Advertisement
Guest User

Untitled

a guest
Nov 3rd, 2014
1,064
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 44.42 KB | None | 0 0
  1. ~ Rapport de ZHPDiag v2014.11.3.157 - Nicolas Coolman (03/11/2014)
  2. ~ Lancé par Vincent (03/11/2014 19:59:17)
  3. ~ Adresse du Site Web http://nicolascoolman.fr
  4. ~ Adresse du Forum http://forum.nicolascoolman.fr
  5. ~ Traduit par Nicolas Coolman
  6. ~ Etat de la version : Version à jour.
  7. ~ Liste blanche : Activée par le programme
  8. ~ Elévation des Privilèges : OK
  9. ~ User Account Control (UAC): Activate by user
  10.  
  11.  
  12. ---\\ Navigateurs Internet
  13. MSIE: Internet Explorer v11.0.9600.17358
  14. MFIE: Mozilla Firefox 32.0.3
  15.  
  16. ---\\ Informations sur les produits Windows
  17. ~ Langage: Français
  18. Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
  19. Windows Server License Manager Script : OK
  20. Software Protection Service (Protection logicielle) : KO
  21. Windows Automatic Updates : OK
  22. Windows Activation Technologies : OK
  23.  
  24. ---\\ Logiciels de protection du système
  25. Malwarebytes Anti-Malware version 2.0.3.1025
  26. Microsoft Security Client v4.6.0305.0
  27. Spybot - Search & Destroy v2.3.39
  28. Windows Defender W7 (Deactivate)
  29.  
  30. ---\\ Logiciels d'optimisation du système
  31. CCleaner v4.04
  32.  
  33. ---\\ Logiciels de partage PeerToPeer
  34. Pando Media Booster v2.6.0.7
  35. qBittorrent 3.1.10 v3.1.10 =>P2P.BitTorrent
  36.  
  37. ---\\ Surveillance de Logiciels
  38. Adobe Flash Player 15 Plugin
  39. Adobe Reader X
  40. Java 7 Update 67 (64-bit)
  41.  
  42. ---\\ Informations sur le système
  43. ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
  44. ~ Operating System: 64 Bits
  45. Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
  46. Total RAM: 12258 MB (85% free)
  47. System Restore: Activé (Enable)
  48. System drive C: has 209 GB (44%) free of 466 GB
  49.  
  50. ---\\ Mode de connexion au système
  51. ~ Computer Name: THEO-PC
  52. ~ User Name: Vincent
  53. ~ All Users Names: Vincent, HomeGroupUser$, Guest, Administrator, Admin,
  54. ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
  55. Logged in as Administrator
  56.  
  57. ---\\ Variables d'environnement
  58. ~ System Unit : C:\
  59. ~ %AppZHP% : C:\Users\Vincent\AppData\Roaming\ZHP\
  60. ~ %AppData% : C:\Users\Vincent\AppData\Roaming\
  61. ~ %Desktop% : C:\Users\Vincent\Desktop\
  62. ~ %Favorites% : C:\Users\Vincent\Favorites\
  63. ~ %LocalAppData% : C:\Users\Vincent\AppData\Local\
  64. ~ %StartMenu% : C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\
  65. ~ %Windir% : C:\Windows\
  66. ~ %System% : C:\Windows\System32\
  67.  
  68. ---\\ Enumération des unités disques
  69. C: Hard drive, Flash drive, Thumb drive (Free 209 Go of 466 Go)
  70. D: CD-ROM drive (Not Inserted)
  71. E: CD-ROM drive (Not Inserted)
  72.  
  73.  
  74.  
  75. ---\\ Etat du Centre de Sécurité Windows
  76. [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
  77. [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: Modified
  78. [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
  79. ~ Security Center: 47 Legitimates Filtered in 00mn 00s
  80.  
  81.  
  82.  
  83. ---\\ Recherche particulière de fichiers génériques
  84. [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
  85. [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
  86. [MD5.9D98D4F390F0B14A782F3B931E613A1A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.19/09/2014 - 01:33:18.) -- C:\Windows\System32\wininet.dll [2309632]
  87. [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
  88. [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
  89. [MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
  90. [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
  91. [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
  92. [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
  93. [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
  94. [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
  95. [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
  96. [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
  97. [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
  98. [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
  99. [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
  100. [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
  101. [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
  102. [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
  103. [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
  104. [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
  105. [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
  106. ~ Generic Processes: Scanned in 00mn 00s
  107.  
  108.  
  109.  
  110. ---\\ Etat des fichiers cachés (Caché/Total)
  111. ~ Mes images (My Pictures) : 2/2197
  112. ~ Mes Videos (My Videos) : 2/19
  113. ~ Mes Favoris (My Favorites) : 1/25
  114. ~ Mes Documents (My Documents) : 2/6300
  115. ~ Mon Bureau (My Desktop) : 3/35903
  116. ~ Menu demarrer (Programs) : 1/78
  117. ~ Hidden Files: Scanned in 01mn 07s
  118.  
  119.  
  120.  
  121. ---\\ Processus lancés
  122. [MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.1988]
  123. [MD5.9ED34A82F8FBF6001F127420834DD793] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8118784] [PID.1840]
  124. ~ Processes Running: Scanned in 00mn 00s
  125.  
  126.  
  127.  
  128. ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
  129. C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Preferences
  130. G0 - GCSP: Preference [User Data\Default][StartupURLs] http://rocket-find.com/?f=7&a=rckt_tele_14_26_ie&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtCyCtB0EtDtByEtCyByEtN0D0Tzu0SzytCtDtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0ByEyCtCtAzz0FtGyDyD0FtCtG0CyD0DzytGyBtDyDyEtGtA0CyBzy0DzztCyC0E0DtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzzzz0EyCtDtAyEtG0AyEtC0EtGyDzztC0EtG0BtA0BzztGtC0E0EzztDyC0E0B0AtB0E0A2Q&cr=1015898465&ir= =>PUP.RockTurner
  131. G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
  132. G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
  133. G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
  134. G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
  135. G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
  136.  
  137. ---\\ Liste des dossiers d'extension Google Chrome
  138. ~ Google Lines Browser: 24 Legitimates Filtered in 00mn 00s
  139.  
  140.  
  141.  
  142. ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
  143. P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.27 for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npBitCometAgent.dll =>P2P.BitComet
  144. ~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s
  145.  
  146.  
  147.  
  148. ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
  149. R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com
  150. ~ IE Browser: 23 Legitimates Filtered in 00mn 00s
  151.  
  152.  
  153.  
  154. ---\\ Internet Explorer, Proxy Management (R5)
  155. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  156. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
  157. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
  158. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
  159. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
  160. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
  161. ~ Proxy management: Scanned in 00mn 00s
  162.  
  163.  
  164.  
  165. ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
  166. F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
  167. F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
  168. F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
  169. ~ Keys: Scanned in 00mn 00s
  170.  
  171.  
  172.  
  173. ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
  174. F3 - REG:win.ini: load=C:\Users\Vincent\AppData\Local\temp\WorkspaceRuntime\wksprt.exe
  175. ~ Keys: Scanned in 00mn 00s
  176.  
  177.  
  178.  
  179. ---\\ Hosts file redirection (O1)
  180. ~ Le fichier hôte est sain (The hosts file is clean) (15518)
  181. ~ Hosts File: Scanned in 00mn 05s
  182.  
  183.  
  184.  
  185. ---\\ Autres liens utilisateurs (O4)
  186. O4 - GS\QuickLaunch [Vincent]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Vincent\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
  187. O4 - GS\QuickLaunch [Vincent]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  188. O4 - GS\Desktop [Vincent]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  189. O4 - GS\QuickLaunch [Admin]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.IsStart
  190. O4 - GS\QuickLaunch [Admin]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  191. O4 - GS\TaskBar [Admin]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.IsStart
  192. O4 - GS\Program [Admin]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.IsStart
  193. O4 - GS\SystemTools [Admin]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.IsStart
  194. O4 - GS\Desktop [Admin]: Gold Barre.lnk . (...) -- C:\Program Files\gold barre\Gold Barre.exe (.not file.) =>Toolbar.GoldBarre
  195. O4 - GS\Desktop [Admin]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com =>PUP.IsStart
  196. O4 - GS\Desktop [Admin]: Torntv Downloader.lnk . (...) -- C:\Users\Admin\AppData\Roaming\TornTV.com\TornTV.exe (.not file.) =>Hijacker.TornTV
  197. O4 - GS\Desktop [Admin]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  198. ~ Global Startup: 13 Legitimates Filtered in 00mn 06s
  199.  
  200.  
  201.  
  202. ---\\ Applications lancées au démarrage du système (O4)
  203. O4 - GS\Startup [Admin]: Gold Barre.lnk . (...) -- C:\Program Files\gold barre\Gold Barre.exe (.not file.) =>Toolbar.GoldBarre
  204. O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
  205. O4 - HKCU\..\RunOnce: [*Boot Service Utility] C:\Users\Vincent\AppData\Local\temp\WINDOWS\TEMPARCHIVE\ucsvc.exe (.not file.)
  206. O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
  207. O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
  208. O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
  209. O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
  210. O4 - HKUS\S-1-5-21-3564868760-3349109281-229220676-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
  211. O4 - HKUS\S-1-5-21-3564868760-3349109281-229220676-1000\..\RunOnce: [*Boot Service Utility] C:\Users\Vincent\AppData\Local\temp\WINDOWS\TEMPARCHIVE\ucsvc.exe (.not file.)
  212. ~ Application: Scanned in 00mn 00s
  213.  
  214.  
  215.  
  216. ---\\ Modification Domaine/Adresses DNS (O17)
  217. O17 - HKLM\System\CCS\Services\Tcpip\..\{CD78003C-B49B-4B9E-AC88-8334FA0CEB2D}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
  218. O17 - HKLM\System\CCS\Services\Tcpip\..\{C01B55C9-27ED-4426-80EF-8F3DFE7195E2}: DhcpNameServer = 212.27.40.240 212.27.40.241
  219. O17 - HKLM\System\CS1\Services\Tcpip\..\{CD78003C-B49B-4B9E-AC88-8334FA0CEB2D}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
  220. O17 - HKLM\System\CS1\Services\Tcpip\..\{C01B55C9-27ED-4426-80EF-8F3DFE7195E2}: DhcpNameServer = 212.27.40.240 212.27.40.241
  221. O17 - HKLM\System\CS2\Services\Tcpip\..\{CD78003C-B49B-4B9E-AC88-8334FA0CEB2D}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
  222. O17 - HKLM\System\CS2\Services\Tcpip\..\{C01B55C9-27ED-4426-80EF-8F3DFE7195E2}: DhcpNameServer = 212.27.40.240 212.27.40.241
  223. ~ Domain: Scanned in 00mn 00s
  224.  
  225.  
  226.  
  227. ---\\ Protocole additionnel (O18)
  228. O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
  229. O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
  230. ~ Protocole Additionnel: Scanned in 00mn 00s
  231.  
  232.  
  233.  
  234. ---\\ Enumère les données de BootExecute (BEX) (O34)
  235. O34 - HKLM BootExecute: (¤¥lw) - File not found
  236. ~ BEX: 2 Legitimates Filtered in 00mn 00s
  237.  
  238.  
  239.  
  240. ---\\ Tâches planifiées en automatique (O39)
  241. O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
  242. O39 - APT: - (..) -- C:\Windows\Tasks\DriverToolkit Autorun.job [362]
  243. O39 - APT: - (..) -- C:\Windows\System32\Tasks\DriverToolkit Autorun [362]
  244. O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 3 [340]
  245. O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 5 [336]
  246. O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
  247. O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
  248. O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3564868760-3349109281-229220676-1000Core [1034]
  249. O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3564868760-3349109281-229220676-1000UA [1086]
  250. ~ Scheduled Task: 8 Legitimates Filtered in 00mn 00s
  251.  
  252.  
  253.  
  254. ---\\ Logiciels installés (O42)
  255. O42 - Logiciel: AdfBotPro 3.3.1 Final - (.Wss Ltd.) [HKLM][64Bits] -- {E24F9D84-DF31-44A0-BC30-A97C42C99282}
  256. O42 - Logiciel: Algodoo v2.1.0 - (.Algoryx.) [HKLM][64Bits] -- Algodoo_is1
  257. O42 - Logiciel: Cash4You version Beta 1.1 - (.Havanna, Inc..) [HKLM][64Bits] -- {BFF06DE4-6892-47D1-A942-331611658D47}_is1
  258. O42 - Logiciel: Cash4You version Beta 1.2 - (.Havanna, Inc..) [HKLM][64Bits] -- {6D4E0E05-6A35-42FF-BFE8-833EB35FAFF5}_is1
  259. O42 - Logiciel: Cash4you version Beta 1.0 - (.Havanna, Inc..) [HKLM][64Bits] -- {16A1957A-D873-44EB-AF8D-26E9417A11DA}_is1
  260. O42 - Logiciel: Cash4you version Beta 1.1 - (.Havanna, Inc..) [HKLM][64Bits] -- {F555A312-2778-47A9-893A-D3067CDFF7A4}_is1
  261. O42 - Logiciel: Devis Facture Express LIGHT - (.SARL P2F.) [HKLM][64Bits] -- Devis Facture Express LIGHT_is1
  262. O42 - Logiciel: Gold Barre - (...) [HKLM][64Bits] -- Gold Barre =>Toolbar.GoldBarre
  263. O42 - Logiciel: PBO Manager v.1.4 beta - (. .) [HKLM][64Bits] -- {127B5371-1802-4EDD-A25A-A43BF761D383}
  264. O42 - Logiciel: Robocraft - (.Freejam.) [HKLM][64Bits] -- Steam App 301520
  265. O42 - Logiciel: Setup Generator Pro - (...) [HKLM][64Bits] -- Setup Generator Pro
  266. O42 - Logiciel: Smart Port Forwarding - (.Brooks Younce Software.) [HKLM][64Bits] -- Smart Port Forwarding
  267. O42 - Logiciel: Space Engineers - (...) [HKLM][64Bits] -- Steam App 244850
  268. O42 - Logiciel: Techne - (.ZeuX and r4wk.) [HKCU][64Bits] -- 244a1e8693fd9c7e
  269. O42 - Logiciel: TexView 2 Uninstall - (...) [HKLM][64Bits] -- TexView 2
  270. O42 - Logiciel: Unturned - (.Nelson Sexton.) [HKLM][64Bits] -- Steam App 304930
  271. O42 - Logiciel: Visitor 3 Uninstall - (...) [HKLM][64Bits] -- Visitor 3
  272. O42 - Logiciel: VoiceAttack - (.VoiceAttack.com.) [HKLM][64Bits] -- {6D027600-7BF6-4074-B64B-ABA638D3A976}
  273. ~ Logic: 27 Legitimates Filtered in 00mn 00s
  274.  
  275.  
  276.  
  277. ---\\ HKCU & HKLM Software Keys
  278. [HKCU\Software\BitComet] =>P2P.BitComet
  279. [HKCU\Software\Code Industry]
  280. [HKCU\Software\DefaultCompany]
  281. [HKCU\Software\Freejam]
  282. [HKCU\Software\GetPrivate]
  283. [HKCU\Software\Mouse]
  284. [HKCU\Software\Obviously Nice]
  285. [HKCU\Software\Pando Networks]
  286. [HKCU\Software\Siding]
  287. [HKCU\Software\Smartly Dressed Games]
  288. [HKCU\Software\TR12]
  289. [HKCU\Software\VoiceAttack.com]
  290. [HKCU\Software\iLLectronic]
  291. [HKCU\Software\yarpen.cz]
  292. [HKLM\Software\PBOManager]
  293. [HKLM\Software\Wow6432Node\IncrediMail]
  294. [HKLM\Software\Wow6432Node\Pando Networks]
  295. [HKLM\Software\Wow6432Node\id]
  296. [HKLM\Software\Wow6432Node\x2goclient]
  297. ~ Key Software: 639 Legitimates Filtered in 00mn 00s
  298.  
  299.  
  300.  
  301. ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
  302. O43 - CFD: 28/06/2014 - 20:44:00 - [] ----D C:\Program Files (x86)\Algodoo
  303. O43 - CFD: 31/08/2014 - 00:29:38 - [] ----D C:\Program Files (x86)\BF2Hub Client
  304. O43 - CFD: 14/09/2014 - 13:32:08 - [] ----D C:\Program Files (x86)\Cash4You
  305. O43 - CFD: 20/10/2014 - 04:02:33 - [] ----D C:\Program Files (x86)\DFELIGHT
  306. O43 - CFD: 08/08/2013 - 11:38:06 - [] ----D C:\Program Files (x86)\LS_Duhem
  307. O43 - CFD: 28/10/2011 - 21:44:47 - [] ----D C:\Program Files (x86)\Pando Networks
  308. O43 - CFD: 12/09/2014 - 19:45:35 - [] ----D C:\Program Files (x86)\Setup Generator Pro
  309. O43 - CFD: 26/12/2013 - 17:43:56 - [] ----D C:\Program Files (x86)\Smart Port Forwarding
  310. O43 - CFD: 05/04/2014 - 13:47:07 - [] ----D C:\Program Files (x86)\Teleport Pro
  311. O43 - CFD: 01/11/2014 - 22:18:23 - [] ----D C:\Program Files (x86)\VoiceAttack
  312. O43 - CFD: 08/01/2013 - 23:07:22 - [] ----D C:\Program Files (x86)\Wamp backup
  313. O43 - CFD: 10/09/2014 - 15:50:39 - [0] ----D C:\Program Files (x86)\Wss Ltd
  314. O43 - CFD: 29/08/2013 - 18:31:43 - [] ----D C:\Program Files (x86)\Common Files\VST2
  315. O43 - CFD: 16/06/2014 - 17:31:55 - [] ----D C:\ProgramData\662ad8c6a9989723
  316. O43 - CFD: 21/12/2013 - 15:56:00 - [] ----D C:\ProgramData\Generator
  317. O43 - CFD: 31/10/2014 - 05:04:43 - [0] ----D C:\ProgramData\LumaEmu_SteamCloud
  318. O43 - CFD: 15/11/2013 - 22:49:16 - [0] ----D C:\ProgramData\SpeedBit
  319. O43 - CFD: 20/09/2013 - 23:16:33 - [] ----D C:\Users\Vincent\AppData\Roaming\.aether
  320. O43 - CFD: 16/05/2014 - 23:07:47 - [] ----D C:\Users\Vincent\AppData\Roaming\.DeepCraft
  321. O43 - CFD: 02/09/2014 - 17:38:07 - [] ----D C:\Users\Vincent\AppData\Roaming\.StarMade
  322. O43 - CFD: 02/11/2013 - 01:21:50 - [] ----D C:\Users\Vincent\AppData\Roaming\.technic
  323. O43 - CFD: 09/03/2013 - 14:53:24 - [] ----D C:\Users\Vincent\AppData\Roaming\BitComet =>P2P.BitComet
  324. O43 - CFD: 20/10/2014 - 04:02:52 - [] ----D C:\Users\Vincent\AppData\Roaming\Devis_Facture_Express_Light_Datas
  325. O43 - CFD: 20/10/2014 - 04:02:52 - [] ----D C:\Users\Vincent\AppData\Roaming\Devis_Facture_Express_Light_User
  326. O43 - CFD: 12/07/2014 - 18:39:56 - [] ----D C:\Users\Vincent\AppData\Roaming\OBS - Copie
  327. O43 - CFD: 15/05/2014 - 19:30:23 - [] ----D C:\Users\Vincent\AppData\Roaming\Spiritsoft
  328. O43 - CFD: 01/11/2014 - 15:28:42 - [] ----D C:\Users\Vincent\AppData\Roaming\VoiceAttack
  329. O43 - CFD: 22/06/2013 - 12:33:43 - [] ----D C:\Users\Vincent\AppData\Local\28050
  330. O43 - CFD: 05/10/2013 - 12:55:54 - [] ----D C:\Users\Vincent\AppData\Local\ACCCx2_1_2_232
  331. O43 - CFD: 06/05/2014 - 23:05:30 - [] ----D C:\Users\Vincent\AppData\Local\Arma2NET
  332. O43 - CFD: 05/05/2014 - 23:23:16 - [] ----D C:\Users\Vincent\AppData\Local\PboM
  333. O43 - CFD: 22/10/2014 - 12:00:36 - [0] ----D C:\Users\Vincent\AppData\Local\Techne
  334. O43 - CFD: 01/11/2014 - 15:23:15 - [] ----D C:\Users\Vincent\AppData\Local\VoiceAttack.com
  335. O43 - CFD: 03/06/2014 - 20:47:01 - [] ----D C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
  336. O43 - CFD: 09/12/2013 - 18:44:52 - [0] ----D C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MMSSTV
  337. O43 - CFD: 05/05/2014 - 23:16:12 - [] ----D C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PBO Manager
  338. O43 - CFD: 05/04/2014 - 13:47:05 - [0] ----D C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Teleport Pro
  339. O43 - CFD: 02/10/2013 - 15:16:01 - [] ----D C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZeuX and r4wk
  340. ~ 378 Dossier CLSID vide (CLSID Empty Folder)
  341. ~ Program Folder: 839 Legitimates Filtered in 00mn 20s
  342.  
  343.  
  344.  
  345. ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
  346. O44 - LFC:[MD5.2EC56E11D99AFAD1E6FBA39BE82DF172] - 02/11/2014 - 02:32:09 --H-- . (...) -- C:\Windows\System32\v.bat [384]
  347. O44 - LFC:[MD5.BE578A754077B7B2DD9F1FD0D23CEC2D] - 03/11/2014 - 19:11:35 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [21008]
  348. O44 - LFC:[MD5.BE578A754077B7B2DD9F1FD0D23CEC2D] - 03/11/2014 - 19:11:35 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [21008]
  349. O44 - LFC:[MD5.908B184763F5C3220B1EE683DD804924] - 03/11/2014 - 19:16:17 ---A- . (...) -- C:\Windows\ntbtlog.txt [602442]
  350. O44 - LFC:[MD5.417EFDD49625ADC5772F8B3577F9C194] - 03/11/2014 - 19:46:07 ----- . (...) -- C:\bootsqm.dat [3360]
  351. ~ Files: 39 Legitimates Filtered in 01mn 06s
  352.  
  353.  
  354.  
  355. ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
  356. O51 - MPSK:{9ab8a211-7544-11e3-9d00-8c89a5162e02}\AutoRun\command. (...) -- F:\iStudio.exe (.not file.)
  357. O51 - MPSK:{9ddf21d5-f794-11e0-8593-8c89a5162e02}\AutoRun\command. (...) -- F:\Installer.exe (.not file.)
  358. ~ Keys: Scanned in 00mn 00s
  359.  
  360.  
  361.  
  362. ---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
  363. O52 - TDSD: \Drivers32\"VIDC.TMB2"="tmb2-v64.dll" . (...) -- C:\Windows\System32\tmb2-v64.dll
  364. O52 - TDSD: \drivers.desc\"tmb2-v64.dll"="PlayClaw 5 video decoder 64" . (...) -- C:\Windows\System32\tmb2-v64.dll
  365. ~ TDSD: 6 Legitimates Filtered in 00mn 00s
  366.  
  367.  
  368.  
  369. ---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
  370. O53 - SMSR:HKLM\...\startupreg\Overwolf [Key] . (...) -- C:\Program Files (x86)\Overwolf\Overwolf.exe (.not file.)
  371. O53 - SMSR:HKLM\...\startupreg\Pando Media Booster [Key] . (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
  372. O53 - SMSR:HKLM\...\startupreg\Wondershare Helper Compact.exe [Key] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
  373. ~ SMSR Keys: 30 Legitimates Filtered in 00mn 00s
  374.  
  375.  
  376.  
  377. ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
  378. O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
  379. O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
  380. ~ MWPS: 16 Legitimates Filtered in 00mn 00s
  381.  
  382.  
  383.  
  384. ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
  385. O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
  386. ~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s
  387.  
  388.  
  389.  
  390. ---\\ Liste des pilotes du système (SDL) (O58)
  391. O58 - SDL:21/02/2011 - 10:09:14 ---A- . (.Pas de propriétaire - NDIS 6.0 Filter Driver.) -- C:\Windows\System32\Drivers\anodlwfx.sys [15872]
  392. O58 - SDL:19/10/2011 - 14:14:29 ---A- . (...) -- C:\Windows\System32\Drivers\atksgt.sys [314016]
  393. O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
  394. O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
  395. O58 - SDL:09/06/2014 - 09:41:00 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [180136]
  396. O58 - SDL:16/05/2012 - 10:15:12 ---A- . (.Pas de propriétaire - iLok Kernel Driver.) -- C:\Windows\System32\Drivers\iLokDrvr.sys [25752]
  397. O58 - SDL:19/10/2011 - 14:14:28 ---A- . (...) -- C:\Windows\System32\Drivers\lirsgt.sys [43680]
  398. O58 - SDL:01/03/2013 - 02:49:12 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600]
  399. O58 - SDL:29/08/2013 - 16:49:06 ---A- . (.NoMachine - NoMachine Audio Adapter.) -- C:\Windows\System32\Drivers\nxaudio.sys [17920]
  400. O58 - SDL:11/12/2012 - 14:48:54 ---A- . (.NoMachine Sarl - NoMachine Display Adapter.) -- C:\Windows\System32\Drivers\nxdm.sys [29696]
  401. O58 - SDL:12/11/2013 - 17:53:16 ---A- . (.NoMachine - NoMachine USB Adapter.) -- C:\Windows\System32\Drivers\nxusbh.sys [68096]
  402. O58 - SDL:04/11/2013 - 17:52:18 ---A- . (.NoMachine - NoMachine USB Host Adapter.) -- C:\Windows\System32\Drivers\nxusbs.sys [10240]
  403. O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
  404. O58 - SDL:24/03/2014 - 21:12:06 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
  405. O58 - SDL:02/08/2011 - 16:38:56 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [51712]
  406. ~ Drivers: 87 Legitimates Filtered in 00mn 05s
  407.  
  408.  
  409.  
  410. ---\\ Liste des outils de désinfection (LATC) (O63)
  411. O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
  412. O63 - Logiciel: ZHPFix 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 =>.Nicolas Coolman
  413. O63 - Logiciel: RSIT - (.random/random.)
  414. ~ ADS: Scanned in 00mn 00s
  415.  
  416.  
  417.  
  418. ---\\ Associations Shell Spawning (O67)
  419. O67 - Shell Spawning: <.exe> <exefile>[HKCU\..\open\Command] (.Not Key.)
  420. O67 - Shell Spawning: <.html> <ChromeHTML.7WU7FQKJC7JPEIGREOGTKOSTIU>[HKCU\..\open\Command] (.Not Key.)
  421. ~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
  422.  
  423.  
  424.  
  425. ---\\ Menu de démarrage Internet (SMI) (O68)
  426. O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  427. O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- chrome.exe (.not file.)
  428. O68 - StartMenuInternet: <Google Chrome.7WU7FQKJC7JPEIGREOGTKOSTIU> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
  429. O68 - StartMenuInternet: <Google Chrome.LTAPCNZFOQBNSNGO56BBVT5FPA> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
  430. O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  431. O68 - StartMenuInternet: <Rocket.LTAPCNZFOQBNSNGO56BBVT5FPA> <Rocket>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Admin\AppData\Local\Rocket\Application\rocket.exe (.not file.) =>PUP.RockTurner
  432. ~ Keys: Scanned in 00mn 00s
  433.  
  434.  
  435.  
  436. ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
  437. O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
  438. O69 - SBI: SearchScopes [HKCU] {1F41A625-69C1-4851-B149-AF6A2AD28666} - (Search.us) - http://search.us.com =>PUP.StartSearch
  439. O69 - SBI: SearchScopes [HKCU] {85AA8878-F03A-414D-B8FF-1F6C997B68BC} - (Yahoo!) - http://search.yahoo.com
  440. O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
  441. O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
  442. ~ Keys: Scanned in 00mn 00s
  443.  
  444.  
  445.  
  446. ---\\ Recherche particulière à la racine du système (SPRF) (O84)
  447. [MD5.DD89B12A21223EE65709C540BEEB4D36] [SPRF][21/10/2014] (...) -- C:\Users\Vincent\AppData\Roaming\AdobeWLCMCache.dat [34]
  448. [MD5.8EEFB353F71DCFE3931BCA6D990C59C6] [SPRF][13/11/2013] (...) -- C:\Users\Vincent\AppData\Roaming\die.bat [91]
  449. [MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF][08/08/2013] (...) -- C:\Users\Vincent\AppData\Roaming\inst.exe [99384]
  450. [MD5.1D5485D6020EF9324C4811AE476B784B] [SPRF][18/04/2013] (.www.thebotnet.com - AdFly bot v5.) -- C:\Users\Vincent\Desktop\AdFly bot v5.exe [137728]
  451. [MD5.B22F34E2737E66BF3DD60D6C716CF28F] [SPRF][19/10/2013] (...) -- C:\Users\Vincent\Desktop\AMIDST-3.4.exe [975932]
  452. [MD5.1F74BBE2157962E839CE3A733A82B785] [SPRF][18/01/2014] (.Draziak & SnipeZz_Qc © - Arma 3 Pingas Launcher.) -- C:\Users\Vincent\Desktop\Arma 3 Pingas Launcher (2).exe [622592]
  453. [MD5.3E1DE04B63D85542BB2DAE6E78B7AF9D] [SPRF][24/09/2014] (.Pas de propriétaire - CashEurosBOT.) -- C:\Users\Vincent\Desktop\CashEurosBOT Release 2.1.exe [419328]
  454. [MD5.5ED81C10CA2A456664F68CB9C0FEBA5A] [SPRF][05/08/2013] (...) -- C:\Users\Vincent\Desktop\CrackMe.exe [30906]
  455. [MD5.6F225190DB6905A15298282EC381FC7F] [SPRF][18/07/2011] (...) -- C:\Users\Vincent\Desktop\CrackMe1.exe [13824]
  456. [MD5.83B3F4E16D64248568F79BAC67ED1A17] [SPRF][10/12/2012] (.Pas de propriétaire - Flooder V3.) -- C:\Users\Vincent\Desktop\Flooder v5.exe [671232]
  457. [MD5.B95BF6E70584D7B79D7089CD24F3128D] [SPRF][08/01/2011] (...) -- C:\Users\Vincent\Desktop\iView Fur U v3!.exe [491363]
  458. [MD5.254160D9B9287BFF589B6246F99D8EEC] [SPRF][09/09/2014] (...) -- C:\Users\Vincent\Desktop\IyQoe.bat [522]
  459. [MD5.47BA654BB0059C8CD94BEBDB5B45EDC4] [SPRF][17/10/2012] (...) -- C:\Users\Vincent\Desktop\jd-gui.exe [809472]
  460. [MD5.4720235220ACAE235B2881F190AB0C21] [SPRF][25/10/2014] (.Pas de propriétaire - Setup.) -- C:\Users\Vincent\Desktop\Launcher-Involved.exe [497576]
  461. [MD5.E899F1C5B292A0ECF6E8E19B302B622C] [SPRF][08/10/2014] (.Pas de propriétaire - FTB_Launcher.) -- C:\Users\Vincent\Desktop\launcher^FTB_Launcher.exe [4980105]
  462. [MD5.3C166BAE84553D4CB27AF8ABDC61712D] [SPRF][08/08/2013] (...) -- C:\Users\Vincent\Desktop\Minecraft.exe [675988]
  463. [MD5.FC3B3C1EB479EEED42B538977299FD08] [SPRF][12/09/2014] (.Pas de propriétaire - MoneyGenerator.) -- C:\Users\Vincent\Desktop\MoneyGenerator.exe [544768]
  464. [MD5.AF5B90F9A9BC151D50F58CCBFC632EB5] [SPRF][25/04/2010] (.Pas de propriétaire - NamedBinaryTag.) -- C:\Users\Vincent\Desktop\NamedBinaryTag.dll [28672]
  465. [MD5.90D9972CF48C3542D4B59F32E2AD6185] [SPRF][09/06/2010] (.Pas de propriétaire - NBTedit.) -- C:\Users\Vincent\Desktop\NBTedit.exe [118784]
  466. [MD5.A0FD647AE0DE91F4F16B20934C5B9674] [SPRF][07/06/2007] (.Home - PboView.) -- C:\Users\Vincent\Desktop\PboView.exe [69632]
  467. [MD5.0409809D67CC2D02F1F11A61187B9DE0] [SPRF][11/10/2014] (.Pas de propriétaire - Technic Launcher.) -- C:\Users\Vincent\Desktop\TechnicLauncher.exe [2346942]
  468. [MD5.8011DBB766E03FD2A13F5A6A1B736BC8] [SPRF][29/07/2014] (...) -- C:\Users\Vincent\Desktop\test.reg [169]
  469. [MD5.6CEEC4E37D463A707198FB754B25316C] [SPRF][06/06/2007] (...) -- C:\Users\Vincent\Desktop\texture.dll [364544]
  470. [MD5.2EC56E11D99AFAD1E6FBA39BE82DF172] [SPRF][09/09/2014] (...) -- C:\Users\Vincent\Desktop\v.bat [384]
  471. [MD5.38FA6A234B3B6D51C8C720CA9B006828] [SPRF][15/11/2013] (...) -- C:\Users\Vincent\Desktop\va32.exe [11324104]
  472. ~ Files: 29 Legitimates Filtered in 00mn 00s
  473.  
  474.  
  475.  
  476. ---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
  477. O87 - FAEL: "{0A7CE180-5BA7-4FC1-95EB-324E14BA4322}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Vincent\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
  478. O87 - FAEL: "{7C0B293A-527F-456B-985C-EB258F3A9C64}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Vincent\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
  479. O87 - FAEL: "{C0EB0505-4EB5-4804-9EFF-E185BB78AF6E}" | In - Domain - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  480. O87 - FAEL: "{E11B6DF1-1F86-4BAE-8744-555D84328DA9}" | In - Domain - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  481. O87 - FAEL: "{D211E74A-16E0-46CD-8CA7-BCFBD7FED64E}" | In - Domain - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  482. O87 - FAEL: "TCP Query User{0BD7D9BB-BDF4-4F03-88EB-BFB3C7A34B81}C:\users\vincent\appdata\roaming\utorrent\updates\3.4.1_31139.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\vincent\appdata\roaming\utorrent\updates\3.4.1_31139.exe =>P2P.BitTorrent
  483. O87 - FAEL: "UDP Query User{DEF2C2E4-3FB0-489B-B52C-30E1818B34D5}C:\users\vincent\appdata\roaming\utorrent\updates\3.4.1_31139.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\vincent\appdata\roaming\utorrent\updates\3.4.1_31139.exe =>P2P.BitTorrent
  484. O87 - FAEL: "{33164E19-72BF-4012-B08F-3A20626CADCC}" | In - Domain - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  485. O87 - FAEL: "{7545EEF7-FA97-409D-B82B-9E00303E909D}" | In - Domain - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  486. O87 - FAEL: "{9F39E5E5-2E8D-4022-9931-3E5CCF60F52C}" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  487. O87 - FAEL: "{0954241F-8997-4485-8423-40F13C547881}" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  488. O87 - FAEL: "{6B9E25C6-A541-40BC-979B-BC98EA564AB4}" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  489. O87 - FAEL: "{6778F31D-EBEF-4225-BE86-293E6C638BC1}" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  490. O87 - FAEL: "{2C080C22-5941-49F2-8762-584A7013C946}" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  491. O87 - FAEL: "{90F8E67E-F2C8-4440-B344-E2DF8A625655}" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  492. O87 - FAEL: "{189A6A81-05FA-43EF-8439-5F314800FEE2}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  493. O87 - FAEL: "{19FA8A71-33E5-4B5C-92B1-E546D35938A6}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  494. ~ Firewall: 17 Legitimates Filtered in 00mn 03s
  495.  
  496.  
  497.  
  498. ---\\ Recherche de clés de registre Tracing (O100)
  499. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_RASAPI32 =>P2P.BitComet
  500. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_RASMANCS =>P2P.BitComet
  501. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_stats_RASAPI32 =>P2P.BitComet
  502. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_stats_RASMANCS =>P2P.BitComet
  503. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bittorrent_bittorrent_7_RASAPI32 =>P2P.BitTorrent
  504. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bittorrent_bittorrent_7_RASMANCS =>P2P.BitTorrent
  505. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
  506. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
  507. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FastPlayer_RASAPI32 =>PUP.FastPlayer
  508. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FastPlayer_RASMANCS =>PUP.FastPlayer
  509. ~ BTK: 468 Legitimates Filtered in 00mn 00s
  510.  
  511.  
  512.  
  513. ---\\ Recherche de clés de registre CLSID (O101)
  514. [HKCR\CLSID\{E7513E10-C980-6686-EF49-FEDD29EB561A}] (ShoppingChip) =>Adware.ShoppingChip
  515. ~ BCK: 5470 Legitimates Filtered in 00mn 04s
  516.  
  517.  
  518.  
  519. ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
  520. SS - | Disabled 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
  521. SS - | Disabled 29/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  522. SS - | Disabled 24/10/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  523. SS - | Disabled 22/03/2014 49152 | (BEService) . (...) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
  524. SS - | Disabled 12/07/2010 53248 | (D_Link_DWA-140_WPS) . (...) - C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
  525. SS - | Disabled 19/12/2013 1677080 | (GS In-Game Service) . (.ClanServers Hosting LLC.) - C:\Program Files (x86)\GameTracker\GSInGameService.exe
  526. SS - | Disabled 07/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  527. SS - | Disabled 07/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  528. SS - | Disabled 04/09/2014 2525008 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
  529. SS - | Disabled 13/02/2013 731648 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
  530. SS - | Disabled 13/02/2013 820184 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
  531. SS - | Disabled 13/06/2013 357144 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
  532. SS - | Disabled 08/08/2014 377616 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
  533. SS - | Auto 01/10/2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
  534. SS - | Auto 01/10/2014 968504 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
  535. SS - | Disabled 29/09/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
  536. SS - | Disabled 26/04/2014 14243 | (MySQL56) . (...) - C:\ProgramData\MySQL\MySQL Server 5.6\my.ini
  537. SS - | Auto 18/06/2014 328832 | (nlsvc) . (.Locktime Software.) - C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
  538. SS - | Disabled 09/08/2014 1721800 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
  539. SS - | Disabled 16/10/2014 933064 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
  540. SS - | Disabled 18/05/2012 2938880 | (PaceLicenseDServices) . (.PACE Anti-Piracy, Inc..) - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
  541. SS - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
  542. SS - | Disabled 01/03/2013 118520 | (rpcapd) . (.Riverbed Technology, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe
  543. SS - | Disabled 25/04/2014 1738200 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
  544. SS - | Disabled 25/04/2014 2081752 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
  545. SS - | Disabled 25/04/2014 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
  546. SS - | Demand 21/10/2014 833728 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
  547. SS - | Disabled 16/10/2014 410952 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  548. SS - | Disabled 25/04/2014 5024576 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
  549. SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
  550. SS - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
  551. SS - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
  552. SR - | Auto 22/08/2014 23784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
  553. ~ Services: Scanned in 00mn 10s
  554.  
  555.  
  556.  
  557. ---\\ Scan Additionnel (O88)
  558. Database Version : 13026 - (03/11/2014)
  559. Clés trouvées (Keys found) : 7
  560. Valeurs trouvées (Values found) : 13
  561. Dossiers trouvés (Folders found) : 1
  562. Fichiers trouvés (Files found) : 2
  563.  
  564. [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gold Barre] =>Toolbar.GoldBarre^
  565. [HKLM\Software\Classes\Toolbar3.SBCONVERT] =>Toolbar.Agent
  566. [HKLM\Software\Classes\Toolbar3.SBCONVERT.1] =>Toolbar.Agent
  567. [HKLM\Software\Wow6432Node\Classes\Toolbar3.SBCONVERT] =>Toolbar.Agent
  568. [HKLM\Software\Wow6432Node\Classes\Toolbar3.SBCONVERT.1] =>Toolbar.Agent
  569. [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
  570. [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
  571. C:\Users\Vincent\AppData\Roaming\BitComet =>P2P.BitComet^
  572. [HKCU\Software\BitComet] =>P2P.BitComet^
  573. [HKCR\CLSID\{E7513E10-C980-6686-EF49-FEDD29EB561A}] (ShoppingChip) =>Adware.ShoppingChip^
  574. ~ Additionnel Scan: 440265 Items scanned in 01mn 14s
  575.  
  576.  
  577.  
  578. ---\\ Informations complémentaires sur les modules
  579. ~ http://nicolascoolman.fr/g0-page-de-demarrage-google-chrome/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
  580. ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
  581. ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
  582. ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
  583. ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
  584. ~ AMI: 5 Legitimates Filtered in 00mn 00s
  585.  
  586.  
  587.  
  588. ---\\ Récapitulatif des détections trouvées sur votre station
  589. http://nicolascoolman.fr/pup-rockturner =>PUP.RockTurner
  590. http://nicolascoolman.fr/pup-isstart =>PUP.IsStart
  591. http://www.nicolascoolman.fr/blog/ =>Toolbar.GoldBarre
  592. http://nicolascoolman.fr/hijacker-torntv =>Hijacker.TornTV
  593. http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
  594. http://www.nicolascoolman.fr/blog/ =>PUP.FastPlayer
  595. http://nicolascoolman.fr/adware-shoppingchip =>Adware.ShoppingChip
  596. http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
  597. http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
  598. ~ MSI: 9 link(s) detected in 00mn 00s
  599.  
  600.  
  601.  
  602. ~ 1752 Legitimates filtered by white list
  603. End of the scan (602 lines in 04mn 47s)(0)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement