~ Rapport de ZHPDiag v2015.6.4.54 - Nicolas Coolman (31-05-15) ~ Lancé par AnTo1o (05-06-15 04:23:23) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Adresse du Forum http://forum.nicolascoolman.fr ~ Traduit par Nicolas Coolman ~ Etat de la version : Version à jour. ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.17801 MFIE: Mozilla Firefox 38.0.1 (Defaut) GCIE: Google Chrome v43.0.2357.81 ---\\ Informations sur les produits Windows ~ Langage: Français Windows Server License Manager Script : OK ~ Windows(R) Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : VCC43 Windows License : OK ~ Windows Remaining Initializations Number : 997 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK Windows 8.1, 64-bit (Build 9600) ---\\ Logiciels de protection du système Avira Antivirus v15.0.10.434 avast! SecureLine v1.0.139.2 avast! SecureLine v1.0.139.2 Windows Defender W8 (Deactivate) ---\\ Logiciels d'optimisation du système CCleaner v5.06 ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 17 NPAPI ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 61 Stepping 4, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 12210 MB (71% free) System Restore: Activé (Enable) System drive C: has 613 GB (91%) free of 673 GB ---\\ Mode de connexion au système ~ Computer Name: ANTO1O ~ User Name: AnTo1o ~ All Users Names: HomeGroupUser$, AnTo1o, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\AnTo1o\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\AnTo1o\AppData\Roaming\ ~ %Desktop% : C:\Users\AnTo1o\Desktop\ ~ %Favorites% : C:\Users\AnTo1o\Favorites\ ~ %LocalAppData% : C:\Users\AnTo1o\AppData\Local\ ~ %StartMenu% : C:\Users\AnTo1o\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 613 Go of 673 Go) D: Hard drive, Flash drive, Thumb drive (Free 3 Go of 25 Go) E: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 40 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.28-01-15 - 00:47:12.) -- C:\Windows\Explorer.exe [2501368] [MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22-08-13 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384] [MD5.F0289B3A341429117696F0279DA977B6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21-04-15 - 16:27:25.) -- C:\Windows\System32\wininet.dll [2352128] [MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.18-03-14 - 10:54:52.) -- C:\Windows\System32\Winlogon.exe [562176] [MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.18-03-14 - 10:54:52.) -- C:\Windows\System32\sppcomapi.dll [447488] [MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04-11-14 - 13:42:10.) -- C:\Windows\system32\Drivers\AFD.sys [563200] [MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22-08-13 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464] [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22-08-13 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576] [MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22-08-13 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352] [MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.04-11-14 - 13:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [134144] [MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.04-11-14 - 13:59:45.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800] [MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22-08-13 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520] [MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18-03-14 - 10:54:55.) -- C:\Windows\system32\Drivers\IpNat.sys [142848] [MD5.7A1A3F213CDB3363D179D5014272025D] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.04-11-14 - 13:43:42.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432] [MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22-08-13 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624] [MD5.038C77D577900EE39410662478BB0D50] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.04-11-14 - 13:59:45.) -- C:\Windows\system32\Drivers\ntfs.sys [2009920] [MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22-08-13 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208] [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22-08-13 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832] [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.18-03-14 - 10:37:57.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584] [MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22-08-13 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520] [MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.04-11-14 - 13:59:45.) -- C:\Windows\system32\Drivers\volsnap.sys [310080] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes musiques (My Musics) : 1/7 ~ Mes Favoris (My Favorites) : 1/15 ~ Mes Documents (My Documents) : 1/4 ~ Mon Bureau (My Desktop) : 0/6 ~ Menu demarrer (Programs) : 1/27 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.A416FBE18A8FF5C942B5E4A65A66EAE0] - (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704] [PID.6844] [MD5.444FEE93C045940CDA53BA0C20B2A69A] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224] [PID.1400] [MD5.86FAB02AFB6A800D047EB55597808D28] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1354552] [PID.3552] [MD5.73FCAA8154F8FD71E71E7DC52A1BAF2A] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192] [PID.5932] [MD5.66177D4C99FD8B578C7C56DE445E4D5D] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [728312] [PID.5372] [MD5.43B5696A844FB705D1E9595E8C3351B6] - (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864] [PID.3020] [MD5.C4EF32C1C0473392EF4204890AF8E457] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896] [PID.1408] [MD5.12E2FC1F74265881402DE856D01EFFFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8214016] [PID.5448] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\AnTo1o\AppData\Local\Google\Chrome\User Data\Default\Preferences ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 11 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\AnTo1o\AppData\Roaming\Mozilla\Firefox\Profiles\6e0k8l2o.default\prefs.js C:\Users\AnTo1o\AppData\Roaming\Mozilla\Firefox\Profiles\6e0k8l2o.default\user.js M3 - MFPP: Plugins - [AnTo1o] -- C:\Users\AnTo1o\AppData\Roaming\Mozilla\Firefox\Profiles\6e0k8l2o.default\searchplugins\WebSearch.xml M2 - MFEP: prefs.js [AnTo1o - 6e0k8l2o.default\abs@avira.com] [] Segurança do navegador Avira v1.4.9 (..) M2 - MFEP: prefs.js [AnTo1o - 6e0k8l2o.default\DUOz@BG.org] [] PriceoMinus v2.0 (..) =>PriceMinus M2 - MFEP: prefs.js [AnTo1o - 6e0k8l2o.default\tk@SgKYI.com] [] PericELeuss v5.2 (..) =>PUP.PriceLess M2 - MFEP: Extension [AnTo1o - 6e0k8l2o.default] abs@avira.com M2 - MFEP: Extension [AnTo1o - 6e0k8l2o.default] DUOz@BG.org M2 - MFEP: Extension [AnTo1o - 6e0k8l2o.default] jid1-FB1bBgFMk5H6Wg@jetpack.xpi M2 - MFEP: Extension [AnTo1o - 6e0k8l2o.default] L4@eqF7W.org M2 - MFEP: Extension [AnTo1o - 6e0k8l2o.default] tk@SgKYI.com M2 - MFEP: Extension [AnTo1o - 6e0k8l2o.default] {588b71a1-b0bc-422a-9c3a-658c73ef0290}.xpi P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\generic_search.xml ~ Firefox Browser: 36 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com =>PUP.Istart R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com =>PUP.Istart R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com =>PUP.Istart ~ IE Browser: 14 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com =>PUP.Istart O4 - GS\QuickLaunch [AnTo1o]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.Istart O4 - GS\TaskBar [AnTo1o]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\AnTo1o\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\Program [AnTo1o]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.Istart ~ Global Startup: 4 Legitimates Filtered in 00mn 02s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll O4 - HKLM\..\Run: [SimplePass] . (.Hewlett-Packard - HP SimplePass Application.) -- C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe O4 - HKLM\..\Run: [OPBHOBroker] . (.Hewlett-Packard - HP SimplePass BHO Broker.) -- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe O4 - HKLM\..\Run: [OPBHOBrokerDesktop] . (.Hewlett-Packard - HP SimplePass BHO Broker.) -- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\AnTo1o\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F9D622B1055019D889338F395A5C9BA9] . (.The Chromium Authors - Chromium.) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\chrome.exe O4 - HKLM\..\Wow6432Node\Run: [AccelerometerSysTrayApplet] . (.Hewlett-Packard Company - Hp Accelerometer System Tray.) -- C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.) -- C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\Antivirus\avgnt.exe O4 - HKUS\S-1-5-21-3557285559-2046751746-954871750-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\AnTo1o\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - HKUS\S-1-5-21-3557285559-2046751746-954871750-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-3557285559-2046751746-954871750-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd O4 - HKUS\S-1-5-21-3557285559-2046751746-954871750-1001\..\Run: [GoogleChromeAutoLaunch_F9D622B1055019D889338F395A5C9BA9] . (.The Chromium Authors - Chromium.) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\chrome.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: Cliquer pour appeler Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBTTN~1.dll =>.Microsoft Corporation O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 [64Bits] - {A95fe080-8f5d-11d2-a20b-00aa003c157a} . (.Evernote Corp., 305 Walnut Street, Redwood - Evernote Clipper for Microsoft Internet Explorer.) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteIEx64.dll ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{02C94EB6-3840-4CA1-9733-C37CA046A7A3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{ECCD068A-FD1F-449E-857F-810EC3C1BDB9}: DhcpNameServer = 40.23.1.201 40.23.1.202 O17 - HKLM\System\CCS\Services\Tcpip\..\{ECCD068A-FD1F-449E-857F-810EC3C1BDB9}: DhcpDomain = D1-Line.COM O17 - HKLM\System\CS1\Services\Tcpip\..\{02C94EB6-3840-4CA1-9733-C37CA046A7A3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{ECCD068A-FD1F-449E-857F-810EC3C1BDB9}: DhcpNameServer = 40.23.1.201 40.23.1.202 O17 - HKLM\System\CS1\Services\Tcpip\..\{ECCD068A-FD1F-449E-857F-810EC3C1BDB9}: DhcpDomain = D1-Line.COM O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) . (.Reimage® - Reimage Real Time Protection.) - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>Rogue.ReimageRepair O23 - Service: SC 1.10.0.16 Client Service (scsvc_1.10.0.16) . (.SuperClick - SC Client Service.) - C:\Program Files (x86)\SuperClick_1.10.0.16\Service\scsvc.exe =>PUP.SuperClick O23 - Service: avast! SecureLine (SecureLine) . (...) - C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe O23 - Service: Service KMSELDI (Service KMSELDI) . (.@ByELDI - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico ~ Services: 33 Legitimates Filtered in 00mn 10s ---\\ Tâches planifiées en automatique (O39) [MD5.F1CE8A8107117151704BED2729CC0717] [APT] [AutoPico Daily Restart] (.@ByELDI.) -- C:\Program Files\KMSpico\AutoPico.exe [971968] =>PUA.KMSpico [MD5.D423210C49AAE90BDDD854061DC105C1] [APT] [Chromium] (...) -- C:\Users\AnTo1o\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.exe [546816] [MD5.0BC300B18B5397DD71194E9D76EAA4D9] [APT] [DropboxOEM] (...) -- C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160] [MD5.00000000000000000000000000000000] [APT] [Easy Driver Pro Schedule] (...) -- C:\Program Files (x86)\Probit Software\Easy Driver Pro\EDPTray.exe (.not file.) [0] =>PUP.ProbitSoftware [MD5.00000000000000000000000000000000] [APT] [gameo_update] (...) -- C:\Users\AnTo1o\AppData\Roaming\Gameo\gameo.exe (.not file.) [0] =>PUP.Gameo [MD5.EC62720A72C1ACD6AB638C0D7D10F431] [APT] [IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473] (...) -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368] [MD5.EC62720A72C1ACD6AB638C0D7D10F431] [APT] [IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon] (...) -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368] [MD5.00000000000000000000000000000000] [APT] [LaunchPreSignup] (...) -- C:\Program Files (x86)\OLBPre\OLBPre.exe (.not file.) [0] =>PUP.MyPCBackup [MD5.DF05643A7B81B020AC6C93B7410AF514] [APT] [LHTFVNWO1] (.LolliScan.) -- C:\ProgramData\LolliScan\LolliScan.exe [812032] =>Adware.Graftor [MD5.39D266BD7B5BA17BD4C1FEA9DDB7D144] [APT] [Reimage Reminder] (.Reimage ltd..) -- C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [4431712] =>Rogue.ReimageRepair [MD5.AEB53D4C5A3E079621BAE45C12C0EDA7] [APT] [ReimageUpdater] (.Reimage®.) -- C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024] =>Rogue.ReimageRepair [MD5.9EC357EC1D412F48194DF5FE0C6D13B7] [APT] [SuperClick Auto Updater 1.10.0.16 Core] (.SuperClick.) -- C:\Program Files (x86)\SuperClick_1.10.0.16\Update\SuperClickAutoUpdateClient.exe [59480] =>PUP.SuperClick [MD5.9EC357EC1D412F48194DF5FE0C6D13B7] [APT] [SuperClick Auto Updater 1.10.0.16 Pending Update] (.SuperClick.) -- C:\Program Files (x86)\SuperClick_1.10.0.16\Update\SuperClickAutoUpdateClient.exe [59480] =>PUP.SuperClick [MD5.00000000000000000000000000000000] [APT] [WTRTDLM] (...) -- C:\ProgramData\c05e7c22ed084afab2b5a0576a51ba06\c05e7c22ed084afab2b5a0576a51ba06.exe (.not file.) [0] O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: Chromium - (...) -- C:\Windows\Tasks\Chromium.job [346] O39 - APT: Chromium - (...) -- C:\Windows\System32\Tasks\Chromium [346] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1078] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1082] O39 - APT: LHTFVNWO1 - (.LolliScan.) -- C:\Windows\Tasks\LHTFVNWO1.job [346] =>Adware.Graftor O39 - APT: LHTFVNWO1 - (.LolliScan.) -- C:\Windows\System32\Tasks\LHTFVNWO1 [346] =>Adware.Graftor ~ Scheduled Task: 42 Legitimates Filtered in 00mn 08s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (scfd_1_10_0_16) . (.SuperClick - SC Driver x64.) - C:\Windows\System32\drivers\scfd_1_10_0_16.sys =>PUP.SuperClick O41 - Driver: ({0c0d086c-f4c2-47a4-86b9-399124476953}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{0c0d086c-f4c2-47a4-86b9-399124476953}w64.sys =>PUP.LinkiDoo ~ Drivers: 44 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: KMSpico - (...) [HKLM][64Bits] -- {8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 =>PUA.KMSpico O42 - Logiciel: LolliScan - (...) [HKLM][64Bits] -- LolliScan =>Adware.Graftor O42 - Logiciel: Primary Color - (.Primary Color.) [HKLM][64Bits] -- Primary Color =>Adware.Sambreel O42 - Logiciel: SuperClick 1.10.0.16 - (.SuperClick.) [HKLM][64Bits] -- SuperClick_1.10.0.16 =>PUP.SuperClick ~ Logic: 30 Legitimates Filtered in 00mn 02s ---\\ HKCU & HKLM Software Keys [HKCU\Software\ArenaHD] =>PUP.CrossRider [HKCU\Software\ClkApp] [HKCU\Software\Clubic] [HKCU\Software\Easy Speed Check] [HKCU\Software\Gameo] =>PUP.Gameo [HKCU\Software\HighDefAction] =>PUP.CrossRider [HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions [HKCU\Software\Primary Color] =>Adware.Sambreel [HKCU\Software\ProductSetup] =>Adware.InstallCore [HKCU\Software\Reimage] =>Rogue.ReimageRepair [HKCU\Software\SmileysWeLove] =>Adware.SmileyBar [HKCU\Software\Super Optimizer] =>PUP.SuperOptimizer [HKCU\Software\TutoTag] =>PUP.AgenceExclusive [HKCU\Software\Tutorials] =>PUP.AgenceExclusive [HKCU\Software\YorkNewCin] =>PUP.CrossRider [HKLM\Software\HighDefAction] =>PUP.CrossRider [HKLM\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions [HKLM\Software\LolliScan] =>Adware.Graftor [HKLM\Software\Reimage] =>Rogue.ReimageRepair [HKLM\Software\Wow6432Node\1483dc53-8c3e-f4a2-39f4-14409ad9da43] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Cinema Video 1.8V31.05] [HKLM\Software\Wow6432Node\HD4Good] [HKLM\Software\Wow6432Node\HighDefAction] =>PUP.CrossRider [HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.BrowserExtensions [HKLM\Software\Wow6432Node\Internet Speed Checker] =>PUP.InternetSpeedChecker [HKLM\Software\Wow6432Node\MaxPower] [HKLM\Software\Wow6432Node\PJ] [HKLM\Software\Wow6432Node\Primary Color] =>Adware.Sambreel [HKLM\Software\Wow6432Node\WXLITE] [HKLM\Software\Wow6432Node\WinPj] [HKLM\Software\Wow6432Node\YorkNewCin] =>PUP.CrossRider [HKLM\Software\YorkNewCin] =>PUP.CrossRider ~ Key Software: 344 Legitimates Filtered in 00mn 02s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 04-06-15 - 17:37:46 - [] ----D C:\Program Files (x86)\Cinema Video 1.8V31.05 O43 - CFD: 04-06-15 - 17:42:31 - [] ----D C:\Program Files (x86)\FlashControl O43 - CFD: 04-06-15 - 17:43:34 - [] ----D C:\Program Files (x86)\HD4Good O43 - CFD: 04-06-15 - 17:44:19 - [] ----D C:\Program Files (x86)\Internet Speed Checker =>PUP.InternetSpeedChecker O43 - CFD: 04-06-15 - 17:45:02 - [] ----D C:\Program Files (x86)\PericELeuss =>PUP.PriceLess O43 - CFD: 04-06-15 - 17:45:02 - [] ----D C:\Program Files (x86)\PriceoMinus =>PriceMinus O43 - CFD: 04-06-15 - 18:50:49 - [] ----D C:\Program Files (x86)\Primary Color =>Adware.Sambreel O43 - CFD: 01-06-15 - 01:18:51 - [] ----D C:\Program Files (x86)\SuperClick_1.10.0.16 =>PUP.SuperClick O43 - CFD: 31-05-15 - 22:45:18 - [] ----D C:\Program Files (x86)\version13CheckMeUp =>PUP.CrossRider O43 - CFD: 01-06-15 - 02:21:13 - [] ----D C:\ProgramData\15928482670229230692 O43 - CFD: 01-06-15 - 00:53:17 - [] ----D C:\ProgramData\19c9a96d00003f9e O43 - CFD: 31-05-15 - 23:23:43 - [] ----D C:\ProgramData\3517978400006b0f O43 - CFD: 31-05-15 - 22:45:22 - [] ----D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066 O43 - CFD: 04-06-15 - 13:57:05 - [] ----D C:\ProgramData\boost_interprocess O43 - CFD: 01-06-15 - 00:56:41 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 O43 - CFD: 31-05-15 - 22:51:56 - [] ----D C:\ProgramData\Ebninoja O43 - CFD: 04-06-15 - 18:51:18 - [] ----D C:\ProgramData\jkarallMG O43 - CFD: 31-05-15 - 22:46:05 - [] ----D C:\ProgramData\LolliScan =>Adware.Graftor O43 - CFD: 01-06-15 - 01:29:04 - [] ----D C:\ProgramData\Reimage Protector =>Rogue.ReimageRepair O43 - CFD: 31-05-15 - 22:46:03 - [] ----D C:\ProgramData\WebShield =>Adware.WebShield O43 - CFD: 31-05-15 - 17:54:25 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUA.KMSpico O43 - CFD: 04-11-14 - 08:52:38 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos O43 - CFD: 04-11-14 - 08:53:15 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools O43 - CFD: 01-06-15 - 01:28:33 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair =>Rogue.ReimageRepair O43 - CFD: 04-06-15 - 15:21:17 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection O43 - CFD: 18-03-14 - 11:38:02 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 04-06-15 - 19:10:36 - [] ----D C:\Users\AnTo1o\AppData\Roaming\OpenCandy =>Adware.OpenCandy O43 - CFD: 01-06-15 - 00:48:16 - [] ----D C:\Users\AnTo1o\AppData\Roaming\smileyswelove =>Adware.SmileyBar O43 - CFD: 04-06-15 - 17:58:06 - [] ----D C:\Users\AnTo1o\AppData\Local\Gameo =>PUP.Gameo O43 - CFD: 31-05-15 - 16:56:37 - [0] ----D C:\Users\AnTo1o\AppData\Local\PackageStaging O43 - CFD: 04-06-15 - 15:07:27 - [] ----D C:\Users\AnTo1o\AppData\Local\WebShield =>Adware.WebShield ~ Program Folder: 204 Legitimates Filtered in 00mn 01s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.ED85313B5C4822D76EE5D92100527BB5] - 01-06-15 - 00:29:28 ---A- . (...) -- C:\Windows\Reimage.ini [165] =>Rogue.ReimageRepair O44 - LFC:[MD5.2CBD6D22499EB13A2666F62EF33D00E2] - 02-06-15 - 21:53:30 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16303] O44 - LFC:[MD5.0EEE2A1F716C29F14930B2F836BE7607] - 03-06-15 - 22:47:08 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{0c0d086c-f4c2-47a4-86b9-399124476953}w64.sys [48784] =>PUP.LinkiDoo O44 - LFC:[MD5.406E76BE63C65E0BF4B263156320254E] - 04-06-15 - 12:08:53 ---A- . (...) -- C:\Windows\System32\ScannerSettings [464] O44 - LFC:[MD5.114CA3EAFBB2A8F1E2B4BC7B7DB5F756] - 04-06-15 - 12:18:02 ---A- . (...) -- C:\Windows\System32\ScanResults.xml [5547] O44 - LFC:[MD5.4F42D0CE252EB958DB6EDC3FF6C0BF7E] - 04-06-15 - 12:53:07 ---A- . (...) -- C:\Windows\System32\Drivers\BCM43142A0_001.001.011.0277.0289.hex [57657] O44 - LFC:[MD5.9D17F78BB04A3EF67426AFD087660188] - 04-06-15 - 14:12:31 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [410017] O44 - LFC:[MD5.642F3511FE93D92C062C7CF6CE6E3075] - 04-06-15 - 18:57:18 ---A- . (...) -- C:\Windows\win.ini [301] O44 - LFC:[MD5.1DAA514FDC61ABF63AC7EBA3C2D1095C] - 27-05-15 - 11:48:20 ---A- . (...) -- C:\Windows\System32\nvcoproc.bin [4408727] O44 - LFC:[MD5.8AC1617AB2D28FEB6AA7A99CD519E507] - 28-05-15 - 08:04:11 ---A- . (...) -- C:\Windows\System32\nvcompiler.dll [42719888] O44 - LFC:[MD5.B887A34F4D7F6BC0446A397DF2088B77] - 28-05-15 - 08:04:11 ---A- . (...) -- C:\Windows\System32\nvinfo.pb [30966] O44 - LFC:[MD5.8A63A03AE53A58DCD77C31B5DD1D591A] - 31-05-15 - 15:51:33 ---A- . (...) -- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [118] O44 - LFC:[MD5.FB1F46900FBE595AA662E86E5C460FC1] - 31-05-15 - 15:51:57 ---A- . (...) -- C:\Windows\insFileSpec [205] O44 - LFC:[MD5.3D733144477CADCF77009EF614413630] - 31-05-15 - 16:54:16 ---A- . (.Vestris Inc. - ResourceLib.) -- C:\Windows\System32\Vestris.ResourceLib.dll [90112] O44 - LFC:[MD5.6D7FDBF9CEAC51A76750FD38CF801F30] - 31-05-15 - 16:54:30 ---A- . (...) -- C:\Windows\SECOH-QAD.dll [3584] =>PUA.KMSpico O44 - LFC:[MD5.38DE5B216C33833AF710E88F7F64FC98] - 31-05-15 - 16:54:30 ---A- . (...) -- C:\Windows\SECOH-QAD.exe [4608] =>PUA.KMSpico O44 - LFC:[MD5.2BF3E96EDD18C8F746D2D9B9C85240C6] - 31-05-15 - 23:48:07 ---A- . (...) -- C:\browserhelper.log [1711] ~ Files: 239 Legitimates Filtered in 00mn 59s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.CD3A8D62C2E8404B4E0CF607C824EA87] - 05-06-15 - 02:33:51 ---A- - C:\Windows\Prefetch\LOLLISCAN.EXE-24A984AD.pf =>Adware.Graftor O45 - LFCP:[MD5.8FC90F1BDE80DB9451880326C9C01FD3] - 31-05-15 - 23:49:49 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO.EXE-352DDA76.pf =>PUP.OptimizerPro O45 - LFCP:[MD5.C0125BC018174CEEA8E8F6E10F2CD27A] - 05-06-15 - 02:51:44 ---A- - C:\Windows\Prefetch\PERFORMANCEOPTIMIZER.EXE-23A96D70.pf =>PUP.PerformanceOptimizer O45 - LFCP:[MD5.72B39E5DC0706CB2B0DB2885617035F6] - 04-06-15 - 16:52:34 ---A- - C:\Windows\Prefetch\PRIMARYCOLOR.PURBROWSE64.EXE-6CE6ED67.pf =>Adware.Sambreel O45 - LFCP:[MD5.D2EA7E427272D70836E63437884E8A85] - 05-06-15 - 02:32:41 ---A- - C:\Windows\Prefetch\SECOH-QAD.EXE-1841CCFD.pf =>PUA.KMSpico O45 - LFCP:[MD5.9EDEDFACBDF8327DA82DB0B16C5A87D8] - 01-06-15 - 00:52:46 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-7FC70E3F.pf =>P2P.µTorrent O45 - LFCP:[MD5.7E5B933B188E5F3DF84EA078D7A59C43] - 31-05-15 - 16:14:49 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-DEE7534F.pf =>P2P.µTorrent ~ Prefetcher: 7 Legitimates Filtered in 00mn 01s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 3 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:13-08-13 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624] O58 - SDL:13-05-15 - 20:08:16 ---A- . (.SuperClick - SC Driver x64.) -- C:\Windows\System32\Drivers\scfd_1_10_0_16.sys [58240] =>PUP.SuperClick O58 - SDL:22-08-13 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072] O58 - SDL:15-08-14 - 21:35:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] O58 - SDL:03-06-15 - 22:47:08 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{0c0d086c-f4c2-47a4-86b9-399124476953}w64.sys [48784] =>PUP.LinkiDoo ~ Drivers: 70 Legitimates Filtered in 00mn 02s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 02-06-15 - 04:25:08 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\45.0.2420.0\libegl.dll [75264] O61 - LFC: 02-06-15 - 04:25:08 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\45.0.2420.0\libexif.dll [308224] O61 - LFC: 02-06-15 - 04:25:08 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\45.0.2420.0\libglesv2.dll [1805312] O61 - LFC: 02-06-15 - 04:25:08 ---A- . (.The Chromium Authors.) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\45.0.2420.0\chrome.dll [39406592] O61 - LFC: 02-06-15 - 04:25:08 ---A- . (.The Chromium Authors.) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\45.0.2420.0\chrome_child.dll [43344896] O61 - LFC: 02-06-15 - 04:25:08 ---A- . (.The Chromium Authors.) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\45.0.2420.0\chrome_elf.dll [124416] O61 - LFC: 02-06-15 - 04:25:08 ---A- . (.The Chromium Authors.) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\45.0.2420.0\chrome_watcher.dll [355328] O61 - LFC: 02-06-15 - 04:25:08 ---A- . (.The Chromium Authors.) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\45.0.2420.0\delegate_execute.exe [683520] O61 - LFC: 02-06-15 - 04:25:08 ---A- . (.The Chromium Authors.) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\45.0.2420.0\ffmpegsumo.dll [961536] O61 - LFC: 02-06-15 - 04:25:08 ---A- . (.The Chromium Authors.) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\45.0.2420.0\metro_driver.dll [487424] O61 - LFC: 02-06-15 - 04:25:08 ---A- . (.The Chromium Authors.) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\45.0.2420.0\nacl64.exe [2286080] O61 - LFC: 02-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\45.0.2420.0\natives_blob.bin [396318] O61 - LFC: 02-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\45.0.2420.0\snapshot_blob.bin [431680] O61 - LFC: 02-06-15 - 04:25:09 ---A- . (.The Chromium Authors.) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\chrome.exe [659456] O61 - LFC: 04-06-15 - 04:25:08 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\45.0.2420.0\Installer\uninstall.exe [546816] O61 - LFC: 04-06-15 - 04:25:08 ---A- . (.The Chromium Authors.) -- C:\Users\AnTo1o\AppData\Local\Chromium\Application\45.0.2420.0\Installer\setup.exe [928768] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Ads.BackgroundStyles_8_1_RP-9f980e6d.dll [12248] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Local\Multimedia.ImageDetails.dll [18392] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\ModernApplications.AppStoreItem_8_1_RTM-b18e1027.dll [11736] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\ModernApplications.AppStoreSingleLayout_Landscape_8_1_RP-e50a2a67.dll [12760] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\ModernApplications.AppStoreSingleLayout_Portrait_8_1_RP-1f4469d2.dll [12760] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\ModernApplications.AppStoreSingleLayout_Snap_8_1_RP-936e182b.dll [12760] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\MsnJVData.Video_Styles_8_1_RTM-9da0e9ee.dll [10712] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Multimedia.EntryAnswer_Landscape_8_1_RP-9d7f86a9.dll [11736] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Multimedia.EntryAnswer_Portrait_8_1_RP-e2820368.dll [11736] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Multimedia.EntryAnswer_Snap_8_1_RP-28755c71.dll [11736] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Multimedia.ImageAnswer_Horizontal_8_1_RTM-dce2a546.dll [11736] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Multimedia.ImageAnswer_Vertical_8_1_RTM-4d5d3c50.dll [12248] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Multimedia.ImageDetails_RTM-645d8117.dll [18392] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\QuerySuggestion.Home_Horizontal_8_1_RP-bb56e430.dll [10712] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\QuerySuggestion.Home_Vertical_8_1_RP-a4518597.dll [10712] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\QuerySuggestion.ListItem_8_1_RP-cfced051.dll [10712] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.AccentColorStyles_8_1_RP-f16782e7.dll [13272] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.AppButton_8_1_RP-df2cf5e1.dll [12760] O61 - LFC: 04-06-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.Branding_8_1_RTM-1aa170b9.dll [15320] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.ButtonStyles_8_1_SpringGDR-ff8d7ba7.dll [25560] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.FactsList_8_1_RP-bf695b40.dll [15320] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.GridViewStyles_8_1_SpringGDR-deacc251.dll [30680] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.HeroStyles_8_1_RTM-45ef23fc.dll [23000] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.ImageStyles_8_1_SpringGDR-1e013bca.dll [12248] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.List_8_1_RTM-dddcb8a3.dll [17880] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.NullableImageWithCustomBackground_8_1_SpringGDR-ed3aa063.dll [11224] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.NullableImage_8_1_SpringGDR-61977366.dll [11224] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.Rating_8_1_RP-5b672b01.dll [11736] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.SerpAnswerBlock_FocusOnly_8_1_RP-8920ab69.dll [14808] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.SerpAnswerBlock_Selectable_8_1_RP-50f23571.dll [14808] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.SerpAnswerBlock_Suppressed_8_1_RP-9749e2bf.dll [14296] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.SerpGridViewStyles_8_1_RTM-585bfba1.dll [23512] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Shared.TextStyles_8_1_SpringGDR-bc62340a.dll [35800] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Web.Algo_Generic_8_1_RP-473969cf.dll [11224] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Web.AppifiedAlgo_Landscape_8_1_RP-093821dc.dll [13272] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Web.AppifiedAlgo_Portrait_8_1_RP-f96819b8.dll [14296] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Web.AppifiedAlgo_VerticalNarrow_8_1_RP-92e040cb.dll [12248] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Web.MetadataWithoutSuffix_8_1_RP-9fcd7344.dll [11224] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Web.RichAlgo_Landscape_8_1_RP-30e0ff7c.dll [11224] O61 - LFC: 04-06-15 - 04:25:10 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates\Web.RichAlgo_Portrait_8_1_RP-9812756d.dll [11736] O61 - LFC: 04-06-15 - 04:25:14 ---A- . (...) -- C:\Users\AnTo1o\MAJ2\BTW12.0.1.170_Win8x_USB_ASUS\Win32\Inst.exe [261888] O61 - LFC: 04-06-15 - 04:25:15 ---A- . (...) -- C:\Users\AnTo1o\MAJ2\BTW12.0.1.170_Win8x_USB_ASUS\Win64\Inst.exe [261888] O61 - LFC: 31-05-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Internet Explorer\UrlBlockManager\urlblocklist.bin [0] O61 - LFC: 31-05-15 - 04:25:09 ---A- . (...) -- C:\Users\AnTo1o\AppData\Local\Microsoft\Windows\1036\StructuredQuerySchema.bin [411415] ~ 84 Fichiers temporaires (Temporary files) ~ 1 Fichiers cookies (Cookies files) ~ Files: 125 Legitimates Filtered in 00mn 07s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- firefox.exe (.not file.) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.istartsurf.com =>PUP.Istart O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} - (e) - http://www.istartsurf.com =>PUP.Istart O69 - SBI: SearchScopes [HKCU] {2f23ab71-4ac6-41f2-a955-ea576e553146} [DefaultScope] - (Search Provided by Yahoo) - http://us.yhs4.search.yahoo.comDtGyCtDyE0DtBtBtAzyyDzz0F0F2QtN0A0LzuyE%26cr%3D1930496419%26a%3Dwny_tele_15_23%26os%3DWindows 8.1&p={searchTerms} O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (istartsurf) - http://www.istartsurf.com =>PUP.Istart O69 - SBI: SearchScopes [HKCU] {4767FC05-5431-40DF-88BD-C994035896A5} - (Propositions de recherche Amazon.fr) - http://www.istartsurf.com =>PUP.Istart O69 - SBI: SearchScopes [HKCU] {4aebadac-e28a-4d87-af90-492c7b7f9d5b} - (Search) - http://www.istartsurf.com =>PUP.Istart O69 - SBI: SearchScopes [HKCU] {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} - (WebSearch) - http://www.istartsurf.com =>PUP.Istart O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.istartsurf.com =>PUP.Istart O69 - SBI: SearchScopes [HKCU] {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - (Search Provided by Yahoo) - http://us.yhs4.search.yahoo.com0E0DyByCtDyDzztDyCyEyBtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyBzyzy%26cr%3D834297441%26a%3Dwncy_clu_15_23%26os%3DWindows 8.1&p={searchTerms} ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection Rogue (SRI) (O86) O43 - CFD: 31-05-15 - 22:45:22 - [] ----D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066 ~ Files: Scanned in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{C564251D-52E5-4547-80AB-51DF10FDD8E2}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\AnTo1o\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{54462087-E5A9-4D10-8D84-E5DE045F30DE}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\AnTo1o\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Firewall: 2 Legitimates Filtered in 00mn 04s ---\\ Export de clés de registre aléatoires (O91) [HKLM\Software\Wow6432Node\23204_2015/06/01]:last="13077591657446" ~ Export Key Software: Scanned in 00mn 00s ---\\ Enumère les données de la clé NameSpace (MNS) (O92) O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE} O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B} O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA} O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C} O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0} O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641} ~ MNS: 6 Legitimates Filtered in 00mn 00s ---\\ Recherche de clés de registre Tracing (O100) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PerformanceOptimizer_RASAPI32 =>PUP.PerformanceOptimizer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PerformanceOptimizer_RASMANCS =>PUP.PerformanceOptimizer HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SuperClickAutoUpdateClient_RASAPI32 =>PUP.SuperClick HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SuperClickAutoUpdateClient_RASMANCS =>PUP.SuperClick ~ BTK: 27 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 31-05-15 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 22-04-15 827640 | (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe SS - | Auto 22-04-15 1185584 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe SS - | Auto 13-11-13 2251992 | (BcmBtRSupport) . (.Broadcom Corporation..) - C:\Windows\System32\BtwRSupportService.exe SS - | Demand 07-10-14 279144 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Demand 24-04-14 203344 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe SS - | Auto 04-06-15 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 04-06-15 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 24-04-12 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe SS - | Demand 13-05-14 887256 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe SS - | Demand 06-04-15 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 09-04-14 174368 | (iumsvc) . (...) - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe SS - | Demand 24-04-15 625640 | (Lenovo EasyPlus Hotspot) . (.Lenovo.) - C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe SS - | Demand 14-05-15 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Disabled 18-02-15 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Auto 22-08-13 37768 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 22-04-15 434424 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\sched.exe SR - | Auto 22-04-15 434424 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Antivirus\avguard.exe SR - | Auto 19-01-15 77128 | (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 21-05-15 208632 | (Avira.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe SR - | Auto 30-08-11 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 21-11-14 978688 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\ASUS\Bluetooth Software\btwdins.exe SR - | Auto 25-08-14 255040 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe SR - | Auto 28-05-15 1152656 | (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe SR - | Auto 01-08-14 93184 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co SR - | Demand 19-05-14 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe SR - | Auto 23-07-13 43320 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe SR - | Auto 09-10-14 569608 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe SR - | Auto 04-12-14 19184 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 07-10-14 328296 | (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe SR - | Auto 03-09-14 131544 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe SR - | Auto 03-09-14 154584 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 03-09-14 405976 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 04-06-15 2823296 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SR - | Auto 28-05-15 1893008 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe SR - | Auto 28-05-15 23006864 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe SR - | Auto 28-05-15 937288 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 28-03-14 88064 | (omniserv) . (.Softex Inc..) - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe SR - | Auto 14-01-15 7410024 | (ReimageRealTimeProtector) . (.Reimage®.) - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>Rogue.ReimageRepair SR - | Auto 14-04-14 389896 | (RichVideo64) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo64.exe SR - | Auto 04-09-14 292568 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe SR - | Auto 13-05-15 278616 | (scsvc_1.10.0.16) . (.SuperClick.) - C:\Program Files (x86)\SuperClick_1.10.0.16\Service\scsvc.exe =>PUP.SuperClick SR - | Auto 15-10-14 435064 | (SecureLine) . (...) - C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe SR - | Auto 02-02-15 971968 | (Service KMSELDI) . (.@ByELDI.) - C:\Program Files\KMSpico\Service_KMS.exe =>PUA.KMSpico SR - | Auto 17-06-14 191728 | (SynTPEnhService) . (.Synaptics Incorporated.) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe SR - | Auto 15-05-15 2967864 | (TuneUp.UtilitiesSvc) . (.AVG Technologies.) - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe SR - | Demand 22-07-58 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe SR - | Demand 22-07-58 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 22-07-58 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation ~ Services: Scanned in 00mn 31s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by AnTo1o at 05-06-15 04:28:03 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by AnTo1o at 05-06-15 04:28:05 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13008 - (31-05-15) Clés trouvées (Keys found) : 20 Valeurs trouvées (Values found) : 5 Dossiers trouvés (Folders found) : 15 Fichiers trouvés (Files found) : 25 [HKLM\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector] =>Rogue.ReimageRepair^ [HKLM\SYSTEM\CurrentControlSet\Services\scsvc_1.10.0.16] =>PUP.SuperClick^ [HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI] =>PUA.KMSpico^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1] =>PUA.KMSpico^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\LolliScan] =>Adware.Graftor^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Primary Color] =>Adware.Sambreel^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SuperClick_1.10.0.16] =>PUP.SuperClick^ [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKCU\Software\Tutorials] =>Spyware.AgenceExclusive [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider [HKCU\Software\Reimage] =>Rogue.ReimageRepair [HKLM\Software\Reimage] =>Rogue.ReimageRepair [HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider [HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider [HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider [HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^ C:\Users\AnTo1o\AppData\Roaming\Mozilla\Firefox\Profiles\6e0k8l2o.default\extensions\tk@SgKYI.com =>PUP.PriceLess^ C:\Program Files (x86)\Internet Speed Checker =>PUP.InternetSpeedChecker^ C:\Program Files (x86)\PericELeuss =>PUP.PriceLess^ C:\Program Files (x86)\Primary Color =>Adware.Sambreel^ C:\Program Files (x86)\SuperClick_1.10.0.16 =>PUP.SuperClick^ C:\Program Files (x86)\version13CheckMeUp =>PUP.CrossRider^ C:\ProgramData\LolliScan =>Adware.Graftor^ C:\ProgramData\Reimage Protector =>Rogue.ReimageRepair^ C:\ProgramData\WebShield =>Adware.WebShield^ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUA.KMSpico^ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair =>Rogue.ReimageRepair^ C:\Users\AnTo1o\AppData\Roaming\OpenCandy =>Adware.OpenCandy^ C:\Users\AnTo1o\AppData\Roaming\smileyswelove =>Adware.SmileyBar^ C:\Users\AnTo1o\AppData\Local\Gameo =>PUP.Gameo^ C:\Users\AnTo1o\AppData\Local\WebShield =>Adware.WebShield^ C:\Program Files\KMSpico\AutoPico.exe =>PUA.KMSpico^ C:\ProgramData\LolliScan\LolliScan.exe =>Adware.Graftor^ C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe =>Rogue.ReimageRepair^ C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>Rogue.ReimageRepair^ C:\Program Files (x86)\SuperClick_1.10.0.16\Update\SuperClickAutoUpdateClient.exe =>PUP.SuperClick^ C:\Windows\Tasks\LHTFVNWO1.job =>Adware.Graftor^ C:\Windows\System32\Tasks\LHTFVNWO1 =>Adware.Graftor^ [HKCU\Software\ArenaHD] =>PUP.CrossRider^ [HKCU\Software\Gameo] =>PUP.Gameo^ [HKCU\Software\HighDefAction] =>PUP.CrossRider^ [HKCU\Software\Primary Color] =>Adware.Sambreel^ [HKCU\Software\ProductSetup] =>Adware.InstallCore^ [HKCU\Software\SmileysWeLove] =>Adware.SmileyBar^ [HKCU\Software\Super Optimizer] =>PUP.SuperOptimizer^ [HKCU\Software\TutoTag] =>PUP.AgenceExclusive^ [HKCU\Software\YorkNewCin] =>PUP.CrossRider^ [HKLM\Software\HighDefAction] =>PUP.CrossRider^ [HKLM\Software\LolliScan] =>Adware.Graftor^ [HKLM\Software\Wow6432Node\1483dc53-8c3e-f4a2-39f4-14409ad9da43] =>PUP.CrossRider^ [HKLM\Software\Wow6432Node\HighDefAction] =>PUP.CrossRider^ [HKLM\Software\Wow6432Node\Internet Speed Checker] =>PUP.InternetSpeedChecker^ [HKLM\Software\Wow6432Node\Primary Color] =>Adware.Sambreel^ [HKLM\Software\Wow6432Node\YorkNewCin] =>PUP.CrossRider^ [HKLM\Software\YorkNewCin] =>PUP.CrossRider^ C:\Windows\Reimage.ini =>Rogue.ReimageRepair ~ Additionnel Scan: 358655 Items scanned in 00mn 45s ---\\ Informations complémentaires sur les modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4) ~ AMI: 2 Legitimates Filtered in 00mn 00s ---\\ Récapitulatif des détections trouvées sur votre station http://www.nicolascoolman.fr/blog/ =>PriceMinus http://www.nicolascoolman.fr/blog/ =>PUP.PriceLess http://www.nicolascoolman.fr/blog/ =>PUP.Istart http://nicolascoolman.fr/rogue-reimagerepair =>Rogue.ReimageRepair http://www.nicolascoolman.fr/blog/ =>PUP.SuperClick http://nicolascoolman.fr/pup-kmspico =>PUA.KMSpico http://nicolascoolman.fr/pup-probitsoftware =>PUP.ProbitSoftware http://www.nicolascoolman.fr/blog/ =>PUP.Gameo http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup http://www.nicolascoolman.fr/blog/ =>Adware.Graftor http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo http://www.nicolascoolman.fr/blog/ =>Adware.Sambreel http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore http://nicolascoolman.fr/adware-smileybar =>Adware.SmileyBar http://www.nicolascoolman.fr/blog/ =>PUP.SuperOptimizer http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive http://nicolascoolman.fr/pup-internetspeedchecker =>PUP.InternetSpeedChecker http://www.nicolascoolman.fr/blog/ =>Adware.WebShield http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro http://www.nicolascoolman.fr/blog/ =>PUP.PerformanceOptimizer http://nicolascoolman.fr/pup-v9software =>PUP.V9Software http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster http://www.nicolascoolman.fr/blog/ =>PUP.Conduit ~ MSI: 27 link(s) detected in 00mn 00s ~ 1143 Legitimates filtered by white list End of the scan (764 lines in 05mn 31s)(0.10)