Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ~ Rapport de ZHPDiag v2014.11.3.157 - Nicolas Coolman (03/11/2014)
- ~ Lancé par Vincent (03/11/2014 19:59:17)
- ~ Adresse du Site Web http://nicolascoolman.fr
- ~ Adresse du Forum http://forum.nicolascoolman.fr
- ~ Traduit par Nicolas Coolman
- ~ Etat de la version : Version à jour.
- ~ Liste blanche : Activée par le programme
- ~ Elévation des Privilèges : OK
- ~ User Account Control (UAC): Activate by user
- ---\\ Navigateurs Internet
- MSIE: Internet Explorer v11.0.9600.17358
- MFIE: Mozilla Firefox 32.0.3
- ---\\ Informations sur les produits Windows
- ~ Langage: Français
- Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
- Windows Server License Manager Script : OK
- Software Protection Service (Protection logicielle) : KO
- Windows Automatic Updates : OK
- Windows Activation Technologies : OK
- ---\\ Logiciels de protection du système
- Malwarebytes Anti-Malware version 2.0.3.1025
- Microsoft Security Client v4.6.0305.0
- Spybot - Search & Destroy v2.3.39
- Windows Defender W7 (Deactivate)
- ---\\ Logiciels d'optimisation du système
- CCleaner v4.04
- ---\\ Logiciels de partage PeerToPeer
- Pando Media Booster v2.6.0.7
- qBittorrent 3.1.10 v3.1.10 =>P2P.BitTorrent
- ---\\ Surveillance de Logiciels
- Adobe Flash Player 15 Plugin
- Adobe Reader X
- Java 7 Update 67 (64-bit)
- ---\\ Informations sur le système
- ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
- ~ Operating System: 64 Bits
- Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
- Total RAM: 12258 MB (85% free)
- System Restore: Activé (Enable)
- System drive C: has 209 GB (44%) free of 466 GB
- ---\\ Mode de connexion au système
- ~ Computer Name: THEO-PC
- ~ User Name: Vincent
- ~ All Users Names: Vincent, HomeGroupUser$, Guest, Administrator, Admin,
- ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
- Logged in as Administrator
- ---\\ Variables d'environnement
- ~ System Unit : C:\
- ~ %AppZHP% : C:\Users\Vincent\AppData\Roaming\ZHP\
- ~ %AppData% : C:\Users\Vincent\AppData\Roaming\
- ~ %Desktop% : C:\Users\Vincent\Desktop\
- ~ %Favorites% : C:\Users\Vincent\Favorites\
- ~ %LocalAppData% : C:\Users\Vincent\AppData\Local\
- ~ %StartMenu% : C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\
- ~ %Windir% : C:\Windows\
- ~ %System% : C:\Windows\System32\
- ---\\ Enumération des unités disques
- C: Hard drive, Flash drive, Thumb drive (Free 209 Go of 466 Go)
- D: CD-ROM drive (Not Inserted)
- E: CD-ROM drive (Not Inserted)
- ---\\ Etat du Centre de Sécurité Windows
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
- [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: Modified
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
- ~ Security Center: 47 Legitimates Filtered in 00mn 00s
- ---\\ Recherche particulière de fichiers génériques
- [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
- [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
- [MD5.9D98D4F390F0B14A782F3B931E613A1A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.19/09/2014 - 01:33:18.) -- C:\Windows\System32\wininet.dll [2309632]
- [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
- [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
- [MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
- [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
- [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
- [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
- [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
- [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
- [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
- [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
- [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
- [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
- [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
- [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
- [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
- [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
- [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
- [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
- [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
- ~ Generic Processes: Scanned in 00mn 00s
- ---\\ Etat des fichiers cachés (Caché/Total)
- ~ Mes images (My Pictures) : 2/2197
- ~ Mes Videos (My Videos) : 2/19
- ~ Mes Favoris (My Favorites) : 1/25
- ~ Mes Documents (My Documents) : 2/6300
- ~ Mon Bureau (My Desktop) : 3/35903
- ~ Menu demarrer (Programs) : 1/78
- ~ Hidden Files: Scanned in 01mn 07s
- ---\\ Processus lancés
- [MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.1988]
- [MD5.9ED34A82F8FBF6001F127420834DD793] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8118784] [PID.1840]
- ~ Processes Running: Scanned in 00mn 00s
- ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
- C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Preferences
- G0 - GCSP: Preference [User Data\Default][StartupURLs] http://rocket-find.com/?f=7&a=rckt_tele_14_26_ie&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtCyCtB0EtDtByEtCyByEtN0D0Tzu0SzytCtDtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0ByEyCtCtAzz0FtGyDyD0FtCtG0CyD0DzytGyBtDyDyEtGtA0CyBzy0DzztCyC0E0DtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzzzz0EyCtDtAyEtG0AyEtC0EtGyDzztC0EtG0BtA0BzztGtC0E0EzztDyC0E0B0AtB0E0A2Q&cr=1015898465&ir= =>PUP.RockTurner
- G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
- G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
- G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
- G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
- G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
- ---\\ Liste des dossiers d'extension Google Chrome
- ~ Google Lines Browser: 24 Legitimates Filtered in 00mn 00s
- ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
- P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.27 for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npBitCometAgent.dll =>P2P.BitComet
- ~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s
- ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
- R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com
- ~ IE Browser: 23 Legitimates Filtered in 00mn 00s
- ---\\ Internet Explorer, Proxy Management (R5)
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
- R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
- ~ Proxy management: Scanned in 00mn 00s
- ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
- F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
- F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
- F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
- ~ Keys: Scanned in 00mn 00s
- ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
- F3 - REG:win.ini: load=C:\Users\Vincent\AppData\Local\temp\WorkspaceRuntime\wksprt.exe
- ~ Keys: Scanned in 00mn 00s
- ---\\ Hosts file redirection (O1)
- ~ Le fichier hôte est sain (The hosts file is clean) (15518)
- ~ Hosts File: Scanned in 00mn 05s
- ---\\ Autres liens utilisateurs (O4)
- O4 - GS\QuickLaunch [Vincent]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Vincent\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
- O4 - GS\QuickLaunch [Vincent]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O4 - GS\Desktop [Vincent]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O4 - GS\QuickLaunch [Admin]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.IsStart
- O4 - GS\QuickLaunch [Admin]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O4 - GS\TaskBar [Admin]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.IsStart
- O4 - GS\Program [Admin]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.IsStart
- O4 - GS\SystemTools [Admin]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.IsStart
- O4 - GS\Desktop [Admin]: Gold Barre.lnk . (...) -- C:\Program Files\gold barre\Gold Barre.exe (.not file.) =>Toolbar.GoldBarre
- O4 - GS\Desktop [Admin]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com =>PUP.IsStart
- O4 - GS\Desktop [Admin]: Torntv Downloader.lnk . (...) -- C:\Users\Admin\AppData\Roaming\TornTV.com\TornTV.exe (.not file.) =>Hijacker.TornTV
- O4 - GS\Desktop [Admin]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- ~ Global Startup: 13 Legitimates Filtered in 00mn 06s
- ---\\ Applications lancées au démarrage du système (O4)
- O4 - GS\Startup [Admin]: Gold Barre.lnk . (...) -- C:\Program Files\gold barre\Gold Barre.exe (.not file.) =>Toolbar.GoldBarre
- O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
- O4 - HKCU\..\RunOnce: [*Boot Service Utility] C:\Users\Vincent\AppData\Local\temp\WINDOWS\TEMPARCHIVE\ucsvc.exe (.not file.)
- O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
- O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
- O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
- O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
- O4 - HKUS\S-1-5-21-3564868760-3349109281-229220676-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
- O4 - HKUS\S-1-5-21-3564868760-3349109281-229220676-1000\..\RunOnce: [*Boot Service Utility] C:\Users\Vincent\AppData\Local\temp\WINDOWS\TEMPARCHIVE\ucsvc.exe (.not file.)
- ~ Application: Scanned in 00mn 00s
- ---\\ Modification Domaine/Adresses DNS (O17)
- O17 - HKLM\System\CCS\Services\Tcpip\..\{CD78003C-B49B-4B9E-AC88-8334FA0CEB2D}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
- O17 - HKLM\System\CCS\Services\Tcpip\..\{C01B55C9-27ED-4426-80EF-8F3DFE7195E2}: DhcpNameServer = 212.27.40.240 212.27.40.241
- O17 - HKLM\System\CS1\Services\Tcpip\..\{CD78003C-B49B-4B9E-AC88-8334FA0CEB2D}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
- O17 - HKLM\System\CS1\Services\Tcpip\..\{C01B55C9-27ED-4426-80EF-8F3DFE7195E2}: DhcpNameServer = 212.27.40.240 212.27.40.241
- O17 - HKLM\System\CS2\Services\Tcpip\..\{CD78003C-B49B-4B9E-AC88-8334FA0CEB2D}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
- O17 - HKLM\System\CS2\Services\Tcpip\..\{C01B55C9-27ED-4426-80EF-8F3DFE7195E2}: DhcpNameServer = 212.27.40.240 212.27.40.241
- ~ Domain: Scanned in 00mn 00s
- ---\\ Protocole additionnel (O18)
- O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
- ~ Protocole Additionnel: Scanned in 00mn 00s
- ---\\ Enumère les données de BootExecute (BEX) (O34)
- O34 - HKLM BootExecute: (¤¥lw) - File not found
- ~ BEX: 2 Legitimates Filtered in 00mn 00s
- ---\\ Tâches planifiées en automatique (O39)
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
- O39 - APT: - (..) -- C:\Windows\Tasks\DriverToolkit Autorun.job [362]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\DriverToolkit Autorun [362]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 3 [340]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 5 [336]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3564868760-3349109281-229220676-1000Core [1034]
- O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3564868760-3349109281-229220676-1000UA [1086]
- ~ Scheduled Task: 8 Legitimates Filtered in 00mn 00s
- ---\\ Logiciels installés (O42)
- O42 - Logiciel: AdfBotPro 3.3.1 Final - (.Wss Ltd.) [HKLM][64Bits] -- {E24F9D84-DF31-44A0-BC30-A97C42C99282}
- O42 - Logiciel: Algodoo v2.1.0 - (.Algoryx.) [HKLM][64Bits] -- Algodoo_is1
- O42 - Logiciel: Cash4You version Beta 1.1 - (.Havanna, Inc..) [HKLM][64Bits] -- {BFF06DE4-6892-47D1-A942-331611658D47}_is1
- O42 - Logiciel: Cash4You version Beta 1.2 - (.Havanna, Inc..) [HKLM][64Bits] -- {6D4E0E05-6A35-42FF-BFE8-833EB35FAFF5}_is1
- O42 - Logiciel: Cash4you version Beta 1.0 - (.Havanna, Inc..) [HKLM][64Bits] -- {16A1957A-D873-44EB-AF8D-26E9417A11DA}_is1
- O42 - Logiciel: Cash4you version Beta 1.1 - (.Havanna, Inc..) [HKLM][64Bits] -- {F555A312-2778-47A9-893A-D3067CDFF7A4}_is1
- O42 - Logiciel: Devis Facture Express LIGHT - (.SARL P2F.) [HKLM][64Bits] -- Devis Facture Express LIGHT_is1
- O42 - Logiciel: Gold Barre - (...) [HKLM][64Bits] -- Gold Barre =>Toolbar.GoldBarre
- O42 - Logiciel: PBO Manager v.1.4 beta - (. .) [HKLM][64Bits] -- {127B5371-1802-4EDD-A25A-A43BF761D383}
- O42 - Logiciel: Robocraft - (.Freejam.) [HKLM][64Bits] -- Steam App 301520
- O42 - Logiciel: Setup Generator Pro - (...) [HKLM][64Bits] -- Setup Generator Pro
- O42 - Logiciel: Smart Port Forwarding - (.Brooks Younce Software.) [HKLM][64Bits] -- Smart Port Forwarding
- O42 - Logiciel: Space Engineers - (...) [HKLM][64Bits] -- Steam App 244850
- O42 - Logiciel: Techne - (.ZeuX and r4wk.) [HKCU][64Bits] -- 244a1e8693fd9c7e
- O42 - Logiciel: TexView 2 Uninstall - (...) [HKLM][64Bits] -- TexView 2
- O42 - Logiciel: Unturned - (.Nelson Sexton.) [HKLM][64Bits] -- Steam App 304930
- O42 - Logiciel: Visitor 3 Uninstall - (...) [HKLM][64Bits] -- Visitor 3
- O42 - Logiciel: VoiceAttack - (.VoiceAttack.com.) [HKLM][64Bits] -- {6D027600-7BF6-4074-B64B-ABA638D3A976}
- ~ Logic: 27 Legitimates Filtered in 00mn 00s
- ---\\ HKCU & HKLM Software Keys
- [HKCU\Software\BitComet] =>P2P.BitComet
- [HKCU\Software\Code Industry]
- [HKCU\Software\DefaultCompany]
- [HKCU\Software\Freejam]
- [HKCU\Software\GetPrivate]
- [HKCU\Software\Mouse]
- [HKCU\Software\Obviously Nice]
- [HKCU\Software\Pando Networks]
- [HKCU\Software\Siding]
- [HKCU\Software\Smartly Dressed Games]
- [HKCU\Software\TR12]
- [HKCU\Software\VoiceAttack.com]
- [HKCU\Software\iLLectronic]
- [HKCU\Software\yarpen.cz]
- [HKLM\Software\PBOManager]
- [HKLM\Software\Wow6432Node\IncrediMail]
- [HKLM\Software\Wow6432Node\Pando Networks]
- [HKLM\Software\Wow6432Node\id]
- [HKLM\Software\Wow6432Node\x2goclient]
- ~ Key Software: 639 Legitimates Filtered in 00mn 00s
- ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
- O43 - CFD: 28/06/2014 - 20:44:00 - [] ----D C:\Program Files (x86)\Algodoo
- O43 - CFD: 31/08/2014 - 00:29:38 - [] ----D C:\Program Files (x86)\BF2Hub Client
- O43 - CFD: 14/09/2014 - 13:32:08 - [] ----D C:\Program Files (x86)\Cash4You
- O43 - CFD: 20/10/2014 - 04:02:33 - [] ----D C:\Program Files (x86)\DFELIGHT
- O43 - CFD: 08/08/2013 - 11:38:06 - [] ----D C:\Program Files (x86)\LS_Duhem
- O43 - CFD: 28/10/2011 - 21:44:47 - [] ----D C:\Program Files (x86)\Pando Networks
- O43 - CFD: 12/09/2014 - 19:45:35 - [] ----D C:\Program Files (x86)\Setup Generator Pro
- O43 - CFD: 26/12/2013 - 17:43:56 - [] ----D C:\Program Files (x86)\Smart Port Forwarding
- O43 - CFD: 05/04/2014 - 13:47:07 - [] ----D C:\Program Files (x86)\Teleport Pro
- O43 - CFD: 01/11/2014 - 22:18:23 - [] ----D C:\Program Files (x86)\VoiceAttack
- O43 - CFD: 08/01/2013 - 23:07:22 - [] ----D C:\Program Files (x86)\Wamp backup
- O43 - CFD: 10/09/2014 - 15:50:39 - [0] ----D C:\Program Files (x86)\Wss Ltd
- O43 - CFD: 29/08/2013 - 18:31:43 - [] ----D C:\Program Files (x86)\Common Files\VST2
- O43 - CFD: 16/06/2014 - 17:31:55 - [] ----D C:\ProgramData\662ad8c6a9989723
- O43 - CFD: 21/12/2013 - 15:56:00 - [] ----D C:\ProgramData\Generator
- O43 - CFD: 31/10/2014 - 05:04:43 - [0] ----D C:\ProgramData\LumaEmu_SteamCloud
- O43 - CFD: 15/11/2013 - 22:49:16 - [0] ----D C:\ProgramData\SpeedBit
- O43 - CFD: 20/09/2013 - 23:16:33 - [] ----D C:\Users\Vincent\AppData\Roaming\.aether
- O43 - CFD: 16/05/2014 - 23:07:47 - [] ----D C:\Users\Vincent\AppData\Roaming\.DeepCraft
- O43 - CFD: 02/09/2014 - 17:38:07 - [] ----D C:\Users\Vincent\AppData\Roaming\.StarMade
- O43 - CFD: 02/11/2013 - 01:21:50 - [] ----D C:\Users\Vincent\AppData\Roaming\.technic
- O43 - CFD: 09/03/2013 - 14:53:24 - [] ----D C:\Users\Vincent\AppData\Roaming\BitComet =>P2P.BitComet
- O43 - CFD: 20/10/2014 - 04:02:52 - [] ----D C:\Users\Vincent\AppData\Roaming\Devis_Facture_Express_Light_Datas
- O43 - CFD: 20/10/2014 - 04:02:52 - [] ----D C:\Users\Vincent\AppData\Roaming\Devis_Facture_Express_Light_User
- O43 - CFD: 12/07/2014 - 18:39:56 - [] ----D C:\Users\Vincent\AppData\Roaming\OBS - Copie
- O43 - CFD: 15/05/2014 - 19:30:23 - [] ----D C:\Users\Vincent\AppData\Roaming\Spiritsoft
- O43 - CFD: 01/11/2014 - 15:28:42 - [] ----D C:\Users\Vincent\AppData\Roaming\VoiceAttack
- O43 - CFD: 22/06/2013 - 12:33:43 - [] ----D C:\Users\Vincent\AppData\Local\28050
- O43 - CFD: 05/10/2013 - 12:55:54 - [] ----D C:\Users\Vincent\AppData\Local\ACCCx2_1_2_232
- O43 - CFD: 06/05/2014 - 23:05:30 - [] ----D C:\Users\Vincent\AppData\Local\Arma2NET
- O43 - CFD: 05/05/2014 - 23:23:16 - [] ----D C:\Users\Vincent\AppData\Local\PboM
- O43 - CFD: 22/10/2014 - 12:00:36 - [0] ----D C:\Users\Vincent\AppData\Local\Techne
- O43 - CFD: 01/11/2014 - 15:23:15 - [] ----D C:\Users\Vincent\AppData\Local\VoiceAttack.com
- O43 - CFD: 03/06/2014 - 20:47:01 - [] ----D C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
- O43 - CFD: 09/12/2013 - 18:44:52 - [0] ----D C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MMSSTV
- O43 - CFD: 05/05/2014 - 23:16:12 - [] ----D C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PBO Manager
- O43 - CFD: 05/04/2014 - 13:47:05 - [0] ----D C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Teleport Pro
- O43 - CFD: 02/10/2013 - 15:16:01 - [] ----D C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZeuX and r4wk
- ~ 378 Dossier CLSID vide (CLSID Empty Folder)
- ~ Program Folder: 839 Legitimates Filtered in 00mn 20s
- ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
- O44 - LFC:[MD5.2EC56E11D99AFAD1E6FBA39BE82DF172] - 02/11/2014 - 02:32:09 --H-- . (...) -- C:\Windows\System32\v.bat [384]
- O44 - LFC:[MD5.BE578A754077B7B2DD9F1FD0D23CEC2D] - 03/11/2014 - 19:11:35 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [21008]
- O44 - LFC:[MD5.BE578A754077B7B2DD9F1FD0D23CEC2D] - 03/11/2014 - 19:11:35 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [21008]
- O44 - LFC:[MD5.908B184763F5C3220B1EE683DD804924] - 03/11/2014 - 19:16:17 ---A- . (...) -- C:\Windows\ntbtlog.txt [602442]
- O44 - LFC:[MD5.417EFDD49625ADC5772F8B3577F9C194] - 03/11/2014 - 19:46:07 ----- . (...) -- C:\bootsqm.dat [3360]
- ~ Files: 39 Legitimates Filtered in 01mn 06s
- ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
- O51 - MPSK:{9ab8a211-7544-11e3-9d00-8c89a5162e02}\AutoRun\command. (...) -- F:\iStudio.exe (.not file.)
- O51 - MPSK:{9ddf21d5-f794-11e0-8593-8c89a5162e02}\AutoRun\command. (...) -- F:\Installer.exe (.not file.)
- ~ Keys: Scanned in 00mn 00s
- ---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
- O52 - TDSD: \Drivers32\"VIDC.TMB2"="tmb2-v64.dll" . (...) -- C:\Windows\System32\tmb2-v64.dll
- O52 - TDSD: \drivers.desc\"tmb2-v64.dll"="PlayClaw 5 video decoder 64" . (...) -- C:\Windows\System32\tmb2-v64.dll
- ~ TDSD: 6 Legitimates Filtered in 00mn 00s
- ---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
- O53 - SMSR:HKLM\...\startupreg\Overwolf [Key] . (...) -- C:\Program Files (x86)\Overwolf\Overwolf.exe (.not file.)
- O53 - SMSR:HKLM\...\startupreg\Pando Media Booster [Key] . (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
- O53 - SMSR:HKLM\...\startupreg\Wondershare Helper Compact.exe [Key] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
- ~ SMSR Keys: 30 Legitimates Filtered in 00mn 00s
- ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
- O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
- O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
- ~ MWPS: 16 Legitimates Filtered in 00mn 00s
- ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
- O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
- ~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s
- ---\\ Liste des pilotes du système (SDL) (O58)
- O58 - SDL:21/02/2011 - 10:09:14 ---A- . (.Pas de propriétaire - NDIS 6.0 Filter Driver.) -- C:\Windows\System32\Drivers\anodlwfx.sys [15872]
- O58 - SDL:19/10/2011 - 14:14:29 ---A- . (...) -- C:\Windows\System32\Drivers\atksgt.sys [314016]
- O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
- O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
- O58 - SDL:09/06/2014 - 09:41:00 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [180136]
- O58 - SDL:16/05/2012 - 10:15:12 ---A- . (.Pas de propriétaire - iLok Kernel Driver.) -- C:\Windows\System32\Drivers\iLokDrvr.sys [25752]
- O58 - SDL:19/10/2011 - 14:14:28 ---A- . (...) -- C:\Windows\System32\Drivers\lirsgt.sys [43680]
- O58 - SDL:01/03/2013 - 02:49:12 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600]
- O58 - SDL:29/08/2013 - 16:49:06 ---A- . (.NoMachine - NoMachine Audio Adapter.) -- C:\Windows\System32\Drivers\nxaudio.sys [17920]
- O58 - SDL:11/12/2012 - 14:48:54 ---A- . (.NoMachine Sarl - NoMachine Display Adapter.) -- C:\Windows\System32\Drivers\nxdm.sys [29696]
- O58 - SDL:12/11/2013 - 17:53:16 ---A- . (.NoMachine - NoMachine USB Adapter.) -- C:\Windows\System32\Drivers\nxusbh.sys [68096]
- O58 - SDL:04/11/2013 - 17:52:18 ---A- . (.NoMachine - NoMachine USB Host Adapter.) -- C:\Windows\System32\Drivers\nxusbs.sys [10240]
- O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
- O58 - SDL:24/03/2014 - 21:12:06 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
- O58 - SDL:02/08/2011 - 16:38:56 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [51712]
- ~ Drivers: 87 Legitimates Filtered in 00mn 05s
- ---\\ Liste des outils de désinfection (LATC) (O63)
- O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
- O63 - Logiciel: ZHPFix 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 =>.Nicolas Coolman
- O63 - Logiciel: RSIT - (.random/random.)
- ~ ADS: Scanned in 00mn 00s
- ---\\ Associations Shell Spawning (O67)
- O67 - Shell Spawning: <.exe> <exefile>[HKCU\..\open\Command] (.Not Key.)
- O67 - Shell Spawning: <.html> <ChromeHTML.7WU7FQKJC7JPEIGREOGTKOSTIU>[HKCU\..\open\Command] (.Not Key.)
- ~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
- ---\\ Menu de démarrage Internet (SMI) (O68)
- O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- chrome.exe (.not file.)
- O68 - StartMenuInternet: <Google Chrome.7WU7FQKJC7JPEIGREOGTKOSTIU> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
- O68 - StartMenuInternet: <Google Chrome.LTAPCNZFOQBNSNGO56BBVT5FPA> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
- O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
- O68 - StartMenuInternet: <Rocket.LTAPCNZFOQBNSNGO56BBVT5FPA> <Rocket>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Admin\AppData\Local\Rocket\Application\rocket.exe (.not file.) =>PUP.RockTurner
- ~ Keys: Scanned in 00mn 00s
- ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
- O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
- O69 - SBI: SearchScopes [HKCU] {1F41A625-69C1-4851-B149-AF6A2AD28666} - (Search.us) - http://search.us.com =>PUP.StartSearch
- O69 - SBI: SearchScopes [HKCU] {85AA8878-F03A-414D-B8FF-1F6C997B68BC} - (Yahoo!) - http://search.yahoo.com
- O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
- O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
- ~ Keys: Scanned in 00mn 00s
- ---\\ Recherche particulière à la racine du système (SPRF) (O84)
- [MD5.DD89B12A21223EE65709C540BEEB4D36] [SPRF][21/10/2014] (...) -- C:\Users\Vincent\AppData\Roaming\AdobeWLCMCache.dat [34]
- [MD5.8EEFB353F71DCFE3931BCA6D990C59C6] [SPRF][13/11/2013] (...) -- C:\Users\Vincent\AppData\Roaming\die.bat [91]
- [MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF][08/08/2013] (...) -- C:\Users\Vincent\AppData\Roaming\inst.exe [99384]
- [MD5.1D5485D6020EF9324C4811AE476B784B] [SPRF][18/04/2013] (.www.thebotnet.com - AdFly bot v5.) -- C:\Users\Vincent\Desktop\AdFly bot v5.exe [137728]
- [MD5.B22F34E2737E66BF3DD60D6C716CF28F] [SPRF][19/10/2013] (...) -- C:\Users\Vincent\Desktop\AMIDST-3.4.exe [975932]
- [MD5.1F74BBE2157962E839CE3A733A82B785] [SPRF][18/01/2014] (.Draziak & SnipeZz_Qc © - Arma 3 Pingas Launcher.) -- C:\Users\Vincent\Desktop\Arma 3 Pingas Launcher (2).exe [622592]
- [MD5.3E1DE04B63D85542BB2DAE6E78B7AF9D] [SPRF][24/09/2014] (.Pas de propriétaire - CashEurosBOT.) -- C:\Users\Vincent\Desktop\CashEurosBOT Release 2.1.exe [419328]
- [MD5.5ED81C10CA2A456664F68CB9C0FEBA5A] [SPRF][05/08/2013] (...) -- C:\Users\Vincent\Desktop\CrackMe.exe [30906]
- [MD5.6F225190DB6905A15298282EC381FC7F] [SPRF][18/07/2011] (...) -- C:\Users\Vincent\Desktop\CrackMe1.exe [13824]
- [MD5.83B3F4E16D64248568F79BAC67ED1A17] [SPRF][10/12/2012] (.Pas de propriétaire - Flooder V3.) -- C:\Users\Vincent\Desktop\Flooder v5.exe [671232]
- [MD5.B95BF6E70584D7B79D7089CD24F3128D] [SPRF][08/01/2011] (...) -- C:\Users\Vincent\Desktop\iView Fur U v3!.exe [491363]
- [MD5.254160D9B9287BFF589B6246F99D8EEC] [SPRF][09/09/2014] (...) -- C:\Users\Vincent\Desktop\IyQoe.bat [522]
- [MD5.47BA654BB0059C8CD94BEBDB5B45EDC4] [SPRF][17/10/2012] (...) -- C:\Users\Vincent\Desktop\jd-gui.exe [809472]
- [MD5.4720235220ACAE235B2881F190AB0C21] [SPRF][25/10/2014] (.Pas de propriétaire - Setup.) -- C:\Users\Vincent\Desktop\Launcher-Involved.exe [497576]
- [MD5.E899F1C5B292A0ECF6E8E19B302B622C] [SPRF][08/10/2014] (.Pas de propriétaire - FTB_Launcher.) -- C:\Users\Vincent\Desktop\launcher^FTB_Launcher.exe [4980105]
- [MD5.3C166BAE84553D4CB27AF8ABDC61712D] [SPRF][08/08/2013] (...) -- C:\Users\Vincent\Desktop\Minecraft.exe [675988]
- [MD5.FC3B3C1EB479EEED42B538977299FD08] [SPRF][12/09/2014] (.Pas de propriétaire - MoneyGenerator.) -- C:\Users\Vincent\Desktop\MoneyGenerator.exe [544768]
- [MD5.AF5B90F9A9BC151D50F58CCBFC632EB5] [SPRF][25/04/2010] (.Pas de propriétaire - NamedBinaryTag.) -- C:\Users\Vincent\Desktop\NamedBinaryTag.dll [28672]
- [MD5.90D9972CF48C3542D4B59F32E2AD6185] [SPRF][09/06/2010] (.Pas de propriétaire - NBTedit.) -- C:\Users\Vincent\Desktop\NBTedit.exe [118784]
- [MD5.A0FD647AE0DE91F4F16B20934C5B9674] [SPRF][07/06/2007] (.Home - PboView.) -- C:\Users\Vincent\Desktop\PboView.exe [69632]
- [MD5.0409809D67CC2D02F1F11A61187B9DE0] [SPRF][11/10/2014] (.Pas de propriétaire - Technic Launcher.) -- C:\Users\Vincent\Desktop\TechnicLauncher.exe [2346942]
- [MD5.8011DBB766E03FD2A13F5A6A1B736BC8] [SPRF][29/07/2014] (...) -- C:\Users\Vincent\Desktop\test.reg [169]
- [MD5.6CEEC4E37D463A707198FB754B25316C] [SPRF][06/06/2007] (...) -- C:\Users\Vincent\Desktop\texture.dll [364544]
- [MD5.2EC56E11D99AFAD1E6FBA39BE82DF172] [SPRF][09/09/2014] (...) -- C:\Users\Vincent\Desktop\v.bat [384]
- [MD5.38FA6A234B3B6D51C8C720CA9B006828] [SPRF][15/11/2013] (...) -- C:\Users\Vincent\Desktop\va32.exe [11324104]
- ~ Files: 29 Legitimates Filtered in 00mn 00s
- ---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
- O87 - FAEL: "{0A7CE180-5BA7-4FC1-95EB-324E14BA4322}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Vincent\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "{7C0B293A-527F-456B-985C-EB258F3A9C64}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Vincent\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "{C0EB0505-4EB5-4804-9EFF-E185BB78AF6E}" | In - Domain - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "{E11B6DF1-1F86-4BAE-8744-555D84328DA9}" | In - Domain - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "{D211E74A-16E0-46CD-8CA7-BCFBD7FED64E}" | In - Domain - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "TCP Query User{0BD7D9BB-BDF4-4F03-88EB-BFB3C7A34B81}C:\users\vincent\appdata\roaming\utorrent\updates\3.4.1_31139.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\vincent\appdata\roaming\utorrent\updates\3.4.1_31139.exe =>P2P.BitTorrent
- O87 - FAEL: "UDP Query User{DEF2C2E4-3FB0-489B-B52C-30E1818B34D5}C:\users\vincent\appdata\roaming\utorrent\updates\3.4.1_31139.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\vincent\appdata\roaming\utorrent\updates\3.4.1_31139.exe =>P2P.BitTorrent
- O87 - FAEL: "{33164E19-72BF-4012-B08F-3A20626CADCC}" | In - Domain - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "{7545EEF7-FA97-409D-B82B-9E00303E909D}" | In - Domain - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "{9F39E5E5-2E8D-4022-9931-3E5CCF60F52C}" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "{0954241F-8997-4485-8423-40F13C547881}" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "{6B9E25C6-A541-40BC-979B-BC98EA564AB4}" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "{6778F31D-EBEF-4225-BE86-293E6C638BC1}" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "{2C080C22-5941-49F2-8762-584A7013C946}" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "{90F8E67E-F2C8-4440-B344-E2DF8A625655}" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "{189A6A81-05FA-43EF-8439-5F314800FEE2}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- O87 - FAEL: "{19FA8A71-33E5-4B5C-92B1-E546D35938A6}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
- ~ Firewall: 17 Legitimates Filtered in 00mn 03s
- ---\\ Recherche de clés de registre Tracing (O100)
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_RASAPI32 =>P2P.BitComet
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_RASMANCS =>P2P.BitComet
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_stats_RASAPI32 =>P2P.BitComet
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_stats_RASMANCS =>P2P.BitComet
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bittorrent_bittorrent_7_RASAPI32 =>P2P.BitTorrent
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bittorrent_bittorrent_7_RASMANCS =>P2P.BitTorrent
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FastPlayer_RASAPI32 =>PUP.FastPlayer
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FastPlayer_RASMANCS =>PUP.FastPlayer
- ~ BTK: 468 Legitimates Filtered in 00mn 00s
- ---\\ Recherche de clés de registre CLSID (O101)
- [HKCR\CLSID\{E7513E10-C980-6686-EF49-FEDD29EB561A}] (ShoppingChip) =>Adware.ShoppingChip
- ~ BCK: 5470 Legitimates Filtered in 00mn 04s
- ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
- SS - | Disabled 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
- SS - | Disabled 29/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- SS - | Disabled 24/10/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
- SS - | Disabled 22/03/2014 49152 | (BEService) . (...) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
- SS - | Disabled 12/07/2010 53248 | (D_Link_DWA-140_WPS) . (...) - C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
- SS - | Disabled 19/12/2013 1677080 | (GS In-Game Service) . (.ClanServers Hosting LLC.) - C:\Program Files (x86)\GameTracker\GSInGameService.exe
- SS - | Disabled 07/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
- SS - | Disabled 07/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
- SS - | Disabled 04/09/2014 2525008 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
- SS - | Disabled 13/02/2013 731648 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
- SS - | Disabled 13/02/2013 820184 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
- SS - | Disabled 13/06/2013 357144 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
- SS - | Disabled 08/08/2014 377616 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
- SS - | Auto 01/10/2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
- SS - | Auto 01/10/2014 968504 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
- SS - | Disabled 29/09/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
- SS - | Disabled 26/04/2014 14243 | (MySQL56) . (...) - C:\ProgramData\MySQL\MySQL Server 5.6\my.ini
- SS - | Auto 18/06/2014 328832 | (nlsvc) . (.Locktime Software.) - C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
- SS - | Disabled 09/08/2014 1721800 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
- SS - | Disabled 16/10/2014 933064 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
- SS - | Disabled 18/05/2012 2938880 | (PaceLicenseDServices) . (.PACE Anti-Piracy, Inc..) - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
- SS - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
- SS - | Disabled 01/03/2013 118520 | (rpcapd) . (.Riverbed Technology, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe
- SS - | Disabled 25/04/2014 1738200 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
- SS - | Disabled 25/04/2014 2081752 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
- SS - | Disabled 25/04/2014 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
- SS - | Demand 21/10/2014 833728 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
- SS - | Disabled 16/10/2014 410952 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
- SS - | Disabled 25/04/2014 5024576 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
- SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
- SS - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
- SS - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
- SR - | Auto 22/08/2014 23784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
- ~ Services: Scanned in 00mn 10s
- ---\\ Scan Additionnel (O88)
- Database Version : 13026 - (03/11/2014)
- Clés trouvées (Keys found) : 7
- Valeurs trouvées (Values found) : 13
- Dossiers trouvés (Folders found) : 1
- Fichiers trouvés (Files found) : 2
- [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gold Barre] =>Toolbar.GoldBarre^
- [HKLM\Software\Classes\Toolbar3.SBCONVERT] =>Toolbar.Agent
- [HKLM\Software\Classes\Toolbar3.SBCONVERT.1] =>Toolbar.Agent
- [HKLM\Software\Wow6432Node\Classes\Toolbar3.SBCONVERT] =>Toolbar.Agent
- [HKLM\Software\Wow6432Node\Classes\Toolbar3.SBCONVERT.1] =>Toolbar.Agent
- [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
- [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
- C:\Users\Vincent\AppData\Roaming\BitComet =>P2P.BitComet^
- [HKCU\Software\BitComet] =>P2P.BitComet^
- [HKCR\CLSID\{E7513E10-C980-6686-EF49-FEDD29EB561A}] (ShoppingChip) =>Adware.ShoppingChip^
- ~ Additionnel Scan: 440265 Items scanned in 01mn 14s
- ---\\ Informations complémentaires sur les modules
- ~ http://nicolascoolman.fr/g0-page-de-demarrage-google-chrome/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
- ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
- ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
- ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
- ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
- ~ AMI: 5 Legitimates Filtered in 00mn 00s
- ---\\ Récapitulatif des détections trouvées sur votre station
- http://nicolascoolman.fr/pup-rockturner =>PUP.RockTurner
- http://nicolascoolman.fr/pup-isstart =>PUP.IsStart
- http://www.nicolascoolman.fr/blog/ =>Toolbar.GoldBarre
- http://nicolascoolman.fr/hijacker-torntv =>Hijacker.TornTV
- http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
- http://www.nicolascoolman.fr/blog/ =>PUP.FastPlayer
- http://nicolascoolman.fr/adware-shoppingchip =>Adware.ShoppingChip
- http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
- http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
- ~ MSI: 9 link(s) detected in 00mn 00s
- ~ 1752 Legitimates filtered by white list
- End of the scan (602 lines in 04mn 47s)(0)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement