~ Rapport de ZHPDiag v2014.5.1.49 - Nicolas Coolman (01/05/2014) ~ Lancé par francois (02/05/2014 17:49:51) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.17041 MFIE: Mozilla Firefox 28.0 (Defaut) GCIE: Google Chrome v34.0.1847.131 OBIE: Safari v5.34.55.3 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows Operating System - Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 3Q6C9 Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système avast! Free Antivirus v7.0.1474.0 McAfee Security Scan Plus v3.8.141.11 Spybot - Search & Destroy v1.6.2 Spyware Terminator 2012 v3.0.0.54 Sophos Anti-Rootkit 1.5.4 v1.5.4 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v4.13 ---\\ Logiciels de partage PeerToPeer µTorrent v3.1.3 =>P2P.µTorrent ---\\ Surveillance de Logiciels Adobe Flash Player 13 Plugin Adobe Reader 9.5.4 - Français Java 7 Update 55 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 6143 MB (67% free) System Restore: Désactivé (Disabled) System drive C: has 514 GB (62%) free of 820 GB ---\\ Mode de connexion au système ~ Computer Name: FRANCOIS-PC ~ User Name: francois ~ All Users Names: HomeGroupUser$, francois, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\francois\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\francois\AppData\Roaming\ ~ %Desktop% : C:\Users\francois\Desktop\ ~ %Favorites% : C:\Users\francois\Favorites\ ~ %LocalAppData% : C:\Users\francois\AppData\Local\ ~ %StartMenu% : C:\Users\francois\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 514 Go of 820 Go) D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go) E: CD-ROM drive (Free 0 Go of 8 Go) F: Floppy drive, Flash card reader, USB Key (Not Inserted) G: Floppy drive, Flash card reader, USB Key (Not Inserted) H: Floppy drive, Flash card reader, USB Key (Not Inserted) I: Floppy drive, Flash card reader, USB Key (Not Inserted) J: CD-ROM drive (Not Inserted) K: Hard drive, Flash drive, Thumb drive (Free 5 Go of 98 Go) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 49 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/03/2014 - 07:22:40.) -- C:\Windows\System32\wininet.dll [2260480] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/111 ~ Mes musiques (My Musics) : 1/332 ~ Mes Videos (My Videos) : 1/55 ~ Mes Favoris (My Favorites) : 1/291 ~ Mes Documents (My Documents) : 1/1759 ~ Mon Bureau (My Desktop) : 2/1889 ~ Menu demarrer (Programs) : 1/93 ~ Hidden Files: Scanned in 00mn 03s ---\\ Processus lancés [MD5.30426544CDDC55B8B71DEB556722ECE3] - (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [210216] [PID.2340] [MD5.536EFCE2544EBFD209EDED39CAA3901A] - (.CyberLink Corp. - HP DVDSmart Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [128296] [PID.2352] [MD5.AB329CA377E47901DDD0502507B474D8] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777296] [PID.3812] [MD5.25168861540EA6F3BAB5BF3059EC4BC6] - (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488] [PID.4056] [MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.3352] [MD5.4BB64C52326B2043B36FBBED40C925B2] - (.ACD Systems - acdID InTouch2.) -- C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe [1414984] [PID.3848] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2132] [MD5.C1DB9BDF885C2F1ADC15264FBEA2788F] - (.Pas de propriétaire - HOSTS Anti-PUPs/Adwares.) -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961] [PID.3112] [MD5.1C10F303117EC9139C3B8618A45EB33A] - (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe [582976] [PID.3980] [MD5.8FC1CB51C7460DC994CA71CDD90F7F43] - (...) -- C:\Program Files (x86)\La Chaîne Météo\La Chaîne Météo.exe [142336] [PID.4176] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\RunDll32.exe [0] [PID.2136] [MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.6392] [MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.3468] [MD5.C54C8B8DAE3CC59CBAFF15FAC00084D7] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe [1864368] [PID.6744] [MD5.C6FD6C175276637C5D6F6EA293137F5E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7867904] [PID.6408] [MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1300] [MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1864] [MD5.7D2633295EB6FF2B938185874884059D] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.2516] [MD5.E1095A89EB4BFCA2AB2F4E1F2BA56612] - (.Logitech Inc. - Logitech LVPrS64H Module..) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe [125464] [PID.2532] [MD5.205E1B699FD3F2F9B036EEA2EC30C620] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.2656] [MD5.D827A50CEC8A16180EEC4F1951B7A842] - (.TeamViewer GmbH - TeamViewer Service.) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [172328] [PID.2812] [MD5.A72345F9209C45232FCC380EB85DCEFC] - (.Pas de propriétaire - ToolManager.) -- C:\Program Files (x86)\ToolManager\ToolManager.exe [43024] [PID.2856] [MD5.EFC34FE5F152999EA081192D9047D1C9] - (.TeamViewer GmbH - TeamViewer.) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe [5150504] [PID.2908] [MD5.C71EE856C4F5B52E2D094F494CEE4936] - (.Pas de propriétaire - WlanSvc Application.) -- C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe [167936] [PID.1348] [MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.2312] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\francois\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [boadgeojelhgndaghljhdicfkmllpafd] Google Cast v.14.402.0.5, (Activé) G2 - GCE: Preference [User Data\Default] [cmgefjleafcfcabcmkommgcmkbcojbik] Nouvel Onglet v.2.1 (Activé) =>Adware.SearchYa G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé) ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 15 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 03s ~ Nombre de lignes (Lines number): 18165 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\QuickLaunch [francois]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Global Startup: 3 Legitimates Filtered in 00mn 04s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [SmartMenu] . (.Pas de propriétaire - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe O4 - HKLM\..\Run: [SpywareTerminatorShield] . (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe O4 - HKLM\..\Run: [SpywareTerminatorUpdater] . (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Arovax AntiSpyware] . (.Arovax - Arovax AntiSpyware.) -- C:\Program Files (x86)\Arovax AntiSpyware\arovaxantispyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKLM\..\Wow6432Node\Run: [ACSW17EN] . (.ACD Systems - acdID InTouch2.) -- C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [HOSTS Anti-Adware_PUPs] . (.Pas de propriétaire - HOSTS Anti-PUPs/Adwares.) -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe O4 - HKUS\S-1-5-21-965097798-4093898242-3069599211-1000\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-965097798-4093898242-3069599211-1000\..\Run: [Arovax AntiSpyware] . (.Arovax - Arovax AntiSpyware.) -- C:\Program Files (x86)\Arovax AntiSpyware\arovaxantispyware.exe O4 - HKUS\S-1-5-21-965097798-4093898242-3069599211-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd ~ Application: Scanned in 00mn 00s ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: &Envoyer à OneNote - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: ajouter cette page à vos favoris Orange - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: envoyer le texte sélectionné par sms - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: envoyer par sms - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: envoyer un mail - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: orange.fr - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: rechercher le texte sélectionné - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: traduire la page - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: traduire le texte sélectionné - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm ~ IE Menu Contextuel: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5BA602BC-BD64-4F6D-B599-F4F8E21ABAF1}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{92CD4675-EBD4-42CF-8A38-EED3E130CCD5}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{5BA602BC-BD64-4F6D-B599-F4F8E21ABAF1}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{92CD4675-EBD4-42CF-8A38-EED3E130CCD5}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS2\Services\Tcpip\..\{5BA602BC-BD64-4F6D-B599-F4F8E21ABAF1}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{92CD4675-EBD4-42CF-8A38-EED3E130CCD5}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\Windows\system32\CbFsMntNtf3.dll ~ SSODL: 2 Legitimates Filtered in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) [64Bits] - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\Windows\SysWOW64\CbFsMntNtf3.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Switch Off (Switch Off) . (...) - C:\Program Files (x86)\Switch Off\swoff.exe (.not file.) O23 - Service: Tool Manager service (ToolManagerService) . (.Pas de propriétaire - ToolManager.) - C:\Program Files (x86)\ToolManager\ToolManager.exe ~ Services: 17 Legitimates Filtered in 00mn 05s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS.exe (.not file.) [0] =>Trojan.Keygen [MD5.00000000000000000000000000000000] [APT] [Plus-HD-2.5-codedownloader] (...) -- C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-codedownloader.exe (.not file.) [0] =>Adware.PlusHD [MD5.00000000000000000000000000000000] [APT] [Plus-HD-2.5-enabler] (...) -- C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-enabler.exe (.not file.) [0] =>Adware.PlusHD [MD5.00000000000000000000000000000000] [APT] [Plus-HD-2.5-updater] (...) -- C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-updater.exe (.not file.) [0] =>Adware.PlusHD [MD5.00000000000000000000000000000000] [APT] [{029F327B-3779-49AD-9A05-BB487BFFC58D}] (...) -- C:\Users\francois\Desktop\SurveillanceSaver_Alpha_3_Win32_Src\SurveillanceSaver_Src\Installer\Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{280D6F6E-C759-4888-A04C-DB358C87B174}] (...) -- E:\Onglet1\Far Cry\DirectX9\dxsetup.exe (.not file.) [0] [MD5.E8E5FA2F4F77BFAC9C647BB1B5F62B64] [APT] [{4592C29B-F5B5-429D-AB1E-7EFC0B61DFAD}] (...) -- C:\JEUX\runaway\Video card setup.exe [45056] [MD5.DC11353C9AA40A73CCF36C968E1D2104] [APT] [{6ADCC4AA-288D-4599-89A7-A751141DE406}] (.ALLPlayer.) -- C:\Program Files (x86)\OpenSubtitlesPlayer\OpenSubtitlesPlayer.exe [5199360] [MD5.00000000000000000000000000000000] [APT] [{83395E20-021A-4D3D-9445-EC0A04F6DEDF}] (...) -- C:\JEUX\CODUTY\steam.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{A4809511-6A1C-4DAB-8FCB-B2937E09EFF2}] (...) -- C:\Program Files (x86)\Switch Off\uninstall.exe (.not file.) [0] [MD5.6BC44F764CF8E5AD20AE21FE430F4BE3] [APT] [{B462BD59-9BD3-4435-A2AA-A1051124B021}] (...) -- C:\Users\francois\Downloads\avgarkt-setup-1.1.0.42.exe [423736] [MD5.DC11353C9AA40A73CCF36C968E1D2104] [APT] [{E83A8950-E601-4D0E-B37A-B7BB8B0391A3}] (.ALLPlayer.) -- C:\Program Files (x86)\OpenSubtitlesPlayer\OpenSubtitlesPlayer.exe [5199360] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1068] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1072] O39 - APT: - (..) -- C:\Windows\System32\Tasks\PCDRScheduledMaintenance [552] ~ Scheduled Task: 39 Legitimates Filtered in 00mn 03s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (SAVRKBootTasks) . (. - .) - C:\Windows\system32\SAVRKBootTasks.sys (.not file.) O41 - Driver: (UnHooker) . (. - .) - C:\Windows\System32\DRIVERS\UnHooker.sys (.not file.) ~ Drivers: 75 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: A New Beginning version 1.0 - (.Deadalic Entertainment.) [HKLM][64Bits] -- {A7A5B96D-0B42-47E8-8168-9B7C3C459454}_is1 O42 - Logiciel: AutoShut - (...) [HKLM][64Bits] -- AutoShut O42 - Logiciel: BearPaw 1200CU Plus v1.2 - (.Nom de votre société.) [HKLM][64Bits] -- InstallShield_{243AA596-2B64-4DBF-B765-374B8328F504} O42 - Logiciel: BearPaw 1200CU Plus v1.2 - (.Nom de votre société.) [HKLM][64Bits] -- {243AA596-2B64-4DBF-B765-374B8328F504} O42 - Logiciel: Bluetooth Radar - (.Shai Raiten.) [HKLM][64Bits] -- {0CFC5EE9-1E99-4B01-8B0B-70BB4B502732} O42 - Logiciel: Briz Video Joiner - (...) [HKLM][64Bits] -- Briz Video Joiner_is1 O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- {28F68316-B8F1-4E05-BADF-42DBECB40F0E} =>Adware.IMBooster O42 - Logiciel: Jivaro 1.8 - (.Aquafadas.) [HKLM][64Bits] -- {A30C16BF-E8B5-4DD9-8F9B-FA45237186DF}_is1 O42 - Logiciel: PI Free PC (Désintallation seule) - (...) [HKLM][64Bits] -- PiFreePC O42 - Logiciel: Pix Resize - (...) [HKLM][64Bits] -- Pix Resize_is1 O42 - Logiciel: Power Video Joiner 5.0 - (.AML SOFT, Inc..) [HKLM][64Bits] -- {9404E8E5-B453-43A7-9A4A-6FFBB07D5CC8}_is1 O42 - Logiciel: Severe Streaming Notifier - (...) [HKLM][64Bits] -- Severe Streaming Notifier O42 - Logiciel: ToolManager version 1.0 - (.Ventury Media.) [HKLM][64Bits] -- {56F9A55C-060C-484E-A6D2-D192677333E3}_is1 O42 - Logiciel: UltimateDefrag V1 FREE Public Domain Version - (.DiskTrix.) [HKLM][64Bits] -- UltimateDefrag V1 FREE Public Domain Version O42 - Logiciel: WebPlayerV2 - (.Kreapixel.) [HKLM][64Bits] -- {7D41BC10-F03E-41EB-8E2D-B7006948332F} =>Adware.SocialSkinz O42 - Logiciel: WinFile.v1.1 - (.brydon.net.) [HKLM][64Bits] -- {4C821167-6475-443F-BC4F-18C5CC572DC9} ~ Logic: 67 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\#title] [HKCU\Software\31056InstEnd] [HKCU\Software\Diamond Ridge] [HKCU\Software\MustekSystem] [HKCU\Software\Mustek] [HKCU\Software\Thomas Wright Consulting] [HKCU\Software\X-Wire Technology Inc.] [HKCU\Software\brydon.net] [HKLM\Software\SpeedBit] [HKLM\Software\Wow6432Node\Browsersafeguard] =>PUP.BrowserSafeguard [HKLM\Software\Wow6432Node\Thomas Wright Consulting] [HKLM\Software\Wow6432Node\VBMZ] =>PUP.Duuqu ~ Key Software: 722 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 14/01/2014 - 20:05:34 - [] ----D C:\Program Files (x86)\AutoShut O43 - CFD: 27/11/2010 - 22:58:26 - [] ----D C:\Program Files (x86)\BearPaw 1200CU Plus O43 - CFD: 22/06/2011 - 01:48:32 - [] ----D C:\Program Files (x86)\BrizVideoJoin O43 - CFD: 05/03/2012 - 09:06:48 - [] ----D C:\Program Files (x86)\FoxTabVideoConverter O43 - CFD: 13/01/2012 - 13:26:20 - [] ----D C:\Program Files (x86)\Jivaro O43 - CFD: 04/05/2012 - 16:26:56 - [] ----D C:\Program Files (x86)\LightningRadar O43 - CFD: 30/03/2011 - 19:19:57 - [] ----D C:\Program Files (x86)\NT Email Notifier O43 - CFD: 09/04/2010 - 10:28:26 - [] ----D C:\Program Files (x86)\PixResize O43 - CFD: 07/05/2010 - 14:57:25 - [] ----D C:\Program Files (x86)\Severe Streaming O43 - CFD: 06/07/2010 - 17:22:58 - [] ----D C:\Program Files (x86)\Shai Raiten O43 - CFD: 22/06/2011 - 01:01:58 - [] ----D C:\Program Files (x86)\Thomas Wright Consulting O43 - CFD: 15/04/2014 - 17:04:56 - [] ----D C:\Program Files (x86)\ToolManager O43 - CFD: 21/07/2012 - 18:13:51 - [] ----D C:\Program Files (x86)\TorrentSearch O43 - CFD: 19/08/2012 - 12:00:29 - [] ----D C:\Program Files (x86)\Common Files\SpeedBit O43 - CFD: 01/03/2014 - 02:44:19 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma O43 - CFD: 20/08/2012 - 23:40:05 - [0] ----D C:\ProgramData\SpeedBit O43 - CFD: 10/02/2014 - 18:07:35 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} O43 - CFD: 15/08/2009 - 07:59:25 - [] --H-D C:\ProgramData\{ADCBF7A8-716E-4B21-AF03-E3F11C06C309} O43 - CFD: 13/01/2012 - 13:26:22 - [0] ----D C:\Users\francois\AppData\Roaming\JivaroPref O43 - CFD: 26/02/2011 - 20:14:03 - [] ----D C:\Users\francois\AppData\Roaming\M05 O43 - CFD: 16/09/2010 - 21:35:13 - [] ----D C:\Users\francois\AppData\Roaming\MSGView O43 - CFD: 08/12/2013 - 20:49:32 - [] ----D C:\Users\francois\AppData\Roaming\webdirecttv O43 - CFD: 26/02/2011 - 20:15:08 - [] ----D C:\Users\francois\AppData\Local\M05 O43 - CFD: 10/12/2013 - 18:50:40 - [] ----D C:\Users\francois\AppData\Local\webdirecttv O43 - CFD: 20/10/2011 - 12:37:16 - [] ----D C:\Users\francois\AppData\Local\{FEB3A1E5-5C56-461A-A854-888B6545CC0E} O43 - CFD: 25/06/2011 - 20:37:15 - [] ----D C:\Users\francois\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crypter et Protéger les Fichiers 2011 O43 - CFD: 26/11/2011 - 03:55:58 - [] ----D C:\Users\francois\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab Video Converter O43 - CFD: 01/03/2014 - 02:59:59 - [0] ----D C:\Users\francois\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter ~ Program Folder: 403 Legitimates Filtered in 00mn 01s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.5200344FEB0AA691D6EEAB8B3DEB3212] - 01/05/2014 - 19:00:50 ---A- . (...) -- C:\Windows\ntbtlog.txt [84688] O44 - LFC:[MD5.62803A13AC4F91C8A0CE9EE944C8A22E] - 02/05/2014 - 08:44:05 ---A- . (...) -- C:\rkill.log [361] O44 - LFC:[MD5.4734A19701AF128DE67089087C114FEC] - 02/05/2014 - 09:31:35 ---A- . (...) -- C:\Ad-Report-SCAN[7].txt [9970] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 27/04/2014 - 20:21:08 ---A- . (...) -- C:\dfu.log [0] O44 - LFC:[MD5.3EBB6F936CA7362CC561E05E073030D8] - 28/04/2014 - 18:48:03 ---A- . (...) -- C:\sc-cleaner.txt [1814] ~ Files: 11 Legitimates Filtered in 00mn 01s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Switch Off [Key] . (...) -- C:\Program Files (x86)\Switch Off\swoff.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\WinPatrol [Key] . (...) -- C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (.not file.) ~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 19 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:06/04/2011 - 16:28:55 ---A- . (...) -- C:\Windows\System32\Drivers\atksgt.sys [314016] O58 - SDL:08/12/2009 - 09:54:30 ---A- . (.Windows (R) Win 7 DDK provider - BulkUsb Driver.) -- C:\Windows\System32\Drivers\br_mcu2usb.sys [23552] O58 - SDL:29/05/2012 - 14:53:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456] O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:06/02/2007 - 13:19:32 ---A- . (.Pas de propriétaire - USB Scanner Driver.) -- C:\Windows\System32\Drivers\gt680X.sys [22528] O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:06/04/2011 - 16:28:54 ---A- . (...) -- C:\Windows\System32\Drivers\lirsgt.sys [43680] O58 - SDL:07/10/2009 - 01:45:50 ---A- . (...) -- C:\Windows\System32\Drivers\LVPr2M64.sys [30232] O58 - SDL:11/11/2010 - 20:12:02 ---A- . (.Pas de propriétaire - 1.00.) -- C:\Windows\System32\Drivers\ntiopnp.sys [19544] O58 - SDL:13/10/2009 - 15:22:40 ---A- . (...) -- C:\Windows\System32\Drivers\nvflash.sys [13416] O58 - SDL:03/11/2005 - 15:40:56 ---A- . (.Protection Technology - StarForce Protection VFS Driver.) -- C:\Windows\System32\Drivers\sfvfs02.sys [89600] O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:11/01/2012 - 19:53:04 ---A- . (.Windows (R) Win 7 DDK provider - Spyware Terminator 2012 driver.) -- C:\Windows\System32\Drivers\stflt.sys [51496] O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] O58 - SDL:21/02/2010 - 17:51:36 ---A- . (.Pas de propriétaire - DisplayLink TB Filter.) -- C:\Windows\System32\Drivers\WSR_TBF.sys [51712] O58 - SDL:10/05/2010 - 11:03:46 ---A- . (.Pas de propriétaire - WSR_USF.) -- C:\Windows\System32\Drivers\WSR_USF.sys [48640] O58 - SDL:10/01/2012 - 14:16:40 ---A- . (...) -- C:\Windows\SysWOW64\drivers\cpuidlep.sys [4484] O58 - SDL:20/01/2010 - 18:39:18 ---A- . (...) -- C:\Windows\SysWOW64\drivers\UnHooker.sys [25400] ~ Drivers: 91 Legitimates Filtered in 00mn 03s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 11/01/2012 - C:\Windows\System32\DRIVERS\stflt.sys (sp_rsdrv2) .(.Windows (R) Win 7 DDK provider - Spyware Terminator 2012 driver.) - LEGACY_SP_RSDRV2 ~ Legacy: 92 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: prefs.js [francois - 1bmpug6l.default] user_pref("extensions.crossrider.bic", "145bcc166995956b260d37eee17fcb2f"); =>PUP.CrossRider O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {73ccfd25-abe2-4bdf-ac5d-28a470a4d234} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://www.orange.fril O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2} - (Ask.com) - http://dts.search.ask.com O69 - SBI: SearchScopes [HKCU] {A5811EAF-6180-472B-80B3-BBEA4BE7B258} - (Yahoo!) - http://fr.search.yahoo.com O69 - SBI: SearchScopes [HKCU] {AC9AD0F8-5B31-4CBE-BE00-9E7A0DCD66D6} - (Yahoo! Search) - http://fr.search.yahoo.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.E152C2E083BB18DF3770DE4040E3F391] [SPRF][24/11/2013] (...) -- C:\Users\francois\AppData\Roaming\SetValue.bat [35] [MD5.C9422D430F19B0DDAF1433F383A33164] [SPRF][24/12/2009] (...) -- C:\Users\francois\AppData\Roaming\wklnhst.dat [140] [MD5.D6A5DF83938AD59E78F03CF2C0C69A7D] [SPRF][14/12/2012] (...) -- C:\Users\francois\Desktop\C-MD5.exe [30592] [MD5.8CCFCCAFFC3262EC8091F49648CAC283] [SPRF][14/06/2011] (.ALLPlayer - www.OpenSubtitles.org.) -- C:\Users\francois\Desktop\OpenSubtitlesPlayer.exe [20251821] [MD5.69984B053A3C546AB634635A4877C009] [SPRF][13/11/2008] (.mustek - Setup Launcher.) -- C:\Users\francois\Desktop\PackardBellDiamond1200PlusScanner.exe [76132699] [MD5.7196AC3610A8940FBB9B5229A0AD3B9D] [SPRF][21/10/2012] (...) -- C:\Users\francois\Desktop\Paint.NET.3.5.10.Install.exe [810648] [MD5.C7D040F4C3C0214B460AABDE52BE9189] [SPRF][22/05/2012] (...) -- C:\Users\francois\Desktop\rkill.exe [1012656] [MD5.D64AE7D819823F261ACAD8AD9A95180C] [SPRF][10/12/2012] (...) -- C:\Users\francois\Desktop\RogueKiller.exe [756224] [MD5.FDBE6123BB5B243D2B4647A5D0D14E10] [SPRF][16/03/2010] (...) -- C:\Users\francois\Desktop\TeamViewer_Setup.exe [2729912] [MD5.3B8DF5EC974CA8B09CC4FE47916C0EDD] [SPRF][19/07/2011] (.Pas de propriétaire - Self-extracting installation program..) -- C:\Users\francois\Desktop\UltimateDefragFREEPublicDomainEditionSetup.exe [2277376] [MD5.39A81D679519419C0E8E42ED705A54F8] [SPRF][13/05/2012] (.BitTorrent, Inc. - µTorrent.) -- C:\Users\francois\Desktop\uTorrent.exe [880496] =>P2P.BitTorrent [MD5.47C30BC6C5161307EA9B8B12BA8B5AF9] [SPRF][22/05/2012] (.Atribune.org - VundoFix.exe.) -- C:\Users\francois\Desktop\VundoFix.exe [119808] ~ Files: 16 Legitimates Filtered in 00mn 02s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{0270DA9A-40FF-4592-BD72-D027D772F8B3}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{A4667A5B-130A-4C34-AF6B-C1177833E3C4}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Firewall: 2 Legitimates Filtered in 00mn 02s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "61386F821F8B50E4ABFD24BDCE4BF0E0" . (.Iminent.) -- C:\Windows\Installer\{28F68316-B8F1-4E05-BADF-42DBECB40F0E}\imbooster.ico =>Adware.IMBooster ~ Update Products: 1 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.A91D34375B4647FF0F57E8076EC72B1B] [WIS][08/08/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\258d3666.msi [343040] =>PUP.Babylon [MD5.22C9E7805145D0A0C4C62DDB591D2DAE] [WIS][27/06/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\89613d1.msi [353280] =>PUP.Babylon ~ WIS: 2 Legitimates Filtered in 00mn 03s ---\\ Recherche de clés de registre Tracing (O100) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASAPI32 =>PUP.BrowserSafeguard HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASMANCS =>PUP.BrowserSafeguard HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crazyloader_air_RASAPI32 =>Adware.SPointer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crazyloader_air_RASMANCS =>Adware.SPointer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crazyloader_file_RASAPI32 =>Adware.SPointer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crazyloader_file_RASMANCS =>Adware.SPointer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HBLiteSA_RASAPI32 =>Adware.HotBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HBLiteSA_RASMANCS =>Adware.HotBar HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\questscan132_RASAPI32 =>Adware.QuestScan HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\questscan132_RASMANCS =>Adware.QuestScan HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\questscan133_RASAPI32 =>Adware.QuestScan HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\questscan133_RASMANCS =>Adware.QuestScan HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\questscan135_RASAPI32 =>Adware.QuestScan HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\questscan135_RASMANCS =>Adware.QuestScan HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\scanquery112_RASAPI32 =>Adware.ScanQuery HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\scanquery112_RASMANCS =>Adware.ScanQuery HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\scanquery113_RASAPI32 =>Adware.ScanQuery HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\scanquery113_RASMANCS =>Adware.ScanQuery HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\scanquery115_RASAPI32 =>Adware.ScanQuery HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\scanquery115_RASMANCS =>Adware.ScanQuery HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASAPI32 =>Adware.SearchSettings HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASMANCS =>Adware.SearchSettings HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateglindorus_RASAPI32 =>PUP.Glindorus HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateglindorus_RASMANCS =>PUP.Glindorus HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\vbmz_RASAPI32 =>PUP.Duuqu HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\vbmz_RASMANCS =>PUP.Duuqu ~ BTK: 636 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 30/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe SS - | Auto 16/04/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 16/04/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Auto 03/03/2014 285795 | (HOSTS Anti-PUPs) . (...) - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe SS - | Demand 17/09/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 13/06/2013 357144 | (LBTServ) . (.Logitech, Inc..) - C:\PROGRAM FILES\COMMON FILES\LOGISHRD\BLUETOOTH\LBTSERV.exe SS - | Demand 16/01/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\PROGRAM FILES\MCAFEE SECURITY SCAN\3.8.141\MCCHSVC.exe SS - | Demand 26/05/2010 6144 | (MEMSWEEP2) . (.Sophos Plc.) - C:\Windows\system32\212F.tmp SS - | Demand 29/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 21/01/2014 699912 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe SS - | Demand 25/02/2014 568512 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe SS - | Auto 10/07/1658 0 | (Switch Off) . (...) - C:\Program Files (x86)\Switch Off\swoff.exe SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 08/02/2011 956192 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co SR - | Auto 07/10/2009 191000 | (LVPrcS64) . (.Logitech Inc..) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe SR - | Auto 23/09/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe SR - | Auto 24/03/2010 151144 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe SR - | Auto 10/01/2012 1148632 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe SR - | Auto 11/02/2010 172328 | (TeamViewer5) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe SR - | Auto 03/12/2013 43024 | (ToolManagerService) . (...) - C:\Program Files (x86)\ToolManager\ToolManager.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 26/06/2008 167936 | (WlanWpsSvc) . (...) - C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 07s ---\\ Scan Additionnel (O88) Database Version : 13045 - (01/05/2014) Clés trouvées (Keys found) : 10 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 5 Fichiers trouvés (Files found) : 4 [HKLM\Software\Google\Chrome\Extensions\cmgefjleafcfcabcmkommgcmkbcojbik] =>Adware.SearchYa^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28F68316-B8F1-4E05-BADF-42DBECB40F0E}] =>Adware.IMBooster^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7D41BC10-F03E-41EB-8E2D-B7006948332F}] =>Adware.SocialSkinz^ [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing [HKLM\Software\Wow6432Node\VBMZ] =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] =>PUP.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster C:\Users\francois\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgefjleafcfcabcmkommgcmkbcojbik =>Adware.SearchYa^ C:\ProgramData\InstallMate =>PUP.Tarma^ C:\Users\francois\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^ C:\Program Files (x86)\YouTube Downloader =>PUP.Dealio C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader =>PUP.Dealio [HKLM\Software\Wow6432Node\Browsersafeguard] =>PUP.BrowserSafeguard^ C:\Users\francois\Desktop\uTorrent.exe =>P2P.BitTorrent^ C:\Windows\Installer\258d3666.msi =>PUP.Babylon^ C:\Windows\Installer\89613d1.msi =>PUP.Babylon^ ~ Additionnel Scan: 483142 Items scanned in 01mn 39s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.webs.com/apps/blog/show/27529784-adware-searchya =>Adware.SearchYa http://nicolascoolman.webs.com/apps/blog/show/28138048-adware-plushd =>Adware.PlusHD http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard http://nicolascoolman.webs.com/apps/blog/show/37752731-pup-duuqu =>PUP.Duuqu http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter =>Crapware.SpyHunter http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer =>Adware.SPointer http://nicolascoolman.webs.com/apps/blog/show/26834113-adware-hotbar =>Adware.HotBar http://nicolascoolman.webs.com/apps/blog/show/27450485-adware-questscan =>Adware.QuestScan http://nicolascoolman.webs.com/apps/blog/show/30990124-adware-scanquery =>Adware.ScanQuery http://nicolascoolman.webs.com/apps/blog/show/27529295-adware-searchsettings =>Adware.SearchSettings http://nicolascoolman.webs.com/apps/blog/show/33429762-pup-glindorus =>PUP.Glindorus http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio ~ MSI: 19 link(s) detected in 00mn 00s ~ 1314 Legitimates filtered by white list End of the scan (649 lines in 02mn 48s)(0)