Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.8.8.13 par Nicolas Coolman, Update du 08/08/2013
Run by TAYEB at 26/03/2018 12:03:16
WebSite: http://nicolascoolman.webs.com
State : Problème connexion internet
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by user
---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v65.0.3325.162 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Windows Defender W7
---\\ System Optimizer
CCleaner v5.36 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 29 NPAPI
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2039 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 54 GB (70%) free of 76 GB
---\\ Logged in mode
~ Computer Name: TAYEB-PC
~ User Name: TAYEB
~ All Users Names: TAYEB, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\TAYEB\AppData\Roaming\
~ %Desktop% : C:\Users\TAYEB\Desktop\
~ %Favorites% : C:\Users\TAYEB\Favorites\
~ %LocalAppData% : C:\Users\TAYEB\AppData\Local\
~ %StartMenu% : C:\Users\TAYEB\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 54 Go of 76 Go)
D:\ CD-ROM drive (Free 0 Go of 0 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 31 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Explorateur Windows.) (.31/10/2009 - 06:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.78B9ADA2BC8946AF7B17678E0D07A773] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/12/2010 - 06:38:22.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application douverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 00:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06/09/2012 - 17:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/159
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/78
~ Mes Documents (My Documents) : 1/291
~ Mon Bureau (My Desktop) : 1/130
~ Menu demarrer (Programs) : 1/96
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.8854C4474E4E31FCA0C18BB9BD3A9D47] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.1844]
[MD5.CE7544B51C3A15D87A78C33FDDA9EC54] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.1916]
[MD5.F94ECE63A66C0F7B9E67582377E3739D] - (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files\Supercopier\supercopier.exe [174080] [PID.2044]
[MD5.CB3411405F244FE0FC5AF89A0EE53B0F] - (.IObit - Advanced SystemCare Tray.) -- C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [3597600] [PID.248]
[MD5.B21AD537583F720488F43BAFD7CE59ED] - (.AVAST Software - Avast Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [11633592] [PID.1104]
[MD5.9673485626808B1BB6B30D7F388A93FC] - (...) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Little transparency.exe [402263] [PID.1192]
[MD5.FC7073C0A792093922ACA5E2B2EB0263] - (.IObit - Performance Monitor.) -- C:\Program Files\IObit\Advanced SystemCare\Monitor.exe [3024672] [PID.1044]
[MD5.CBD14BF37E70ADAB51DE8EBE17CEDDE6] - (.Pas de propriétaire - ByteFence Real-time Protection.) -- C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe [620872] [PID.2484]
[MD5.B3F83CFE7CEFD7F918F9F0C437B2B395] - (.IObit - Driver Booster Scheduler.) -- C:\Program Files\IObit\Driver Booster\5.0.3\Scheduler.exe [147232] [PID.3176]
[MD5.514EEE3BD0E4DF982E0B237AEDF6540F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1456984] [PID.2196]
[MD5.DA647DCABE7FF82C87C9B3C3BCA8393A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7685120] [PID.5772]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\RunDll32.exe [0] [PID.4852]
[MD5.24CB1F7F39B8E4BBB24B70C9659C8F4A] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [1053984] [PID.760]
[MD5.F50343C48BF48271171C9EFAD28B5A56] - (.AVAST Software - Avast Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728] [PID.1448]
[MD5.44B8BAC0D455274681BCD1EE60D9E0AE] - (.Byte Technologies LLC - ByteFence Anti-Malware.) -- C:\Program Files\ByteFence\ByteFenceService.exe [156640] [PID.2024]
[MD5.35E881651915E2470485C0B349234FF8] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) -- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [5257904] [PID.2152]
[MD5.A1116A5E5171A4206304A879D93D8085] - (.Pas de propriétaire - ByteFence Real-time Protection.) -- C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920] [PID.2456]
[MD5.EC8F3F5A7478B524F7A9AE5075C1EDB6] - (.AVAST Software - Avast Behavior Shield.) -- C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888] [PID.3848]
[MD5.1F3061225576B2B2BA82BD19BF812BD2] - (.Byte Technologies LLC - ByteFence Anti-Malware.) -- C:\Program Files\ByteFence\ByteFence.exe [3686368] [PID.1960]
[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.6096]
[MD5.0545A3EB959CFA4790D267BFB8C1ACA4] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [153168] [PID.2372]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 1 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com =>Adware.OpenCandy
O1 - Hosts: 0.0.0.0 media.opencandy.com =>Adware.OpenCandy
O1 - Hosts: 0.0.0.0 cdn.opencandy.com =>Adware.OpenCandy
O1 - Hosts: 0.0.0.0 tracking.opencandy.com =>Adware.OpenCandy
O1 - Hosts: 0.0.0.0 api.opencandy.com =>Adware.OpenCandy
O1 - Hosts: 0.0.0.0 api.recommendedsw.com
O1 - Hosts: 0.0.0.0 rp.yefeneri2.com
O1 - Hosts: 0.0.0.0 os.yefeneri2.com
O1 - Hosts: 0.0.0.0 os2.yefeneri2.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 0.0.0.0 cdn.shyapotato.us
O1 - Hosts: 0.0.0.0 cdn.solimba.com
O1 - Hosts: 0.0.0.0 cdn.tuto4pc.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 cdn.appround.biz
O1 - Hosts: 0.0.0.0 cdn.bigspeedpro.com
O1 - Hosts: 0.0.0.0 cdn.bispd.com
O1 - Hosts: 0.0.0.0 cdn.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.cdndp.com
O1 - Hosts: 0.0.0.0 cdn.download.sweetpacks.com =>PUP.SweetIM
O1 - Hosts: 0.0.0.0 cdn.dpdownload.com
O1 - Hosts: 0.0.0.0 cdn.visualbee.net
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 70
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - AvLaunch component.) -- C:\Program Files\AVAST Software\Avast\AvLaunch.exe
O4 - HKCU\..\Run: [ultracopier] . (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files\Supercopier\supercopier.exe
O4 - HKCU\..\Run: [Advanced SystemCare 11] . (.IObit - Advanced SystemCare Tray.) -- C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJE.exe
O4 - HKUS\S-1-5-18\..\Run: [Welcome Center] . (.Microsoft Corporation - Mise en route.) -- C:\Windows\system32\OobeFldr.dll
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3768728601-4152518914-57113486-1000\..\Run: [ultracopier] . (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files\Supercopier\supercopier.exe
O4 - HKUS\S-1-5-21-3768728601-4152518914-57113486-1000\..\Run: [Advanced SystemCare 11] . (.IObit - Advanced SystemCare Tray.) -- C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
O4 - HKUS\S-1-5-21-3768728601-4152518914-57113486-1000\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJE.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\TaskBar: Word 2016.lnk . (.Microsoft Corporation - Microsoft Word.) -- C:\Program Files\Microsoft Office\root\Office16\WINWORD.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\SendTo: WinSCP (pour envoi).lnk . (.Martin Prikryl - WinSCP: SFTP, FTP, WebDAV and SCP client.) -- C:\Program Files\WinSCP\WinSCP.exe
O4 - GS\Desktop: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\TAYEB\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop: ByteFence Anti-Malware.lnk . (.Byte Technologies LLC - ByteFence Anti-Malware.) -- C:\Program Files\ByteFence\ByteFence.exe
O4 - GS\Desktop: Cheat Engine.lnk . (...) -- C:\Program Files\Cheat Engine 6.5\Cheat Engine.exe
O4 - GS\Desktop: Connexion réseau sans fil.lnk - Clé orpheline
O4 - GS\Desktop: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\Desktop: Youtube Downloader HD.lnk . (...) -- C:\Program Files\Youtube Downloader HD\YouTubeDownloaderHD.exe =>PUP.Dealio
~ Global Startup: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C69FF6A-2F6A-40AD-A21D-67D6BDE03722}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C69FF6A-2F6A-40AD-A21D-67D6BDE03722}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5C69FF6A-2F6A-40AD-A21D-67D6BDE03722}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - Avast Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ByteFence Anti-Malware Service (ByteFenceService) . (.Byte Technologies LLC - ByteFence Anti-Malware.) - C:\Program Files\ByteFence\ByteFenceService.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) . (.IObit - Uninstall Programs.) - C:\Program Files\IObit\IObit Uninstaller\IUService.exe
O23 - Service: rtop (rtop) . (.Pas de propriétaire - ByteFence Real-time Protection.) - C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
~ Services: 6 Legitimates Filtered in 00mn 11s
---\\ Tâches planifiées en automatique (O39)
[MD5.1F3061225576B2B2BA82BD19BF812BD2] [APT] [ByteFence] (.Byte Technologies LLC.) -- C:\Program Files\ByteFence\ByteFence.exe [3686368]
[MD5.00000000000000000000000000000000] [APT] [{E76DE8C0-CB26-4144-BB05-1FB342C444D4}] (...) -- C:\Users\TAYEB\Desktop\Install Lightroom 2.6.exe (.not file.) [0]
~ Scheduled Task: 60 Legitimates Filtered in 00mn 03s
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome Installer.) -- C:\Program Files\Google\Chrome\Application\65.0.3325.162\Installer\chrmstp.exe
~ Active Setup: 13 Legitimates Filtered in 00mn 00s
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (aswArPot) . (.AVAST Software - Avast anti rootkit.) - C:\Windows\System32\drivers\aswArPot.sys
O41 - Driver: (aswbidsdriver) . (.AVAST Software - IDS Application Activity Monitor Driver..) - C:\Windows\System32\drivers\aswbidsdriverx.sys
O41 - Driver: (aswHdsKe) . (.AVAST Software - Home Network Security.) - C:\Windows\System32\drivers\aswHdsKe.sys
O41 - Driver: (aswRdr) . (.AVAST Software - Avast WFP Redirect Driver.) - C:\Windows\System32\drivers\aswRdr2.sys
O41 - Driver: (aswSnx) . (.AVAST Software - Avast Virtualization Driver.) - C:\Windows\System32\drivers\aswSnx.sys
O41 - Driver: (aswSP) . (.AVAST Software - Avast self protection module.) - C:\Windows\System32\drivers\aswSP.sys
O41 - Driver: (HWiNFO32) . (.REALiX(tm) - HWiNFO x86 Kernel Driver.) - C:\Windows\system32\drivers\HWiNFO32.sys
~ Drivers: 84 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: ByteFence Anti-Malware - (.Byte Technologies LLC.) [HKLM] -- ByteFence
O42 - Logiciel: KMSpico v9.3 - (...) [HKLM] -- KMSpico_is1 =>PUP.KMSpico
O42 - Logiciel: TV 3L PC version 2.1.6.0 - (.Smart PC Soft, LTD..) [HKLM] -- {D8CE29B4-FEA1-46F1-B773-1B5FE502C740}_is1
~ Logic: 48 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Browser Cleanup]
[HKCU\Software\ByteFence]
[HKCU\Software\CoinisRevShare] =>PUP.VShareRedir
[HKCU\Software\Dalton]
[HKCU\Software\ProductSetup]
[HKCU\Software\csastats]
[HKLM\Software\Fortemedia]
[HKLM\Software\Nahimic]
[HKLM\Software\SyncIntegrationClients]
~ Key Software: 120 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/03/2018 - 11:57:15 - [45,833] ----D C:\Program Files\ByteFence
O43 - CFD: 19/01/2018 - 20:44:55 - [15,893] ----D C:\Program Files\KMSpico =>PUP.KMSpico
O43 - CFD: 26/10/2017 - 22:53:28 - [0,002] ----D C:\ProgramData\ByteFence
O43 - CFD: 06/11/2017 - 21:56:48 - [8,943] ----D C:\ProgramData\KMSAuto
O43 - CFD: 26/03/2018 - 11:49:45 - [0,001] ----D C:\ProgramData\ProductData
O43 - CFD: 18/03/2018 - 12:27:02 - [0] ----D C:\ProgramData\SWCUTemp
O43 - CFD: 28/10/2017 - 12:18:08 - [0] ----D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
O43 - CFD: 28/10/2017 - 12:25:34 - [0] ----D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
O43 - CFD: 25/10/2017 - 21:11:12 - [0] ----D C:\Users\TAYEB\AppData\Local\CEF
O43 - CFD: 19/01/2018 - 20:44:11 - [0,005] ----D C:\Users\TAYEB\AppData\Local\risarisat
O43 - CFD: 19/01/2018 - 20:44:11 - [4,326] ----D C:\Users\TAYEB\AppData\Local\{09323F6E-2D9A-53D6-4002-763E646A8AA6}
~ Program Folder: 129 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.C172DA008543DE152050C179F1857434] - 25/03/2018 - 20:07:09 ---A- . (...) -- C:\Windows\System32\rtl120.bpl [11776]
~ Files: 28 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.97AE23528C46104854461D2477E48D0E] - 14/03/2018 - 20:21:19 ---A- - C:\Windows\Prefetch\SOFTWARE_REPORTER_TOOL.EXE-4A89FB38.pf
O45 - LFCP:[MD5.9E9AA4EC466377C5E97C3445BFBC7194] - 18/03/2018 - 13:14:37 ---A- - C:\Windows\Prefetch\SETUPINF.EXE-F59072F8.pf
O45 - LFCP:[MD5.A0A843A37028FFB54C07123DCACDE9B7] - 18/03/2018 - 13:14:56 ---A- - C:\Windows\Prefetch\ASWWRCIELOADER32.EXE-F211C07F.pf
O45 - LFCP:[MD5.8D305B7B5E8199C0C67A1F09E0B2C7F0] - 18/03/2018 - 13:14:56 ---A- - C:\Windows\Prefetch\REGSVR.EXE-09AA6ECF.pf
O45 - LFCP:[MD5.A85D2ACE91FA4651A5CCA16CBB1C7E5A] - 22/03/2018 - 13:31:12 ---A- - C:\Windows\Prefetch\FAULTFIXES.EXE-F75011E9.pf
O45 - LFCP:[MD5.CDE6470F11251CC8F0F078BA379AF4C3] - 23/03/2018 - 12:40:10 ---A- - C:\Windows\Prefetch\INSTUP.EXE-20062FAA.pf
O45 - LFCP:[MD5.789151293D19750FDE28407C67E15B76] - 25/03/2018 - 19:46:13 ---A- - C:\Windows\Prefetch\ASCDOWNLOAD.EXE-212DF261.pf
O45 - LFCP:[MD5.EFF532B8011572FAC6C5E641C92152A2] - 25/03/2018 - 19:54:52 ---A- - C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-419EFF7E.pf
O45 - LFCP:[MD5.17E2576D9BD7E3603900098780A11A6B] - 25/03/2018 - 20:08:11 ---A- - C:\Windows\Prefetch\RSLGGR.EXE-B95C1A57.pf
O45 - LFCP:[MD5.5306EB0EDBE917155CA871186F3C1E3C] - 25/03/2018 - 20:12:36 ---A- - C:\Windows\Prefetch\MSOIA.EXE-E58F4CEB.pf
O45 - LFCP:[MD5.3DD2EF91DAC014445FA0E313428DE78D] - 25/03/2018 - 20:20:32 ---A- - C:\Windows\Prefetch\BROWSERCLEANER.EXE-92C2F064.pf
O45 - LFCP:[MD5.B925D851766D0777D653E16BC0C824C1] - 26/03/2018 - 11:55:14 ---A- - C:\Windows\Prefetch\SCANDISP.EXE-7B7AC30B.pf
O45 - LFCP:[MD5.24591506921CDC60AD5B8C409809B9CC] - 26/03/2018 - 11:55:27 ---A- - C:\Windows\Prefetch\DRIVERBOOSTER.EXE-2E06A3E4.pf
O45 - LFCP:[MD5.D288AD7272A6A10D4A431609A7DDAA14] - 26/03/2018 - 11:55:50 ---A- - C:\Windows\Prefetch\SMBOOTTIME.EXE-519786F5.pf
O45 - LFCP:[MD5.AF39623EAEB3230157DFEB9CB8D5880F] - 26/03/2018 - 11:55:56 ---A- - C:\Windows\Prefetch\HWINFO.EXE-A5DCC67C.pf
O45 - LFCP:[MD5.597891042C54C67B4400DE218EC1B3F5] - 26/03/2018 - 11:55:56 ---A- - C:\Windows\Prefetch\SETUPHLP.EXE-AB59A15B.pf
O45 - LFCP:[MD5.6AD7BCF0D0ADA6954A6640B1EC280359] - 26/03/2018 - 11:58:24 ---A- - C:\Windows\Prefetch\AUTONTS.EXE-ED65A320.pf
O45 - LFCP:[MD5.4A6E0EF27090AF4530857439D5AB052F] - 26/03/2018 - 11:59:16 ---A- - C:\Windows\Prefetch\WSC_PROXY.EXE-0274D6D0.pf
~ Prefetcher: 68 Legitimates Filtered in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{2512d765-b8fb-11e7-8b7f-806e6f6e6963}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
O51 - MPSK:{e09b0390-f24f-11e7-bcd0-d5a34546bbc2}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)
O51 - MPSK:{e09b0392-f24f-11e7-bcd0-d5a34546bbc2}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSimpleNetIDList"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NolowDiskSpaceChecks"=1
~ MWPE Keys: 9 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 25/03/2018 - 19:45:49 ---A- C:\Users\TAYEB\AppData\Roaming\AVAST Software\Avast\uicred1.dat [1030]
O61 - LFC: 25/03/2018 - 19:53:26 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\edls_32.dll [370104]
O61 - LFC: 25/03/2018 - 19:53:26 ---A- C:\Users\TAYEB\AppData\Local\Google\Software Reporter Tool\settings.dat [40]
O61 - LFC: 25/03/2018 - 19:53:28 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\em000_32.dll [32192]
O61 - LFC: 25/03/2018 - 19:53:31 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\em001_32.dll [103864]
O61 - LFC: 25/03/2018 - 19:53:35 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\em002_32.dll [1866168]
O61 - LFC: 25/03/2018 - 19:53:35 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\em003_32.dll [937912]
O61 - LFC: 25/03/2018 - 19:53:35 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\em004_32.dll [5199288]
O61 - LFC: 25/03/2018 - 19:53:35 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\em005_32.dll [401336]
O61 - LFC: 25/03/2018 - 19:53:48 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5AB8D1A1-894.pma [8388608]
O61 - LFC: 25/03/2018 - 19:57:18 ---A- C:\Users\TAYEB\AppData\Roaming\AVAST Software\Avast\log\cef_log.txt [135]
O61 - LFC: 26/03/2018 - 11:53:09 ---A- C:\Users\TAYEB\AppData\Roaming\AVAST Software\Avast\uicred2.dat [1686]
O61 - LFC: 26/03/2018 - 11:55:24 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma [1048576]
O61 - LFC: 26/03/2018 - 11:55:34 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat [40]
O61 - LFC: 26/03/2018 - 11:56:59 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma [8388608]
O61 - LFC: 26/03/2018 - 12:01:44 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\Local State [65044]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 169 Legitimates Filtered in 00mn 04s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 26/03/2018 - C:\Windows\temp\cpuz143\cpuz143_x32.sys (cpuz143) .(.CPUID - CPUID Driver.) - LEGACY_CPUZ143
O64 - Services: CurCS - 23/11/2016 - C:\Program Files\IObit\Advanced systemCare\drivers\Monitor_x86.sys (iobit_monitor_server) .(.IObit - Pas de description.) - LEGACY_IOBIT_MONITOR_SERVER
O64 - Services: CurCS - 06/06/2017 - C:\Program Files\IObit\IObit Uninstaller\drivers\win7_x86\IUFileFilter.sys (IUFileFilter) .(.IObit.com - IUFileFilter.) - LEGACY_IUFILEFILTER
O64 - Services: CurCS - 13/06/2017 - C:\Program Files\IObit\IObit Uninstaller\drivers\win7_x86\IURegProcessFilter.sys (IURegProcessFilter) .(.IObit.com - IURegProcessFilter.) - LEGACY_IUREGPROCESSFILTER
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 126 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][18/03/2018] (...) -- C:\Users\TAYEB\AppData\Local\Temp\{0A711873-63B1-4596-9C47-F1A7F9784AA4} - OProcSessId.dat [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][18/03/2018] (...) -- C:\Users\TAYEB\AppData\Local\Temp\{3D884E6F-5E5E-4D26-BE3E-1B492630C430} - OProcSessId.dat [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][18/03/2018] (...) -- C:\Users\TAYEB\AppData\Local\Temp\{44EEFB98-04D6-40EB-B3D7-83E635C7F748} - OProcSessId.dat [0]
[MD5.9A8D0A7B67031765B158FB60063534CA] [SPRF][07/12/2017] (...) -- C:\Users\TAYEB\Desktop\8471DFB_Geant_GN-CX88HD-Plus_V151_28-09-2018.bin [79817450]
[MD5.E2E8E969A91B7585680B8943ACC7A423] [SPRF][17/12/2017] (...) -- C:\Users\TAYEB\Desktop\gx6605S_cool_geant_GN-RS8-MiniHD-Plus_V2.24_20122017.bin [3277056]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{8A0A4ABB-5401-49DF-A2B0-8F2DFAE20D4B}" | In - None - P17 - TRUE | .(.IObit - Advanced SystemCare 10.) -- C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
O87 - FAEL: "{6D1EBF52-F7D8-4310-ACCF-DC195473A2A9}" | Out - None - P17 - TRUE | .(.IObit - Advanced SystemCare 10.) -- C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
O87 - FAEL: "{6B91CEEA-79E8-4DCB-BA9C-BC706344672C}" | In - None - P17 - TRUE | .(.IObit - Driver Booster.) -- C:\Program Files\IObit\Driver Booster\5.0.3\DriverBooster.exe
O87 - FAEL: "{19D1EB41-8467-4A67-980F-43DAB29EA373}" | Out - None - P17 - TRUE | .(.IObit - Driver Booster.) -- C:\Program Files\IObit\Driver Booster\5.0.3\DriverBooster.exe
O87 - FAEL: "{833A7FEF-B9BB-43C2-894B-FD1B1389E9F6}" | In - None - P17 - TRUE | .(.IObit - Driver Booster Downloader.) -- C:\Program Files\IObit\Driver Booster\5.0.3\DBDownloader.exe
O87 - FAEL: "{5FE8E8CE-A8B7-4BD8-B2DD-3BA4D1142131}" | Out - None - P17 - TRUE | .(.IObit - Driver Booster Downloader.) -- C:\Program Files\IObit\Driver Booster\5.0.3\DBDownloader.exe
O87 - FAEL: "{63926BB3-B65D-4686-8BEB-B8B73EE76863}" | In - None - P17 - TRUE | .(.IObit - Driver Booster Updater.) -- C:\Program Files\IObit\Driver Booster\5.0.3\AutoUpdate.exe
O87 - FAEL: "{293B2008-CC73-4F23-A081-DC12DD380980}" | Out - None - P17 - TRUE | .(.IObit - Driver Booster Updater.) -- C:\Program Files\IObit\Driver Booster\5.0.3\AutoUpdate.exe
~ Firewall: 181 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 18/03/2018 272384 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 01/11/2017 1053984 | (AdvancedSystemCareService11) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
SR - | Demand 18/03/2018 5909888 | (aswbIDSAgent) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
SR - | Auto 18/03/2018 303728 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 03/10/2017 156640 | (ByteFenceService) . (.Byte Technologies LLC.) - C:\Program Files\ByteFence\ByteFenceService.exe
SR - | Auto 26/10/2017 153168 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 26/10/2017 153168 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 14/06/2017 206112 | (IObitUnSvr) . (.IObit.) - C:\Program Files\IObit\IObit Uninstaller\IUService.exe
SS - | Demand 24/07/2015 301056 | (KMSEmulator) . (.MDL Forum, mod by Ratiborus.) - C:\ProgramData\KMSAuto\bin\KMSSS.exe
SR - | Auto 302920 | (rtop) . (...) - C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by TAYEB at 26/03/2018 12:06:47
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : v2.12846 - (08/08/2013)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 2
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1] =>PUP.KMSpico^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
C:\Program Files\KMSpico =>PUP.KMSpico^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUP.KMSpico
C:\Program Files\Youtube Downloader HD\YouTubeDownloaderHD.exe =>PUP.Dealio^
[HKCU\Software\CoinisRevShare] =>PUP.VShareRedir^
~ Additionnel Scan: 184376 Items scanned in 00mn 24s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/29633319-pup-kmspico =>PUP.KMSpico
~ http://nicolascoolman.webs.com/apps/blog/show/29432250-pup-vshareredir =>PUP.VShareRedir
~ http://nicolascoolman.webs.com/apps/blog/show/30898585-toolbar-avast =>Toolbar.Avast
~ MSI: 7 link(s) detected in 00mn 24s
~ 1219 Legitimates filtered by white list
End of the scan (552 lines in 03mn 55s)(0)
Run by TAYEB at 26/03/2018 12:03:16
WebSite: http://nicolascoolman.webs.com
State : Problème connexion internet
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by user
---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v65.0.3325.162 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Windows Defender W7
---\\ System Optimizer
CCleaner v5.36 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 29 NPAPI
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2039 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 54 GB (70%) free of 76 GB
---\\ Logged in mode
~ Computer Name: TAYEB-PC
~ User Name: TAYEB
~ All Users Names: TAYEB, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\TAYEB\AppData\Roaming\
~ %Desktop% : C:\Users\TAYEB\Desktop\
~ %Favorites% : C:\Users\TAYEB\Favorites\
~ %LocalAppData% : C:\Users\TAYEB\AppData\Local\
~ %StartMenu% : C:\Users\TAYEB\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 54 Go of 76 Go)
D:\ CD-ROM drive (Free 0 Go of 0 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 31 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Explorateur Windows.) (.31/10/2009 - 06:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.78B9ADA2BC8946AF7B17678E0D07A773] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/12/2010 - 06:38:22.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application douverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 00:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06/09/2012 - 17:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/159
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/78
~ Mes Documents (My Documents) : 1/291
~ Mon Bureau (My Desktop) : 1/130
~ Menu demarrer (Programs) : 1/96
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.8854C4474E4E31FCA0C18BB9BD3A9D47] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.1844]
[MD5.CE7544B51C3A15D87A78C33FDDA9EC54] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.1916]
[MD5.F94ECE63A66C0F7B9E67582377E3739D] - (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files\Supercopier\supercopier.exe [174080] [PID.2044]
[MD5.CB3411405F244FE0FC5AF89A0EE53B0F] - (.IObit - Advanced SystemCare Tray.) -- C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [3597600] [PID.248]
[MD5.B21AD537583F720488F43BAFD7CE59ED] - (.AVAST Software - Avast Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [11633592] [PID.1104]
[MD5.9673485626808B1BB6B30D7F388A93FC] - (...) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Little transparency.exe [402263] [PID.1192]
[MD5.FC7073C0A792093922ACA5E2B2EB0263] - (.IObit - Performance Monitor.) -- C:\Program Files\IObit\Advanced SystemCare\Monitor.exe [3024672] [PID.1044]
[MD5.CBD14BF37E70ADAB51DE8EBE17CEDDE6] - (.Pas de propriétaire - ByteFence Real-time Protection.) -- C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe [620872] [PID.2484]
[MD5.B3F83CFE7CEFD7F918F9F0C437B2B395] - (.IObit - Driver Booster Scheduler.) -- C:\Program Files\IObit\Driver Booster\5.0.3\Scheduler.exe [147232] [PID.3176]
[MD5.514EEE3BD0E4DF982E0B237AEDF6540F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1456984] [PID.2196]
[MD5.DA647DCABE7FF82C87C9B3C3BCA8393A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7685120] [PID.5772]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\RunDll32.exe [0] [PID.4852]
[MD5.24CB1F7F39B8E4BBB24B70C9659C8F4A] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [1053984] [PID.760]
[MD5.F50343C48BF48271171C9EFAD28B5A56] - (.AVAST Software - Avast Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728] [PID.1448]
[MD5.44B8BAC0D455274681BCD1EE60D9E0AE] - (.Byte Technologies LLC - ByteFence Anti-Malware.) -- C:\Program Files\ByteFence\ByteFenceService.exe [156640] [PID.2024]
[MD5.35E881651915E2470485C0B349234FF8] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) -- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [5257904] [PID.2152]
[MD5.A1116A5E5171A4206304A879D93D8085] - (.Pas de propriétaire - ByteFence Real-time Protection.) -- C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920] [PID.2456]
[MD5.EC8F3F5A7478B524F7A9AE5075C1EDB6] - (.AVAST Software - Avast Behavior Shield.) -- C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888] [PID.3848]
[MD5.1F3061225576B2B2BA82BD19BF812BD2] - (.Byte Technologies LLC - ByteFence Anti-Malware.) -- C:\Program Files\ByteFence\ByteFence.exe [3686368] [PID.1960]
[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.6096]
[MD5.0545A3EB959CFA4790D267BFB8C1ACA4] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [153168] [PID.2372]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 1 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com =>Adware.OpenCandy
O1 - Hosts: 0.0.0.0 media.opencandy.com =>Adware.OpenCandy
O1 - Hosts: 0.0.0.0 cdn.opencandy.com =>Adware.OpenCandy
O1 - Hosts: 0.0.0.0 tracking.opencandy.com =>Adware.OpenCandy
O1 - Hosts: 0.0.0.0 api.opencandy.com =>Adware.OpenCandy
O1 - Hosts: 0.0.0.0 api.recommendedsw.com
O1 - Hosts: 0.0.0.0 rp.yefeneri2.com
O1 - Hosts: 0.0.0.0 os.yefeneri2.com
O1 - Hosts: 0.0.0.0 os2.yefeneri2.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 0.0.0.0 cdn.shyapotato.us
O1 - Hosts: 0.0.0.0 cdn.solimba.com
O1 - Hosts: 0.0.0.0 cdn.tuto4pc.com =>PUP.Eorezo
O1 - Hosts: 0.0.0.0 cdn.appround.biz
O1 - Hosts: 0.0.0.0 cdn.bigspeedpro.com
O1 - Hosts: 0.0.0.0 cdn.bispd.com
O1 - Hosts: 0.0.0.0 cdn.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.cdndp.com
O1 - Hosts: 0.0.0.0 cdn.download.sweetpacks.com =>PUP.SweetIM
O1 - Hosts: 0.0.0.0 cdn.dpdownload.com
O1 - Hosts: 0.0.0.0 cdn.visualbee.net
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 70
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - AvLaunch component.) -- C:\Program Files\AVAST Software\Avast\AvLaunch.exe
O4 - HKCU\..\Run: [ultracopier] . (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files\Supercopier\supercopier.exe
O4 - HKCU\..\Run: [Advanced SystemCare 11] . (.IObit - Advanced SystemCare Tray.) -- C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJE.exe
O4 - HKUS\S-1-5-18\..\Run: [Welcome Center] . (.Microsoft Corporation - Mise en route.) -- C:\Windows\system32\OobeFldr.dll
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3768728601-4152518914-57113486-1000\..\Run: [ultracopier] . (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files\Supercopier\supercopier.exe
O4 - HKUS\S-1-5-21-3768728601-4152518914-57113486-1000\..\Run: [Advanced SystemCare 11] . (.IObit - Advanced SystemCare Tray.) -- C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
O4 - HKUS\S-1-5-21-3768728601-4152518914-57113486-1000\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJE.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\TaskBar: Word 2016.lnk . (.Microsoft Corporation - Microsoft Word.) -- C:\Program Files\Microsoft Office\root\Office16\WINWORD.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\SendTo: WinSCP (pour envoi).lnk . (.Martin Prikryl - WinSCP: SFTP, FTP, WebDAV and SCP client.) -- C:\Program Files\WinSCP\WinSCP.exe
O4 - GS\Desktop: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\TAYEB\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop: ByteFence Anti-Malware.lnk . (.Byte Technologies LLC - ByteFence Anti-Malware.) -- C:\Program Files\ByteFence\ByteFence.exe
O4 - GS\Desktop: Cheat Engine.lnk . (...) -- C:\Program Files\Cheat Engine 6.5\Cheat Engine.exe
O4 - GS\Desktop: Connexion réseau sans fil.lnk - Clé orpheline
O4 - GS\Desktop: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\Desktop: Youtube Downloader HD.lnk . (...) -- C:\Program Files\Youtube Downloader HD\YouTubeDownloaderHD.exe =>PUP.Dealio
~ Global Startup: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C69FF6A-2F6A-40AD-A21D-67D6BDE03722}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C69FF6A-2F6A-40AD-A21D-67D6BDE03722}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5C69FF6A-2F6A-40AD-A21D-67D6BDE03722}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - Avast Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ByteFence Anti-Malware Service (ByteFenceService) . (.Byte Technologies LLC - ByteFence Anti-Malware.) - C:\Program Files\ByteFence\ByteFenceService.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) . (.IObit - Uninstall Programs.) - C:\Program Files\IObit\IObit Uninstaller\IUService.exe
O23 - Service: rtop (rtop) . (.Pas de propriétaire - ByteFence Real-time Protection.) - C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
~ Services: 6 Legitimates Filtered in 00mn 11s
---\\ Tâches planifiées en automatique (O39)
[MD5.1F3061225576B2B2BA82BD19BF812BD2] [APT] [ByteFence] (.Byte Technologies LLC.) -- C:\Program Files\ByteFence\ByteFence.exe [3686368]
[MD5.00000000000000000000000000000000] [APT] [{E76DE8C0-CB26-4144-BB05-1FB342C444D4}] (...) -- C:\Users\TAYEB\Desktop\Install Lightroom 2.6.exe (.not file.) [0]
~ Scheduled Task: 60 Legitimates Filtered in 00mn 03s
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome Installer.) -- C:\Program Files\Google\Chrome\Application\65.0.3325.162\Installer\chrmstp.exe
~ Active Setup: 13 Legitimates Filtered in 00mn 00s
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (aswArPot) . (.AVAST Software - Avast anti rootkit.) - C:\Windows\System32\drivers\aswArPot.sys
O41 - Driver: (aswbidsdriver) . (.AVAST Software - IDS Application Activity Monitor Driver..) - C:\Windows\System32\drivers\aswbidsdriverx.sys
O41 - Driver: (aswHdsKe) . (.AVAST Software - Home Network Security.) - C:\Windows\System32\drivers\aswHdsKe.sys
O41 - Driver: (aswRdr) . (.AVAST Software - Avast WFP Redirect Driver.) - C:\Windows\System32\drivers\aswRdr2.sys
O41 - Driver: (aswSnx) . (.AVAST Software - Avast Virtualization Driver.) - C:\Windows\System32\drivers\aswSnx.sys
O41 - Driver: (aswSP) . (.AVAST Software - Avast self protection module.) - C:\Windows\System32\drivers\aswSP.sys
O41 - Driver: (HWiNFO32) . (.REALiX(tm) - HWiNFO x86 Kernel Driver.) - C:\Windows\system32\drivers\HWiNFO32.sys
~ Drivers: 84 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: ByteFence Anti-Malware - (.Byte Technologies LLC.) [HKLM] -- ByteFence
O42 - Logiciel: KMSpico v9.3 - (...) [HKLM] -- KMSpico_is1 =>PUP.KMSpico
O42 - Logiciel: TV 3L PC version 2.1.6.0 - (.Smart PC Soft, LTD..) [HKLM] -- {D8CE29B4-FEA1-46F1-B773-1B5FE502C740}_is1
~ Logic: 48 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Browser Cleanup]
[HKCU\Software\ByteFence]
[HKCU\Software\CoinisRevShare] =>PUP.VShareRedir
[HKCU\Software\Dalton]
[HKCU\Software\ProductSetup]
[HKCU\Software\csastats]
[HKLM\Software\Fortemedia]
[HKLM\Software\Nahimic]
[HKLM\Software\SyncIntegrationClients]
~ Key Software: 120 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/03/2018 - 11:57:15 - [45,833] ----D C:\Program Files\ByteFence
O43 - CFD: 19/01/2018 - 20:44:55 - [15,893] ----D C:\Program Files\KMSpico =>PUP.KMSpico
O43 - CFD: 26/10/2017 - 22:53:28 - [0,002] ----D C:\ProgramData\ByteFence
O43 - CFD: 06/11/2017 - 21:56:48 - [8,943] ----D C:\ProgramData\KMSAuto
O43 - CFD: 26/03/2018 - 11:49:45 - [0,001] ----D C:\ProgramData\ProductData
O43 - CFD: 18/03/2018 - 12:27:02 - [0] ----D C:\ProgramData\SWCUTemp
O43 - CFD: 28/10/2017 - 12:18:08 - [0] ----D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
O43 - CFD: 28/10/2017 - 12:25:34 - [0] ----D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
O43 - CFD: 25/10/2017 - 21:11:12 - [0] ----D C:\Users\TAYEB\AppData\Local\CEF
O43 - CFD: 19/01/2018 - 20:44:11 - [0,005] ----D C:\Users\TAYEB\AppData\Local\risarisat
O43 - CFD: 19/01/2018 - 20:44:11 - [4,326] ----D C:\Users\TAYEB\AppData\Local\{09323F6E-2D9A-53D6-4002-763E646A8AA6}
~ Program Folder: 129 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.C172DA008543DE152050C179F1857434] - 25/03/2018 - 20:07:09 ---A- . (...) -- C:\Windows\System32\rtl120.bpl [11776]
~ Files: 28 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.97AE23528C46104854461D2477E48D0E] - 14/03/2018 - 20:21:19 ---A- - C:\Windows\Prefetch\SOFTWARE_REPORTER_TOOL.EXE-4A89FB38.pf
O45 - LFCP:[MD5.9E9AA4EC466377C5E97C3445BFBC7194] - 18/03/2018 - 13:14:37 ---A- - C:\Windows\Prefetch\SETUPINF.EXE-F59072F8.pf
O45 - LFCP:[MD5.A0A843A37028FFB54C07123DCACDE9B7] - 18/03/2018 - 13:14:56 ---A- - C:\Windows\Prefetch\ASWWRCIELOADER32.EXE-F211C07F.pf
O45 - LFCP:[MD5.8D305B7B5E8199C0C67A1F09E0B2C7F0] - 18/03/2018 - 13:14:56 ---A- - C:\Windows\Prefetch\REGSVR.EXE-09AA6ECF.pf
O45 - LFCP:[MD5.A85D2ACE91FA4651A5CCA16CBB1C7E5A] - 22/03/2018 - 13:31:12 ---A- - C:\Windows\Prefetch\FAULTFIXES.EXE-F75011E9.pf
O45 - LFCP:[MD5.CDE6470F11251CC8F0F078BA379AF4C3] - 23/03/2018 - 12:40:10 ---A- - C:\Windows\Prefetch\INSTUP.EXE-20062FAA.pf
O45 - LFCP:[MD5.789151293D19750FDE28407C67E15B76] - 25/03/2018 - 19:46:13 ---A- - C:\Windows\Prefetch\ASCDOWNLOAD.EXE-212DF261.pf
O45 - LFCP:[MD5.EFF532B8011572FAC6C5E641C92152A2] - 25/03/2018 - 19:54:52 ---A- - C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-419EFF7E.pf
O45 - LFCP:[MD5.17E2576D9BD7E3603900098780A11A6B] - 25/03/2018 - 20:08:11 ---A- - C:\Windows\Prefetch\RSLGGR.EXE-B95C1A57.pf
O45 - LFCP:[MD5.5306EB0EDBE917155CA871186F3C1E3C] - 25/03/2018 - 20:12:36 ---A- - C:\Windows\Prefetch\MSOIA.EXE-E58F4CEB.pf
O45 - LFCP:[MD5.3DD2EF91DAC014445FA0E313428DE78D] - 25/03/2018 - 20:20:32 ---A- - C:\Windows\Prefetch\BROWSERCLEANER.EXE-92C2F064.pf
O45 - LFCP:[MD5.B925D851766D0777D653E16BC0C824C1] - 26/03/2018 - 11:55:14 ---A- - C:\Windows\Prefetch\SCANDISP.EXE-7B7AC30B.pf
O45 - LFCP:[MD5.24591506921CDC60AD5B8C409809B9CC] - 26/03/2018 - 11:55:27 ---A- - C:\Windows\Prefetch\DRIVERBOOSTER.EXE-2E06A3E4.pf
O45 - LFCP:[MD5.D288AD7272A6A10D4A431609A7DDAA14] - 26/03/2018 - 11:55:50 ---A- - C:\Windows\Prefetch\SMBOOTTIME.EXE-519786F5.pf
O45 - LFCP:[MD5.AF39623EAEB3230157DFEB9CB8D5880F] - 26/03/2018 - 11:55:56 ---A- - C:\Windows\Prefetch\HWINFO.EXE-A5DCC67C.pf
O45 - LFCP:[MD5.597891042C54C67B4400DE218EC1B3F5] - 26/03/2018 - 11:55:56 ---A- - C:\Windows\Prefetch\SETUPHLP.EXE-AB59A15B.pf
O45 - LFCP:[MD5.6AD7BCF0D0ADA6954A6640B1EC280359] - 26/03/2018 - 11:58:24 ---A- - C:\Windows\Prefetch\AUTONTS.EXE-ED65A320.pf
O45 - LFCP:[MD5.4A6E0EF27090AF4530857439D5AB052F] - 26/03/2018 - 11:59:16 ---A- - C:\Windows\Prefetch\WSC_PROXY.EXE-0274D6D0.pf
~ Prefetcher: 68 Legitimates Filtered in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{2512d765-b8fb-11e7-8b7f-806e6f6e6963}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
O51 - MPSK:{e09b0390-f24f-11e7-bcd0-d5a34546bbc2}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)
O51 - MPSK:{e09b0392-f24f-11e7-bcd0-d5a34546bbc2}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSimpleNetIDList"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NolowDiskSpaceChecks"=1
~ MWPE Keys: 9 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 25/03/2018 - 19:45:49 ---A- C:\Users\TAYEB\AppData\Roaming\AVAST Software\Avast\uicred1.dat [1030]
O61 - LFC: 25/03/2018 - 19:53:26 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\edls_32.dll [370104]
O61 - LFC: 25/03/2018 - 19:53:26 ---A- C:\Users\TAYEB\AppData\Local\Google\Software Reporter Tool\settings.dat [40]
O61 - LFC: 25/03/2018 - 19:53:28 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\em000_32.dll [32192]
O61 - LFC: 25/03/2018 - 19:53:31 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\em001_32.dll [103864]
O61 - LFC: 25/03/2018 - 19:53:35 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\em002_32.dll [1866168]
O61 - LFC: 25/03/2018 - 19:53:35 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\em003_32.dll [937912]
O61 - LFC: 25/03/2018 - 19:53:35 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\em004_32.dll [5199288]
O61 - LFC: 25/03/2018 - 19:53:35 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\SwReporter\27.146.200\em005_32.dll [401336]
O61 - LFC: 25/03/2018 - 19:53:48 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5AB8D1A1-894.pma [8388608]
O61 - LFC: 25/03/2018 - 19:57:18 ---A- C:\Users\TAYEB\AppData\Roaming\AVAST Software\Avast\log\cef_log.txt [135]
O61 - LFC: 26/03/2018 - 11:53:09 ---A- C:\Users\TAYEB\AppData\Roaming\AVAST Software\Avast\uicred2.dat [1686]
O61 - LFC: 26/03/2018 - 11:55:24 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma [1048576]
O61 - LFC: 26/03/2018 - 11:55:34 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat [40]
O61 - LFC: 26/03/2018 - 11:56:59 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma [8388608]
O61 - LFC: 26/03/2018 - 12:01:44 ---A- C:\Users\TAYEB\AppData\Local\Google\Chrome\User Data\Local State [65044]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 169 Legitimates Filtered in 00mn 04s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 26/03/2018 - C:\Windows\temp\cpuz143\cpuz143_x32.sys (cpuz143) .(.CPUID - CPUID Driver.) - LEGACY_CPUZ143
O64 - Services: CurCS - 23/11/2016 - C:\Program Files\IObit\Advanced systemCare\drivers\Monitor_x86.sys (iobit_monitor_server) .(.IObit - Pas de description.) - LEGACY_IOBIT_MONITOR_SERVER
O64 - Services: CurCS - 06/06/2017 - C:\Program Files\IObit\IObit Uninstaller\drivers\win7_x86\IUFileFilter.sys (IUFileFilter) .(.IObit.com - IUFileFilter.) - LEGACY_IUFILEFILTER
O64 - Services: CurCS - 13/06/2017 - C:\Program Files\IObit\IObit Uninstaller\drivers\win7_x86\IURegProcessFilter.sys (IURegProcessFilter) .(.IObit.com - IURegProcessFilter.) - LEGACY_IUREGPROCESSFILTER
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 126 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][18/03/2018] (...) -- C:\Users\TAYEB\AppData\Local\Temp\{0A711873-63B1-4596-9C47-F1A7F9784AA4} - OProcSessId.dat [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][18/03/2018] (...) -- C:\Users\TAYEB\AppData\Local\Temp\{3D884E6F-5E5E-4D26-BE3E-1B492630C430} - OProcSessId.dat [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][18/03/2018] (...) -- C:\Users\TAYEB\AppData\Local\Temp\{44EEFB98-04D6-40EB-B3D7-83E635C7F748} - OProcSessId.dat [0]
[MD5.9A8D0A7B67031765B158FB60063534CA] [SPRF][07/12/2017] (...) -- C:\Users\TAYEB\Desktop\8471DFB_Geant_GN-CX88HD-Plus_V151_28-09-2018.bin [79817450]
[MD5.E2E8E969A91B7585680B8943ACC7A423] [SPRF][17/12/2017] (...) -- C:\Users\TAYEB\Desktop\gx6605S_cool_geant_GN-RS8-MiniHD-Plus_V2.24_20122017.bin [3277056]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{8A0A4ABB-5401-49DF-A2B0-8F2DFAE20D4B}" | In - None - P17 - TRUE | .(.IObit - Advanced SystemCare 10.) -- C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
O87 - FAEL: "{6D1EBF52-F7D8-4310-ACCF-DC195473A2A9}" | Out - None - P17 - TRUE | .(.IObit - Advanced SystemCare 10.) -- C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
O87 - FAEL: "{6B91CEEA-79E8-4DCB-BA9C-BC706344672C}" | In - None - P17 - TRUE | .(.IObit - Driver Booster.) -- C:\Program Files\IObit\Driver Booster\5.0.3\DriverBooster.exe
O87 - FAEL: "{19D1EB41-8467-4A67-980F-43DAB29EA373}" | Out - None - P17 - TRUE | .(.IObit - Driver Booster.) -- C:\Program Files\IObit\Driver Booster\5.0.3\DriverBooster.exe
O87 - FAEL: "{833A7FEF-B9BB-43C2-894B-FD1B1389E9F6}" | In - None - P17 - TRUE | .(.IObit - Driver Booster Downloader.) -- C:\Program Files\IObit\Driver Booster\5.0.3\DBDownloader.exe
O87 - FAEL: "{5FE8E8CE-A8B7-4BD8-B2DD-3BA4D1142131}" | Out - None - P17 - TRUE | .(.IObit - Driver Booster Downloader.) -- C:\Program Files\IObit\Driver Booster\5.0.3\DBDownloader.exe
O87 - FAEL: "{63926BB3-B65D-4686-8BEB-B8B73EE76863}" | In - None - P17 - TRUE | .(.IObit - Driver Booster Updater.) -- C:\Program Files\IObit\Driver Booster\5.0.3\AutoUpdate.exe
O87 - FAEL: "{293B2008-CC73-4F23-A081-DC12DD380980}" | Out - None - P17 - TRUE | .(.IObit - Driver Booster Updater.) -- C:\Program Files\IObit\Driver Booster\5.0.3\AutoUpdate.exe
~ Firewall: 181 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 18/03/2018 272384 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 01/11/2017 1053984 | (AdvancedSystemCareService11) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
SR - | Demand 18/03/2018 5909888 | (aswbIDSAgent) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
SR - | Auto 18/03/2018 303728 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 03/10/2017 156640 | (ByteFenceService) . (.Byte Technologies LLC.) - C:\Program Files\ByteFence\ByteFenceService.exe
SR - | Auto 26/10/2017 153168 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 26/10/2017 153168 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 14/06/2017 206112 | (IObitUnSvr) . (.IObit.) - C:\Program Files\IObit\IObit Uninstaller\IUService.exe
SS - | Demand 24/07/2015 301056 | (KMSEmulator) . (.MDL Forum, mod by Ratiborus.) - C:\ProgramData\KMSAuto\bin\KMSSS.exe
SR - | Auto 302920 | (rtop) . (...) - C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by TAYEB at 26/03/2018 12:06:47
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : v2.12846 - (08/08/2013)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 2
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1] =>PUP.KMSpico^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
C:\Program Files\KMSpico =>PUP.KMSpico^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUP.KMSpico
C:\Program Files\Youtube Downloader HD\YouTubeDownloaderHD.exe =>PUP.Dealio^
[HKCU\Software\CoinisRevShare] =>PUP.VShareRedir^
~ Additionnel Scan: 184376 Items scanned in 00mn 24s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/29633319-pup-kmspico =>PUP.KMSpico
~ http://nicolascoolman.webs.com/apps/blog/show/29432250-pup-vshareredir =>PUP.VShareRedir
~ http://nicolascoolman.webs.com/apps/blog/show/30898585-toolbar-avast =>Toolbar.Avast
~ MSI: 7 link(s) detected in 00mn 24s
~ 1219 Legitimates filtered by white list
End of the scan (552 lines in 03mn 55s)(0)