 ---A- . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [190464] O44 - LFC:[MD5.5AD9023A049EF049EAD7EEE8CCA8C1FF] - 15/07/2015 - 13:42:11 ---A- . (.Microsoft Corporation - DLL serveur LSA.) -- C:\Windows\System32\lsasrv.dll [1117696] O44 - LFC:[MD5.55CAC5AC2BDC8AB79BF30A7555189405] - 15/07/2015 - 13:42:12 ---A- . (.Microsoft Corporation - Kernel Security Support Provider Interface.) -- C:\Windows\System32\Drivers\ksecpkg.sys [147800] O44 - LFC:[MD5.7C25AC0150ADD25121170A3EC8DFC147] - 15/07/2015 - 13:42:13 ---A- . (.Microsoft Corporation - Longhorn SMB Downlevel SubRdr.) -- C:\Windows\System32\Drivers\mrxsmb10.sys [229376] O44 - LFC:[MD5.780F3D4149BB3F98F1B5C97C74CCA527] - 15/07/2015 - 13:42:13 ---A- . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll [332120] O44 - LFC:[MD5.80E4E92B84A45ED2218323201FA518EF] - 15/07/2015 - 13:42:14 ---A- . (.Microsoft Corporation - Longhorn SMB 2.0 Redirector.) -- C:\Windows\System32\Drivers\mrxsmb20.sys [154112] O44 - LFC:[MD5.49EDA7967848465645E2D809384D0EBA] - 15/07/2015 - 13:42:14 ---A- . (.Microsoft Corporation - Minirdr SMB Windows NT.) -- C:\Windows\System32\Drivers\mrxsmb.sys [328704] O44 - LFC:[MD5.51A403F76D38BBA81E52AACB4CF858A1] - 15/07/2015 - 13:42:15 ---A- . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll [802816] O44 - LFC:[MD5.3A5877A097F43012EB55A7F4C0DB16E4] - 15/07/2015 - 13:42:15 ---A- . (.Microsoft Corporation - Runtime d’appel de procédure distante.) -- C:\Windows\System32\rpcrt4.dll [851704] O44 - LFC:[MD5.052FBC5525FA2975FC08EBD130BC0209] - 15/07/2015 - 13:42:19 ---A- . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe [59904] O44 - LFC:[MD5.C68E1EC5B40FA3BAEF5088F15A687BA3] - 15/07/2015 - 13:42:19 ---A- . (.Microsoft Corporation - Windows Installer.) -- C:\Windows\System32\msi.dll [3607552] O44 - LFC:[MD5.FFFFA05A3C67F715D91978351F84D254] - 15/07/2015 - 13:42:21 ---A- . (.Microsoft Corporation - Interface utilisateur d’authentification Wi.) -- C:\Windows\System32\authui.dll [2460160] O44 - LFC:[MD5.93284B150FCE0666A3645F2B2C98A3A6] - 15/07/2015 - 13:42:23 ---A- . (.Microsoft Corporation - GDI Client DLL.) -- C:\Windows\System32\gdi32.dll [1132640] O44 - LFC:[MD5.E5D612288806D913E5F28D958152010D] - 15/07/2015 - 13:45:41 ---A- . (.Microsoft Corporation - Remote NDIS USB Driver.) -- C:\Windows\System32\Drivers\usb8023.sys [15360] O44 - LFC:[MD5.AA8175D71F6936A4E7C6B575A79ED6F8] - 15/07/2015 - 13:47:01 ---A- . (.Microsoft Corporation - Service Broker pour les événements système.) -- C:\Windows\System32\SystemEventsBrokerServer.dll [207360] O44 - LFC:[MD5.910003CCC721F96A7C7017D53A3AB4A6] - 15/07/2015 - 13:47:03 ---A- . (.Microsoft Corporation - PDF WinRT APIs.) -- C:\Windows\System32\Windows.Data.Pdf.dll [5264384] O44 - LFC:[MD5.0547AC2CA333162E928351B1DF3144F3] - 15/07/2015 - 13:47:04 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [410739] O44 - LFC:[MD5.2BC0B2D0D19A65FF74E27BC9C6BEC393] - 15/07/2015 - 13:47:05 ---A- . (.Microsoft Corporation - Service d’infrastructure de localisation Wi.) -- C:\Windows\System32\GeofenceMonitorService.dll [367104] O44 - LFC:[MD5.00E077C85F64897F5A4B093DD45CDE93] - 15/07/2015 - 13:47:08 ---A- . (.Microsoft Corporation - ExplorerFrame.) -- C:\Windows\System32\ExplorerFrame.dll [2706432] O44 - LFC:[MD5.F07E7EF7DC9FF275853A164AC02AA006] - 15/07/2015 - 13:47:09 ---A- . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll [19734960] O44 - LFC:[MD5.FC95786AA45FEB81F4330A384E85EA96] - 15/07/2015 - 13:47:13 ---A- . (.Microsoft Corporation - Pilote de filtre souris HID.) -- C:\Windows\System32\Drivers\mouhid.sys [22528] O44 - LFC:[MD5.4961FAE2D65C25098DB9B6CDD950A2B0] - 15/07/2015 - 13:47:13 ---A- . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys [19968] O44 - LFC:[MD5.8EB53567EB006D50146C2748AEBB01F6] - 15/07/2015 - 13:47:14 ---A- . (.Microsoft Corporation - Pilote de filtre clavier HID.) -- C:\Windows\System32\Drivers\kbdhid.sys [23552] O44 - LFC:[MD5.616877586D4E3351D135C9ABBCD2DB9A] - 15/07/2015 - 13:47:14 ---A- . (.Microsoft Corporation - Pilote de la classe Clavier.) -- C:\Windows\System32\Drivers\kbdclass.sys [45888] O44 - LFC:[MD5.0F5D7D7ED440859CABE967027F74B769] - 15/07/2015 - 13:47:14 ---A- . (.Microsoft Corporation - Pilote de la classe Souris.) -- C:\Windows\System32\Drivers\mouclass.sys [41792] O44 - LFC:[MD5.7A708934CC652100A94944EC808C3916] - 15/07/2015 - 13:47:14 ---A- . (.Microsoft Corporation - Pilote de port i8042.) -- C:\Windows\System32\Drivers\i8042prt.sys [83456] O44 - LFC:[MD5.00DDCA458B06F9FDBD94B0245011D108] - 15/07/2015 - 13:47:21 ---A- . (.Microsoft Corporation - Contrôle d’édition de texte enrichi, v7.5.) -- C:\Windows\System32\msftedit.dll [2471424] O44 - LFC:[MD5.7F99D7C779056615EA4F110AB11D0BE5] - 15/07/2015 - 13:47:22 ---A- . (.Microsoft Corporation - Microsoft OLE pour Windows.) -- C:\Windows\System32\ole32.dll [1212248] O44 - LFC:[MD5.C9C47A696BFB186CE23E7AD9421520F6] - 15/07/2015 - 13:47:39 ---A- . (.Microsoft Corporation - Microsoft (R) JScript.) -- C:\Windows\System32\jscript.dll [664064] O44 - LFC:[MD5.52C0648A543920034213337C2BC3E7F7] - 15/07/2015 - 13:47:40 ---A- . (.Microsoft Corporation - Objets homologues Internet Explorer.) -- C:\Windows\System32\iepeers.dll [128000] O44 - LFC:[MD5.6D7282F5A10E4A99F990FC19C6DF8010] - 15/07/2015 - 13:47:41 ---A- . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll [230400] O44 - LFC:[MD5.1E89000637EC1481143FAED744BB3BA1] - 15/07/2015 - 13:47:41 ---A- . (.Microsoft Corporation - Microsoft® HTML Editing Component.) -- C:\Windows\System32\mshtmled.dll [76288] O44 - LFC:[MD5.E521E979CD0E965A98B62DD97179455B] - 15/07/2015 - 13:47:41 ---A- . (.Microsoft Corporation - Personnalisation d’IEAK.) -- C:\Windows\System32\iedkcs32.dll [327168] O44 - LFC:[MD5.BC8215B25C42E741A80BC4B264427070] - 15/07/2015 - 13:47:42 ---A- . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll [880128] O44 - LFC:[MD5.7D28B19A2238BBC853A10134C1D6F8EB] - 15/07/2015 - 13:47:42 ---A- . (.Microsoft Corporation - Panneau de configuration Internet.) -- C:\Windows\System32\inetcpl.cpl [2052608] O44 - LFC:[MD5.56F69242999ADD150DDBE8F20B27873D] - 15/07/2015 - 13:47:43 ---A- . (.Microsoft Corporation - DLL de gestion d'utilisateur local et de co.) -- C:\Windows\System32\msrating.dll [168960] O44 - LFC:[MD5.D8BF6D6A53F01F994FD1E418214A6A3F] - 15/07/2015 - 13:47:44 ---A- . (.Microsoft Corporation - Microsoft Feeds Manager.) -- C:\Windows\System32\msfeeds.dll [689152] O44 - LFC:[MD5.23EFF186B887412CC057F49091D6AFCC] - 15/07/2015 - 13:47:44 ---A- . (.Microsoft Corporation - Moteur de l’interface utilisateur d’Interne.) -- C:\Windows\System32\ieui.dll [478208] O44 - LFC:[MD5.FBAB9BC4D37919C1FF3ABC8EF7B6519A] - 15/07/2015 - 13:47:44 ---A- . (.Microsoft Corporation - TDC ActiveX Control.) -- C:\Windows\System32\tdc.ocx [73216] O44 - LFC:[MD5.6163462E9F2F2252C1923F00B0156324] - 15/07/2015 - 13:47:45 ---A- . (.Microsoft Corporation - DAC for Trident DOM.) -- C:\Windows\System32\MshtmlDac.dll [64000] O44 - LFC:[MD5.77A44634B72E71572EDBBA68CF3396EF] - 15/07/2015 - 13:47:45 ---A- . (.Microsoft Corporation - Microsoft SmartScreen Filter.) -- C:\Windows\System32\ieapfltr.dll [710144] O44 - LFC:[MD5.100C1CE9CD6B071C257CF01BC8862FC2] - 15/07/2015 - 13:47:46 ---A- . (.Microsoft Corporation - ActiveX Interface Marshaling Library.) -- C:\Windows\System32\actxprxy.dll [1048576] O44 - LFC:[MD5.A4CDF35747C0023EAA346A602398B21A] - 15/07/2015 - 13:47:46 ---A- . (.Microsoft Corporation - Microsoft ® VBScript.) -- C:\Windows\System32\vbscript.dll [504320] O44 - LFC:[MD5.E2B8238F0A0D1ADBA3AE4A6D6F0EC756] - 15/07/2015 - 13:47:47 ---A- . (.Microsoft Corporation - Extensions Internet pour Win32.) -- C:\Windows\System32\wininet.dll [1951232] O44 - LFC:[MD5.05CA106A1B68770BDABB9AA7AEAE516A] - 15/07/2015 - 13:48:02 ---A- . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll [1310720] O44 - LFC:[MD5.8EDF7B6D3A563DAA06DD87053C734168] - 15/07/2015 - 13:48:02 ---A- . (.Microsoft Corporation - Utilitaire à l’exécution pour Internet Expl.) -- C:\Windows\System32\iertutil.dll [2279424] O44 - LFC:[MD5.AFAEB9E4269846C64DC9721B1BFA5CEC] - 15/07/2015 - 13:48:05 ---A- . (.Microsoft Corporation - Navigateur Internet.) -- C:\Windows\System32\ieframe.dll [12855296] O44 - LFC:[MD5.116F506573B59B85CD0DC18527E9951A] - 15/07/2015 - 13:48:32 ---A- . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll [19877376] O44 - LFC:[MD5.BE2E7F60FE2D64346530A31E60F41505] - 15/07/2015 - 13:48:36 ---A- . (.Microsoft Corporation - Microsoft (R) JScript.) -- C:\Windows\System32\jscript9.dll [4520448] O44 - LFC:[MD5.CAE173731AC6BB5BA52EDAC928D75481] - 15/07/2015 - 13:48:38 ---A- . (.Microsoft Corporation - DLL d’affichage Wi-Fi.) -- C:\Windows\System32\WiFiDisplay.dll [107008] O44 - LFC:[MD5.384D3D731A4C1C04D36EC55E39F862E4] - 15/07/2015 - 13:49:11 ---A- . (.Microsoft Corporation - Windows Update client proxy stub 2.) -- C:\Windows\System32\wups2.dll [23552] O44 - LFC:[MD5.6125B69B76160B3B7D07653EE8034272] - 15/07/2015 - 13:49:11 ---A- . (.Microsoft Corporation - Windows Update client proxy stub.) -- C:\Windows\System32\wups.dll [27136] O44 - LFC:[MD5.D501CA6E0B28A9DE62171347E05725AB] - 15/07/2015 - 13:49:12 ---A- . (.Microsoft Corporation - Windows Setup UI.) -- C:\Windows\System32\WinSetupUI.dll [239104] O44 - LFC:[MD5.5D3EADE2F3C9F79F8ED40E724CBBB5EC] - 15/07/2015 - 13:49:28 ---A- . (.Microsoft Corporation - DLL WSShared.) -- C:\Windows\System32\WSShared.dll [811008] O44 - LFC:[MD5.6FB4F266A7834A26D3AEE5673F101177] - 15/07/2015 - 13:49:28 ---A- . (.Microsoft Corporation - DLL d’exécution de l’infrastructure de test.) -- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll [210944] O44 - LFC:[MD5.78D44A5E60FFCC464F4A38897C332755] - 15/07/2015 - 13:49:30 ---A- . (.Microsoft Corporation - Pilote Win32 multi-utilisateurs.) -- C:\Windows\System32\win32k.sys [3531776] O44 - LFC:[MD5.4321AD4636F0E8E11A7B06B346D44AF0] - 15/07/2015 - 13:49:32 ---A- . (...) -- C:\Windows\System32\locale.nls [513480] O44 - LFC:[MD5.D6952DF610631A84A61F872FC1856A85] - 15/07/2015 - 13:49:34 ---A- . (.Microsoft Corporation - Program Compatibility Data Updater.) -- C:\Windows\System32\aepdu.dll [202752] O44 - LFC:[MD5.5AE62FBA67DD96252958CF397CC36340] - 15/07/2015 - 13:49:35 ---A- . (.Microsoft Corporation - Compatibility Upgrade Migration Host.) -- C:\Windows\System32\acmigration.dll [58880] O44 - LFC:[MD5.620DC407CDD38240CEF9844F1F40B3F4] - 15/07/2015 - 13:49:35 ---A- . (.Microsoft Corporation - Device Inventory Library.) -- C:\Windows\System32\devinv.dll [341504] O44 - LFC:[MD5.6AF2B31E16F71F65975CF30E8B028829] - 15/07/2015 - 13:49:36 ---A- . (.Microsoft Corporation - Application Experience Program Inventory Co.) -- C:\Windows\System32\aeinv.dll [932864] O44 - LFC:[MD5.813C5125E1431BA471326F0C872E12A3] - 15/07/2015 - 13:49:36 ---A- . (.Microsoft Corporation - Compatibility Appraiser.) -- C:\Windows\System32\appraiser.dll [923648] O44 - LFC:[MD5.EF8E3F5AE0606CCDA3C8448DB3F7244B] - 15/07/2015 - 13:49:36 ---A- . (.Microsoft Corporation - General Telemetry.) -- C:\Windows\System32\generaltel.dll [587264] O44 - LFC:[MD5.75F3C6D88D863B26F4BAD5852794CE78] - 15/07/2015 - 13:49:36 ---A- . (.Microsoft Corporation - Inventory Agent.) -- C:\Windows\System32\invagent.dll [628224] O44 - LFC:[MD5.BCD887444DCF7A270286974B83AD1926] - 15/07/2015 - 13:49:36 ---A- . (.Microsoft Corporation - Microsoft Compatibility Telemetry.) -- C:\Windows\System32\CompatTelRunner.exe [24240] O44 - LFC:[MD5.06DC70D38EE5AD4037A74986F61DED9B] - 15/07/2015 - 13:49:39 ---A- . (.Microsoft Corporation - Panneau de configuration de l’historique de.) -- C:\Windows\System32\fhcpl.dll [308736] O44 - LFC:[MD5.DAA6AAD525D12F8985695B882301336F] - 15/07/2015 - 14:40:39 ---A- . (...) -- C:\Windows\win.ini [167] O44 - LFC:[MD5.8067740CAABD5F03EC4B8AB7B7868883] - 23/07/2015 - 22:20:44 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1734474] O44 - LFC:[MD5.1DE21B06DDB225AF1C1FAD68675FCB2C] - 23/07/2015 - 22:20:44 ---A- . (...) -- C:\Windows\System32\perfc009.dat [127614] O44 - LFC:[MD5.6B98E22CF54FA867796B0D7377515C4B] - 23/07/2015 - 22:20:44 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [150868] O44 - LFC:[MD5.10ECE4F8E0B59056710F01785520B17E] - 23/07/2015 - 22:20:44 ---A- . (...) -- C:\Windows\System32\perfh009.dat [686982] O44 - LFC:[MD5.C6DD14D956DF603E97617BB497DE3FE3] - 23/07/2015 - 22:20:44 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [764776] O44 - LFC:[MD5.51FD3FF613C98EAB3F6A12A1D9062981] - 24/07/2015 - 02:28:33 ---A- . (...) -- C:\Windows\PFRO.log [576] O44 - LFC:[MD5.09980C29935F3FBFD2FE635277D85A81] - 24/07/2015 - 02:28:39 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [2285664] O44 - LFC:[MD5.FD44FA80DA03EA144153A76DEBBB61B4] - 24/07/2015 - 09:46:24 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [35064] O44 - LFC:[MD5.A8793ECE9B45089B8CC3F713AB945594] - 24/07/2015 - 10:02:00 ---A- . (...) -- C:\Windows\setupact.log [16290] O44 - LFC:[MD5.22ED0131D964344523A369FF08D13B49] - 24/07/2015 - 10:03:56 -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.CA73D1D9FCFA8DA2E5F3BA8E20DD81DF] - 24/07/2015 - 10:20:18 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1228087] ~ Files: 96 Scanned in 00mn 15s ---\\ Local Security Authority-LSA Deny (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll ~ LSA: 3 Scanned in 00mn 00s ---\\ Safe Boot Control (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\iaioi2c.sys . (.Intel Corporation - Intel(R) Atom(TM) Processor I2C Controller Driver.) -- C:\Windows\System32\Drivers\iaioi2c.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (...) -- C:\Windows\System32\Drivers\rdpencdd.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys ~ CSB: 18 Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm ~ TDSD: 3 Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll ~ MSCP: 2 Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableCursorSuppression"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0 O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1 ~ MWPE Keys: 1 Scanned in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:22/08/2013 - 05:33:26 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [86368] O58 - SDL:22/08/2013 - 05:33:25 ---A- . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) -- C:\Windows\System32\Drivers\adp80xx.sys [773472] O58 - SDL:22/08/2013 - 05:33:25 ---A- . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [72544] O58 - SDL:22/08/2013 - 05:33:26 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\System32\Drivers\amdsbs.sys [215392] O58 - SDL:22/08/2013 - 05:33:24 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [22880] O58 - SDL:22/08/2013 - 05:33:26 ---A- . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [101728] O58 - SDL:12/08/2013 - 23:25:32 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [16088] O58 - SDL:04/06/2013 - 10:42:04 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [132520] O58 - SDL:04/06/2013 - 10:42:04 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [17320] O58 - SDL:18/06/2013 - 12:21:30 ---A- . (.Intel Corporation - Intel(R) Gigabit Adapter NDIS 6.x driver.) -- C:\Windows\System32\Drivers\e1i6332.sys [379904] O58 - SDL:22/08/2013 - 05:33:29 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [56672] O58 - SDL:23/07/2013 - 21:18:30 ---A- . (.Intel Corporation - Intel(R) Atom(TM) Processor GPIO Controller Driver.) -- C:\Windows\System32\Drivers\iaiogpio.sys [22016] O58 - SDL:23/07/2013 - 21:18:30 ---A- . (.Intel Corporation - Intel(R) Atom(TM) Processor I2C Controller Driver.) -- C:\Windows\System32\Drivers\iaioi2c.sys [61936] O58 - SDL:10/08/2013 - 00:39:44 ---A- . (.Intel Corporation - Intel Rapid Storage Technology driver (inbox) - x86.) -- C:\Windows\System32\Drivers\iaStorAV.sys [524784] O58 - SDL:22/08/2013 - 05:33:29 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\Drivers\iaStorV.sys [333664] O58 - SDL:23/03/2012 - 18:09:38 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd32.sys [9036288] O58 - SDL:22/08/2013 - 05:33:29 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [94048] O58 - SDL:22/08/2013 - 05:33:30 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [79712] O58 - SDL:22/08/2013 - 05:33:30 ---A- . (.LSI Corporation - LSI SAS Gen3 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas3.sys [68960] O58 - SDL:22/08/2013 - 05:33:29 ---A- . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sss.sys [69472] O58 - SDL:22/08/2013 - 05:33:30 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\Drivers\megasas.sys [51552] O58 - SDL:22/08/2013 - 05:33:29 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\megasr.sys [464736] O58 - SDL:22/08/2013 - 05:33:32 ---A- . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\Windows\System32\Drivers\mvumis.sys [58208] O58 - SDL:18/06/2013 - 18:30:37 ---A- . (.Ralink Technology Corp. - Ralink 802.11n Wireless Adapter Driver.) -- C:\Windows\System32\Drivers\netr28u.sys [1696528] O58 - SDL:22/08/2013 - 05:33:32 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [120160] O58 - SDL:22/08/2013 - 05:33:33 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [141664] O58 - SDL:27/06/2014 - 06:59:18 ---A- . (.Power Software Ltd - PowerISO Virtual Drive.) -- C:\Windows\System32\Drivers\scdemu.sys [116320] O58 - SDL:22/08/2013 - 08:16:47 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [20480] O58 - SDL:22/08/2013 - 05:32:56 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [41312] O58 - SDL:22/08/2013 - 05:32:57 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [79200] O58 - SDL:22/08/2013 - 05:32:57 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys [26976] O58 - SDL:24/07/2015 - 09:46:24 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [35064] O58 - SDL:22/08/2013 - 05:33:00 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [18272] O58 - SDL:22/08/2013 - 05:33:01 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\Windows\System32\Drivers\vsmraid.sys [148832] O58 - SDL:22/08/2013 - 05:33:01 ---A- . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\Windows\System32\Drivers\VSTXRAID.SYS [276832] ~ Drivers: 35 Scanned in 00mn 04s ---\\ Last modified or created user files (O61) O61 - LFC: 22/07/2015 - 10:30:29 ---A- . (...) -- C:\Users\nouiouar\AppData\Local\Packages\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.B2e1870ee#\79a4d3b2370ac09dba983b28494cef17\Microsoft.Bing.AppEx.Telemetry.ni.dll [1500672] O61 - LFC: 22/07/2015 - 10:30:29 ---A- . (...) -- C:\Users\nouiouar\AppData\Local\Packages\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.PerfTrack\2a1f795aceb026901e8290d2319fe53a\Microsoft.PerfTrack.ni.dll [18944] O61 - LFC: 22/07/2015 - 10:30:29 ---A- . (.Microsoft.) -- C:\Users\nouiouar\AppData\Local\Packages\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\FoodAndDrinkRoaming\397ca8efa0e5e327faaa19882685646a\FoodAndDrinkRoaming.ni.dll [384000] O61 - LFC: 22/07/2015 - 10:30:29 ---A- . (.Newtonsoft.) -- C:\Users\nouiouar\AppData\Local\Packages\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Newtonsoft.Json\24f37be743994be85b92e632b54095b3\Newtonsoft.Json.ni.dll [1843200] O61 - LFC: 22/07/2015 - 10:30:30 ---A- . (...) -- C:\Users\nouiouar\AppData\Local\Packages\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\SqliteWrapper\3fb856e3a643766e2c18e51097dea7b7\SqliteWrapper.ni.dll [72704] O61 - LFC: 22/07/2015 - 10:30:30 ---A- . (.Microsoft.) -- C:\Users\nouiouar\AppData\Local\Packages\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Platform\45408e693a6e265f2ca2706ea8e693a2\Platform.ni.dll [4458496] O61 - LFC: 24/07/2015 - 10:30:28 ---A- . (...) -- C:\Users\nouiouar\AppData\Local\Microsoft\Windows\INetCache\IE\HQ5WIMTA\RogueKiller.exe [18705480] O61 - LFC: 24/07/2015 - 10:30:28 ---A- . (...) -- C:\Users\nouiouar\AppData\Local\Microsoft\Windows\INetCache\IE\HQ5WIMTA\urlblockindex[1].bin [16] O61 - LFC: 24/07/2015 - 10:30:28 ---A- . (.Nicolas Coolman.) -- C:\Users\nouiouar\AppData\Local\Microsoft\Windows\INetCache\IE\DH9EDCID\ZHPDiag2.exe [6880102] =>.Nicolas Coolman O61 - LFC: 24/07/2015 - 10:30:36 ---A- . (.El Desaparecido - SosVirus.net - UsbFix.net.) -- C:\Users\nouiouar\Downloads\UsbFix_2015_7.999_91.exe [3224416] ~ 21 Fichiers temporaires (Temporary files) ~ Files: 10 Scanned in 00mn 11s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S ~ FASS Keys: 10 Scanned in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Search Svchost Services (SSS) (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll [161792] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [126976] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [126976] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [250368] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [1212928] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [733696] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [822784] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [24064] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\System32\appinfo.dll [89600] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\System32\iscsiexe.dll [115712] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [93696] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\System32\schedsvc.dll [1015808] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [185856] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\System32\mmcss.dll [74752] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\System32\browser.dll [108032] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [190464] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\System32\sessenv.dll [296448] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [64512] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\System32\kmsvc.dll [75264] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\System32\themeservice.dll [41984] O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Service de compte Microsoft®.) -- C:\Windows\System32\wlidsvc.dll [1245184] O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Service d’infrastructure de localisation Windows.) -- C:\Windows\System32\GeofenceMonitorService.dll [367104] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\System32\bdesvc.dll [297984] O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Gestionnaire d’installation de périphérique.) -- C:\Windows\System32\DeviceSetupManager.dll [167424] O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Service Assistant Connectivité réseau Microsoft.) -- C:\Windows\System32\ncasvc.dll [142848] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll [95232] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire des connexions d’accès à distance.) -- C:\Windows\System32\rasmans.dll [461824] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll [183296] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\System32\sens.dll [58368] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [390144] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\Windows\System32\tapisrv.dll [254464] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\System32\wuaueng.dll [3062784] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll [734208] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [576512] O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Service Installation de logiciels.) -- C:\Windows\System32\appmgmts.dll [155648] O83 - Search Svchost Services: MsKeyboardFilter (MsKeyboardFilter) . (.Microsoft Corporation - SvcHost Service for Microsoft Keyboard Filter.) -- C:\Windows\System32\KeyboardFilterSvc.dll [76096] ~ Services: 36 Scanned in 00mn 01s ---\\ MyComputer Name Space (MNS) (O92) O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE} O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B} O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA} O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C} O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0} O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} ~ MNS: 6 Scanned in 00mn 00s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 11/12/2013 1050904 | (Service KMSELDI) . (...) - C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico SR - | Auto 17/12/2014 208928 | (BASSVC) . (.Baidu, Inc..) - C:\Program Files\Baidu Security\MoboMarket\1.2.8.4379\bassvc.exe SR - | Auto 07/05/2015 1714448 | (PCFasterSvc_{PCFaster_5.1.0.0}) . (.Baidu, Inc..) - C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe SR - | Auto 15/06/2015 143520 | (TheScreenSnapshotService) . (...) - C:\Program Files\ScreenSnapshotTool\1.0.1.10301\ScreenShotServ.exe SR - | Auto 03/02/2015 22200 | (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe SR - | Demand 29/10/2014 33088 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 15s ---\\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Scanned in 00mn 02s ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by nouiouar at 24/07/2015 10:31:23 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 13008 - (31/05/2015) Clés trouvées (Keys found) : 2 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1] =>PUA.KMSpico^ [HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI] =>PUA.KMSpico C:\Program Files\KMSpico =>PUA.KMSpico^ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUA.KMSpico^ C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico^ ~ Additionnel Scan: 206802 Items scanned in 00mn 39s ---\\ Additional information about modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects (O2) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4) ~ AMI: 3 Scanned in 00mn 00s ---\\ Summary of the detections found on your workstation http://nicolascoolman.fr/pup-kmspico =>PUA.KMSpico ~ MSI: 1 link(s) detected in 00mn 00s End of the scan (874 lines in 02mn 34s)(0.10)