API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 3rd, 2014
1,074
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 44.42 KB | None | 0 0
raw download clone embed print report
  1. ~ Rapport de ZHPDiag v2014.11.3.157 - Nicolas Coolman (03/11/2014)
  2. ~ Lancé par Vincent (03/11/2014 19:59:17)
  3. ~ Adresse du Site Web http://nicolascoolman.fr
  4. ~ Adresse du Forum http://forum.nicolascoolman.fr
  5. ~ Traduit par Nicolas Coolman
  6. ~ Etat de la version : Version à jour.
  7. ~ Liste blanche : Activée par le programme
  8. ~ Elévation des Privilèges : OK
  9. ~ User Account Control (UAC): Activate by user
  10.  
  11.  
  12. ---\\ Navigateurs Internet
  13. MSIE: Internet Explorer v11.0.9600.17358
  14. MFIE: Mozilla Firefox 32.0.3
  15.  
  16. ---\\ Informations sur les produits Windows
  17. ~ Langage: Français
  18. Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
  19. Windows Server License Manager Script : OK
  20. Software Protection Service (Protection logicielle) : KO
  21. Windows Automatic Updates : OK
  22. Windows Activation Technologies : OK
  23.  
  24. ---\\ Logiciels de protection du système
  25. Malwarebytes Anti-Malware version 2.0.3.1025
  26. Microsoft Security Client v4.6.0305.0
  27. Spybot - Search & Destroy v2.3.39
  28. Windows Defender W7 (Deactivate)
  29.  
  30. ---\\ Logiciels d'optimisation du système
  31. CCleaner v4.04
  32.  
  33. ---\\ Logiciels de partage PeerToPeer
  34. Pando Media Booster v2.6.0.7
  35. qBittorrent 3.1.10 v3.1.10 =>P2P.BitTorrent
  36.  
  37. ---\\ Surveillance de Logiciels
  38. Adobe Flash Player 15 Plugin
  39. Adobe Reader X
  40. Java 7 Update 67 (64-bit)
  41.  
  42. ---\\ Informations sur le système
  43. ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
  44. ~ Operating System: 64 Bits
  45. Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
  46. Total RAM: 12258 MB (85% free)
  47. System Restore: Activé (Enable)
  48. System drive C: has 209 GB (44%) free of 466 GB
  49.  
  50. ---\\ Mode de connexion au système
  51. ~ Computer Name: THEO-PC
  52. ~ User Name: Vincent
  53. ~ All Users Names: Vincent, HomeGroupUser$, Guest, Administrator, Admin,
  54. ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
  55. Logged in as Administrator
  56.  
  57. ---\\ Variables d'environnement
  58. ~ System Unit : C:\
  59. ~ %AppZHP% : C:\Users\Vincent\AppData\Roaming\ZHP\
  60. ~ %AppData% : C:\Users\Vincent\AppData\Roaming\
  61. ~ %Desktop% : C:\Users\Vincent\Desktop\
  62. ~ %Favorites% : C:\Users\Vincent\Favorites\
  63. ~ %LocalAppData% : C:\Users\Vincent\AppData\Local\
  64. ~ %StartMenu% : C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\
  65. ~ %Windir% : C:\Windows\
  66. ~ %System% : C:\Windows\System32\
  67.  
  68. ---\\ Enumération des unités disques
  69. C: Hard drive, Flash drive, Thumb drive (Free 209 Go of 466 Go)
  70. D: CD-ROM drive (Not Inserted)
  71. E: CD-ROM drive (Not Inserted)
  72.  
  73.  
  74.  
  75. ---\\ Etat du Centre de Sécurité Windows
  76. [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
  77. [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: Modified
  78. [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
  79. ~ Security Center: 47 Legitimates Filtered in 00mn 00s
  80.  
  81.  
  82.  
  83. ---\\ Recherche particulière de fichiers génériques
  84. [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
  85. [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
  86. [MD5.9D98D4F390F0B14A782F3B931E613A1A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.19/09/2014 - 01:33:18.) -- C:\Windows\System32\wininet.dll [2309632]
  87. [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
  88. [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
  89. [MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
  90. [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
  91. [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
  92. [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
  93. [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
  94. [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
  95. [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
  96. [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
  97. [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
  98. [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
  99. [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
  100. [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
  101. [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
  102. [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
  103. [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
  104. [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
  105. [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
  106. ~ Generic Processes: Scanned in 00mn 00s
  107.  
  108.  
  109.  
  110. ---\\ Etat des fichiers cachés (Caché/Total)
  111. ~ Mes images (My Pictures) : 2/2197
  112. ~ Mes Videos (My Videos) : 2/19
  113. ~ Mes Favoris (My Favorites) : 1/25
  114. ~ Mes Documents (My Documents) : 2/6300
  115. ~ Mon Bureau (My Desktop) : 3/35903
  116. ~ Menu demarrer (Programs) : 1/78
  117. ~ Hidden Files: Scanned in 01mn 07s
  118.  
  119.  
  120.  
  121. ---\\ Processus lancés
  122. [MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.1988]
  123. [MD5.9ED34A82F8FBF6001F127420834DD793] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8118784] [PID.1840]
  124. ~ Processes Running: Scanned in 00mn 00s
  125.  
  126.  
  127.  
  128. ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
  129. C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Preferences
  130. G0 - GCSP: Preference [User Data\Default][StartupURLs] http://rocket-find.com/?f=7&a=rckt_tele_14_26_ie&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtCyCtB0EtDtByEtCyByEtN0D0Tzu0SzytCtDtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0ByEyCtCtAzz0FtGyDyD0FtCtG0CyD0DzytGyBtDyDyEtGtA0CyBzy0DzztCyC0E0DtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzzzz0EyCtDtAyEtG0AyEtC0EtGyDzztC0EtG0BtA0BzztGtC0E0EzztDyC0E0B0AtB0E0A2Q&cr=1015898465&ir= =>PUP.RockTurner
  131. G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
  132. G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
  133. G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
  134. G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
  135. G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
  136.  
  137. ---\\ Liste des dossiers d'extension Google Chrome
  138. ~ Google Lines Browser: 24 Legitimates Filtered in 00mn 00s
  139.  
  140.  
  141.  
  142. ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
  143. P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.27 for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npBitCometAgent.dll =>P2P.BitComet
  144. ~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s
  145.  
  146.  
  147.  
  148. ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
  149. R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com
  150. ~ IE Browser: 23 Legitimates Filtered in 00mn 00s
  151.  
  152.  
  153.  
  154. ---\\ Internet Explorer, Proxy Management (R5)
  155. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  156. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
  157. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
  158. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
  159. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
  160. R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
  161. ~ Proxy management: Scanned in 00mn 00s
  162.  
  163.  
  164.  
  165. ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
  166. F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
  167. F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
  168. F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
  169. ~ Keys: Scanned in 00mn 00s
  170.  
  171.  
  172.  
  173. ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
  174. F3 - REG:win.ini: load=C:\Users\Vincent\AppData\Local\temp\WorkspaceRuntime\wksprt.exe
  175. ~ Keys: Scanned in 00mn 00s
  176.  
  177.  
  178.  
  179. ---\\ Hosts file redirection (O1)
  180. ~ Le fichier hôte est sain (The hosts file is clean) (15518)
  181. ~ Hosts File: Scanned in 00mn 05s
  182.  
  183.  
  184.  
  185. ---\\ Autres liens utilisateurs (O4)
  186. O4 - GS\QuickLaunch [Vincent]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Vincent\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
  187. O4 - GS\QuickLaunch [Vincent]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  188. O4 - GS\Desktop [Vincent]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  189. O4 - GS\QuickLaunch [Admin]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.IsStart
  190. O4 - GS\QuickLaunch [Admin]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  191. O4 - GS\TaskBar [Admin]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.IsStart
  192. O4 - GS\Program [Admin]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.IsStart
  193. O4 - GS\SystemTools [Admin]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.IsStart
  194. O4 - GS\Desktop [Admin]: Gold Barre.lnk . (...) -- C:\Program Files\gold barre\Gold Barre.exe (.not file.) =>Toolbar.GoldBarre
  195. O4 - GS\Desktop [Admin]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com =>PUP.IsStart
  196. O4 - GS\Desktop [Admin]: Torntv Downloader.lnk . (...) -- C:\Users\Admin\AppData\Roaming\TornTV.com\TornTV.exe (.not file.) =>Hijacker.TornTV
  197. O4 - GS\Desktop [Admin]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  198. ~ Global Startup: 13 Legitimates Filtered in 00mn 06s
  199.  
  200.  
  201.  
  202. ---\\ Applications lancées au démarrage du système (O4)
  203. O4 - GS\Startup [Admin]: Gold Barre.lnk . (...) -- C:\Program Files\gold barre\Gold Barre.exe (.not file.) =>Toolbar.GoldBarre
  204. O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
  205. O4 - HKCU\..\RunOnce: [*Boot Service Utility] C:\Users\Vincent\AppData\Local\temp\WINDOWS\TEMPARCHIVE\ucsvc.exe (.not file.)
  206. O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
  207. O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
  208. O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
  209. O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
  210. O4 - HKUS\S-1-5-21-3564868760-3349109281-229220676-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
  211. O4 - HKUS\S-1-5-21-3564868760-3349109281-229220676-1000\..\RunOnce: [*Boot Service Utility] C:\Users\Vincent\AppData\Local\temp\WINDOWS\TEMPARCHIVE\ucsvc.exe (.not file.)
  212. ~ Application: Scanned in 00mn 00s
  213.  
  214.  
  215.  
  216. ---\\ Modification Domaine/Adresses DNS (O17)
  217. O17 - HKLM\System\CCS\Services\Tcpip\..\{CD78003C-B49B-4B9E-AC88-8334FA0CEB2D}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
  218. O17 - HKLM\System\CCS\Services\Tcpip\..\{C01B55C9-27ED-4426-80EF-8F3DFE7195E2}: DhcpNameServer = 212.27.40.240 212.27.40.241
  219. O17 - HKLM\System\CS1\Services\Tcpip\..\{CD78003C-B49B-4B9E-AC88-8334FA0CEB2D}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
  220. O17 - HKLM\System\CS1\Services\Tcpip\..\{C01B55C9-27ED-4426-80EF-8F3DFE7195E2}: DhcpNameServer = 212.27.40.240 212.27.40.241
  221. O17 - HKLM\System\CS2\Services\Tcpip\..\{CD78003C-B49B-4B9E-AC88-8334FA0CEB2D}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
  222. O17 - HKLM\System\CS2\Services\Tcpip\..\{C01B55C9-27ED-4426-80EF-8F3DFE7195E2}: DhcpNameServer = 212.27.40.240 212.27.40.241
  223. ~ Domain: Scanned in 00mn 00s
  224.  
  225.  
  226.  
  227. ---\\ Protocole additionnel (O18)
  228. O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
  229. O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
  230. ~ Protocole Additionnel: Scanned in 00mn 00s
  231.  
  232.  
  233.  
  234. ---\\ Enumère les données de BootExecute (BEX) (O34)
  235. O34 - HKLM BootExecute: (¤¥lw) - File not found
  236. ~ BEX: 2 Legitimates Filtered in 00mn 00s
  237.  
  238.  
  239.  
  240. ---\\ Tâches planifiées en automatique (O39)
  241. O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
  242. O39 - APT: - (..) -- C:\Windows\Tasks\DriverToolkit Autorun.job [362]
  243. O39 - APT: - (..) -- C:\Windows\System32\Tasks\DriverToolkit Autorun [362]
  244. O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 3 [340]
  245. O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 5 [336]
  246. O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
  247. O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
  248. O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3564868760-3349109281-229220676-1000Core [1034]
  249. O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3564868760-3349109281-229220676-1000UA [1086]
  250. ~ Scheduled Task: 8 Legitimates Filtered in 00mn 00s
  251.  
  252.  
  253.  
  254. ---\\ Logiciels installés (O42)
  255. O42 - Logiciel: AdfBotPro 3.3.1 Final - (.Wss Ltd.) [HKLM][64Bits] -- {E24F9D84-DF31-44A0-BC30-A97C42C99282}
  256. O42 - Logiciel: Algodoo v2.1.0 - (.Algoryx.) [HKLM][64Bits] -- Algodoo_is1
  257. O42 - Logiciel: Cash4You version Beta 1.1 - (.Havanna, Inc..) [HKLM][64Bits] -- {BFF06DE4-6892-47D1-A942-331611658D47}_is1
  258. O42 - Logiciel: Cash4You version Beta 1.2 - (.Havanna, Inc..) [HKLM][64Bits] -- {6D4E0E05-6A35-42FF-BFE8-833EB35FAFF5}_is1
  259. O42 - Logiciel: Cash4you version Beta 1.0 - (.Havanna, Inc..) [HKLM][64Bits] -- {16A1957A-D873-44EB-AF8D-26E9417A11DA}_is1
  260. O42 - Logiciel: Cash4you version Beta 1.1 - (.Havanna, Inc..) [HKLM][64Bits] -- {F555A312-2778-47A9-893A-D3067CDFF7A4}_is1
  261. O42 - Logiciel: Devis Facture Express LIGHT - (.SARL P2F.) [HKLM][64Bits] -- Devis Facture Express LIGHT_is1
  262. O42 - Logiciel: Gold Barre - (...) [HKLM][64Bits] -- Gold Barre =>Toolbar.GoldBarre
  263. O42 - Logiciel: PBO Manager v.1.4 beta - (. .) [HKLM][64Bits] -- {127B5371-1802-4EDD-A25A-A43BF761D383}
  264. O42 - Logiciel: Robocraft - (.Freejam.) [HKLM][64Bits] -- Steam App 301520
  265. O42 - Logiciel: Setup Generator Pro - (...) [HKLM][64Bits] -- Setup Generator Pro
  266. O42 - Logiciel: Smart Port Forwarding - (.Brooks Younce Software.) [HKLM][64Bits] -- Smart Port Forwarding
  267. O42 - Logiciel: Space Engineers - (...) [HKLM][64Bits] -- Steam App 244850
  268. O42 - Logiciel: Techne - (.ZeuX and r4wk.) [HKCU][64Bits] -- 244a1e8693fd9c7e
  269. O42 - Logiciel: TexView 2 Uninstall - (...) [HKLM][64Bits] -- TexView 2
  270. O42 - Logiciel: Unturned - (.Nelson Sexton.) [HKLM][64Bits] -- Steam App 304930
  271. O42 - Logiciel: Visitor 3 Uninstall - (...) [HKLM][64Bits] -- Visitor 3
  272. O42 - Logiciel: VoiceAttack - (.VoiceAttack.com.) [HKLM][64Bits] -- {6D027600-7BF6-4074-B64B-ABA638D3A976}
  273. ~ Logic: 27 Legitimates Filtered in 00mn 00s
  274.  
  275.  
  276.  
  277. ---\\ HKCU & HKLM Software Keys
  278. [HKCU\Software\BitComet] =>P2P.BitComet
  279. [HKCU\Software\Code Industry]
  280. [HKCU\Software\DefaultCompany]
  281. [HKCU\Software\Freejam]
  282. [HKCU\Software\GetPrivate]
  283. [HKCU\Software\Mouse]
  284. [HKCU\Software\Obviously Nice]
  285. [HKCU\Software\Pando Networks]
  286. [HKCU\Software\Siding]
  287. [HKCU\Software\Smartly Dressed Games]
  288. [HKCU\Software\TR12]
  289. [HKCU\Software\VoiceAttack.com]
  290. [HKCU\Software\iLLectronic]
  291. [HKCU\Software\yarpen.cz]
  292. [HKLM\Software\PBOManager]
  293. [HKLM\Software\Wow6432Node\IncrediMail]
  294. [HKLM\Software\Wow6432Node\Pando Networks]
  295. [HKLM\Software\Wow6432Node\id]
  296. [HKLM\Software\Wow6432Node\x2goclient]
  297. ~ Key Software: 639 Legitimates Filtered in 00mn 00s
  298.  
  299.  
  300.  
  301. ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
  302. O43 - CFD: 28/06/2014 - 20:44:00 - [] ----D C:\Program Files (x86)\Algodoo
  303. O43 - CFD: 31/08/2014 - 00:29:38 - [] ----D C:\Program Files (x86)\BF2Hub Client
  304. O43 - CFD: 14/09/2014 - 13:32:08 - [] ----D C:\Program Files (x86)\Cash4You
  305. O43 - CFD: 20/10/2014 - 04:02:33 - [] ----D C:\Program Files (x86)\DFELIGHT
  306. O43 - CFD: 08/08/2013 - 11:38:06 - [] ----D C:\Program Files (x86)\LS_Duhem
  307. O43 - CFD: 28/10/2011 - 21:44:47 - [] ----D C:\Program Files (x86)\Pando Networks
  308. O43 - CFD: 12/09/2014 - 19:45:35 - [] ----D C:\Program Files (x86)\Setup Generator Pro
  309. O43 - CFD: 26/12/2013 - 17:43:56 - [] ----D C:\Program Files (x86)\Smart Port Forwarding
  310. O43 - CFD: 05/04/2014 - 13:47:07 - [] ----D C:\Program Files (x86)\Teleport Pro
  311. O43 - CFD: 01/11/2014 - 22:18:23 - [] ----D C:\Program Files (x86)\VoiceAttack
  312. O43 - CFD: 08/01/2013 - 23:07:22 - [] ----D C:\Program Files (x86)\Wamp backup
  313. O43 - CFD: 10/09/2014 - 15:50:39 - [0] ----D C:\Program Files (x86)\Wss Ltd
  314. O43 - CFD: 29/08/2013 - 18:31:43 - [] ----D C:\Program Files (x86)\Common Files\VST2
  315. O43 - CFD: 16/06/2014 - 17:31:55 - [] ----D C:\ProgramData\662ad8c6a9989723
  316. O43 - CFD: 21/12/2013 - 15:56:00 - [] ----D C:\ProgramData\Generator
  317. O43 - CFD: 31/10/2014 - 05:04:43 - [0] ----D C:\ProgramData\LumaEmu_SteamCloud
  318. O43 - CFD: 15/11/2013 - 22:49:16 - [0] ----D C:\ProgramData\SpeedBit
  319. O43 - CFD: 20/09/2013 - 23:16:33 - [] ----D C:\Users\Vincent\AppData\Roaming\.aether
  320. O43 - CFD: 16/05/2014 - 23:07:47 - [] ----D C:\Users\Vincent\AppData\Roaming\.DeepCraft
  321. O43 - CFD: 02/09/2014 - 17:38:07 - [] ----D C:\Users\Vincent\AppData\Roaming\.StarMade
  322. O43 - CFD: 02/11/2013 - 01:21:50 - [] ----D C:\Users\Vincent\AppData\Roaming\.technic
  323. O43 - CFD: 09/03/2013 - 14:53:24 - [] ----D C:\Users\Vincent\AppData\Roaming\BitComet =>P2P.BitComet
  324. O43 - CFD: 20/10/2014 - 04:02:52 - [] ----D C:\Users\Vincent\AppData\Roaming\Devis_Facture_Express_Light_Datas
  325. O43 - CFD: 20/10/2014 - 04:02:52 - [] ----D C:\Users\Vincent\AppData\Roaming\Devis_Facture_Express_Light_User
  326. O43 - CFD: 12/07/2014 - 18:39:56 - [] ----D C:\Users\Vincent\AppData\Roaming\OBS - Copie
  327. O43 - CFD: 15/05/2014 - 19:30:23 - [] ----D C:\Users\Vincent\AppData\Roaming\Spiritsoft
  328. O43 - CFD: 01/11/2014 - 15:28:42 - [] ----D C:\Users\Vincent\AppData\Roaming\VoiceAttack
  329. O43 - CFD: 22/06/2013 - 12:33:43 - [] ----D C:\Users\Vincent\AppData\Local\28050
  330. O43 - CFD: 05/10/2013 - 12:55:54 - [] ----D C:\Users\Vincent\AppData\Local\ACCCx2_1_2_232
  331. O43 - CFD: 06/05/2014 - 23:05:30 - [] ----D C:\Users\Vincent\AppData\Local\Arma2NET
  332. O43 - CFD: 05/05/2014 - 23:23:16 - [] ----D C:\Users\Vincent\AppData\Local\PboM
  333. O43 - CFD: 22/10/2014 - 12:00:36 - [0] ----D C:\Users\Vincent\AppData\Local\Techne
  334. O43 - CFD: 01/11/2014 - 15:23:15 - [] ----D C:\Users\Vincent\AppData\Local\VoiceAttack.com
  335. O43 - CFD: 03/06/2014 - 20:47:01 - [] ----D C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
  336. O43 - CFD: 09/12/2013 - 18:44:52 - [0] ----D C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MMSSTV
  337. O43 - CFD: 05/05/2014 - 23:16:12 - [] ----D C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PBO Manager
  338. O43 - CFD: 05/04/2014 - 13:47:05 - [0] ----D C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Teleport Pro
  339. O43 - CFD: 02/10/2013 - 15:16:01 - [] ----D C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZeuX and r4wk
  340. ~ 378 Dossier CLSID vide (CLSID Empty Folder)
  341. ~ Program Folder: 839 Legitimates Filtered in 00mn 20s
  342.  
  343.  
  344.  
  345. ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
  346. O44 - LFC:[MD5.2EC56E11D99AFAD1E6FBA39BE82DF172] - 02/11/2014 - 02:32:09 --H-- . (...) -- C:\Windows\System32\v.bat [384]
  347. O44 - LFC:[MD5.BE578A754077B7B2DD9F1FD0D23CEC2D] - 03/11/2014 - 19:11:35 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [21008]
  348. O44 - LFC:[MD5.BE578A754077B7B2DD9F1FD0D23CEC2D] - 03/11/2014 - 19:11:35 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [21008]
  349. O44 - LFC:[MD5.908B184763F5C3220B1EE683DD804924] - 03/11/2014 - 19:16:17 ---A- . (...) -- C:\Windows\ntbtlog.txt [602442]
  350. O44 - LFC:[MD5.417EFDD49625ADC5772F8B3577F9C194] - 03/11/2014 - 19:46:07 ----- . (...) -- C:\bootsqm.dat [3360]
  351. ~ Files: 39 Legitimates Filtered in 01mn 06s
  352.  
  353.  
  354.  
  355. ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
  356. O51 - MPSK:{9ab8a211-7544-11e3-9d00-8c89a5162e02}\AutoRun\command. (...) -- F:\iStudio.exe (.not file.)
  357. O51 - MPSK:{9ddf21d5-f794-11e0-8593-8c89a5162e02}\AutoRun\command. (...) -- F:\Installer.exe (.not file.)
  358. ~ Keys: Scanned in 00mn 00s
  359.  
  360.  
  361.  
  362. ---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
  363. O52 - TDSD: \Drivers32\"VIDC.TMB2"="tmb2-v64.dll" . (...) -- C:\Windows\System32\tmb2-v64.dll
  364. O52 - TDSD: \drivers.desc\"tmb2-v64.dll"="PlayClaw 5 video decoder 64" . (...) -- C:\Windows\System32\tmb2-v64.dll
  365. ~ TDSD: 6 Legitimates Filtered in 00mn 00s
  366.  
  367.  
  368.  
  369. ---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
  370. O53 - SMSR:HKLM\...\startupreg\Overwolf [Key] . (...) -- C:\Program Files (x86)\Overwolf\Overwolf.exe (.not file.)
  371. O53 - SMSR:HKLM\...\startupreg\Pando Media Booster [Key] . (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
  372. O53 - SMSR:HKLM\...\startupreg\Wondershare Helper Compact.exe [Key] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
  373. ~ SMSR Keys: 30 Legitimates Filtered in 00mn 00s
  374.  
  375.  
  376.  
  377. ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
  378. O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
  379. O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
  380. ~ MWPS: 16 Legitimates Filtered in 00mn 00s
  381.  
  382.  
  383.  
  384. ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
  385. O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
  386. ~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s
  387.  
  388.  
  389.  
  390. ---\\ Liste des pilotes du système (SDL) (O58)
  391. O58 - SDL:21/02/2011 - 10:09:14 ---A- . (.Pas de propriétaire - NDIS 6.0 Filter Driver.) -- C:\Windows\System32\Drivers\anodlwfx.sys [15872]
  392. O58 - SDL:19/10/2011 - 14:14:29 ---A- . (...) -- C:\Windows\System32\Drivers\atksgt.sys [314016]
  393. O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
  394. O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
  395. O58 - SDL:09/06/2014 - 09:41:00 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [180136]
  396. O58 - SDL:16/05/2012 - 10:15:12 ---A- . (.Pas de propriétaire - iLok Kernel Driver.) -- C:\Windows\System32\Drivers\iLokDrvr.sys [25752]
  397. O58 - SDL:19/10/2011 - 14:14:28 ---A- . (...) -- C:\Windows\System32\Drivers\lirsgt.sys [43680]
  398. O58 - SDL:01/03/2013 - 02:49:12 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600]
  399. O58 - SDL:29/08/2013 - 16:49:06 ---A- . (.NoMachine - NoMachine Audio Adapter.) -- C:\Windows\System32\Drivers\nxaudio.sys [17920]
  400. O58 - SDL:11/12/2012 - 14:48:54 ---A- . (.NoMachine Sarl - NoMachine Display Adapter.) -- C:\Windows\System32\Drivers\nxdm.sys [29696]
  401. O58 - SDL:12/11/2013 - 17:53:16 ---A- . (.NoMachine - NoMachine USB Adapter.) -- C:\Windows\System32\Drivers\nxusbh.sys [68096]
  402. O58 - SDL:04/11/2013 - 17:52:18 ---A- . (.NoMachine - NoMachine USB Host Adapter.) -- C:\Windows\System32\Drivers\nxusbs.sys [10240]
  403. O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
  404. O58 - SDL:24/03/2014 - 21:12:06 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
  405. O58 - SDL:02/08/2011 - 16:38:56 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [51712]
  406. ~ Drivers: 87 Legitimates Filtered in 00mn 05s
  407.  
  408.  
  409.  
  410. ---\\ Liste des outils de désinfection (LATC) (O63)
  411. O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
  412. O63 - Logiciel: ZHPFix 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 =>.Nicolas Coolman
  413. O63 - Logiciel: RSIT - (.random/random.)
  414. ~ ADS: Scanned in 00mn 00s
  415.  
  416.  
  417.  
  418. ---\\ Associations Shell Spawning (O67)
  419. O67 - Shell Spawning: <.exe> <exefile>[HKCU\..\open\Command] (.Not Key.)
  420. O67 - Shell Spawning: <.html> <ChromeHTML.7WU7FQKJC7JPEIGREOGTKOSTIU>[HKCU\..\open\Command] (.Not Key.)
  421. ~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
  422.  
  423.  
  424.  
  425. ---\\ Menu de démarrage Internet (SMI) (O68)
  426. O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  427. O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- chrome.exe (.not file.)
  428. O68 - StartMenuInternet: <Google Chrome.7WU7FQKJC7JPEIGREOGTKOSTIU> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
  429. O68 - StartMenuInternet: <Google Chrome.LTAPCNZFOQBNSNGO56BBVT5FPA> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
  430. O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  431. O68 - StartMenuInternet: <Rocket.LTAPCNZFOQBNSNGO56BBVT5FPA> <Rocket>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Admin\AppData\Local\Rocket\Application\rocket.exe (.not file.) =>PUP.RockTurner
  432. ~ Keys: Scanned in 00mn 00s
  433.  
  434.  
  435.  
  436. ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
  437. O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
  438. O69 - SBI: SearchScopes [HKCU] {1F41A625-69C1-4851-B149-AF6A2AD28666} - (Search.us) - http://search.us.com =>PUP.StartSearch
  439. O69 - SBI: SearchScopes [HKCU] {85AA8878-F03A-414D-B8FF-1F6C997B68BC} - (Yahoo!) - http://search.yahoo.com
  440. O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
  441. O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
  442. ~ Keys: Scanned in 00mn 00s
  443.  
  444.  
  445.  
  446. ---\\ Recherche particulière à la racine du système (SPRF) (O84)
  447. [MD5.DD89B12A21223EE65709C540BEEB4D36] [SPRF][21/10/2014] (...) -- C:\Users\Vincent\AppData\Roaming\AdobeWLCMCache.dat [34]
  448. [MD5.8EEFB353F71DCFE3931BCA6D990C59C6] [SPRF][13/11/2013] (...) -- C:\Users\Vincent\AppData\Roaming\die.bat [91]
  449. [MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF][08/08/2013] (...) -- C:\Users\Vincent\AppData\Roaming\inst.exe [99384]
  450. [MD5.1D5485D6020EF9324C4811AE476B784B] [SPRF][18/04/2013] (.www.thebotnet.com - AdFly bot v5.) -- C:\Users\Vincent\Desktop\AdFly bot v5.exe [137728]
  451. [MD5.B22F34E2737E66BF3DD60D6C716CF28F] [SPRF][19/10/2013] (...) -- C:\Users\Vincent\Desktop\AMIDST-3.4.exe [975932]
  452. [MD5.1F74BBE2157962E839CE3A733A82B785] [SPRF][18/01/2014] (.Draziak & SnipeZz_Qc © - Arma 3 Pingas Launcher.) -- C:\Users\Vincent\Desktop\Arma 3 Pingas Launcher (2).exe [622592]
  453. [MD5.3E1DE04B63D85542BB2DAE6E78B7AF9D] [SPRF][24/09/2014] (.Pas de propriétaire - CashEurosBOT.) -- C:\Users\Vincent\Desktop\CashEurosBOT Release 2.1.exe [419328]
  454. [MD5.5ED81C10CA2A456664F68CB9C0FEBA5A] [SPRF][05/08/2013] (...) -- C:\Users\Vincent\Desktop\CrackMe.exe [30906]
  455. [MD5.6F225190DB6905A15298282EC381FC7F] [SPRF][18/07/2011] (...) -- C:\Users\Vincent\Desktop\CrackMe1.exe [13824]
  456. [MD5.83B3F4E16D64248568F79BAC67ED1A17] [SPRF][10/12/2012] (.Pas de propriétaire - Flooder V3.) -- C:\Users\Vincent\Desktop\Flooder v5.exe [671232]
  457. [MD5.B95BF6E70584D7B79D7089CD24F3128D] [SPRF][08/01/2011] (...) -- C:\Users\Vincent\Desktop\iView Fur U v3!.exe [491363]
  458. [MD5.254160D9B9287BFF589B6246F99D8EEC] [SPRF][09/09/2014] (...) -- C:\Users\Vincent\Desktop\IyQoe.bat [522]
  459. [MD5.47BA654BB0059C8CD94BEBDB5B45EDC4] [SPRF][17/10/2012] (...) -- C:\Users\Vincent\Desktop\jd-gui.exe [809472]
  460. [MD5.4720235220ACAE235B2881F190AB0C21] [SPRF][25/10/2014] (.Pas de propriétaire - Setup.) -- C:\Users\Vincent\Desktop\Launcher-Involved.exe [497576]
  461. [MD5.E899F1C5B292A0ECF6E8E19B302B622C] [SPRF][08/10/2014] (.Pas de propriétaire - FTB_Launcher.) -- C:\Users\Vincent\Desktop\launcher^FTB_Launcher.exe [4980105]
  462. [MD5.3C166BAE84553D4CB27AF8ABDC61712D] [SPRF][08/08/2013] (...) -- C:\Users\Vincent\Desktop\Minecraft.exe [675988]
  463. [MD5.FC3B3C1EB479EEED42B538977299FD08] [SPRF][12/09/2014] (.Pas de propriétaire - MoneyGenerator.) -- C:\Users\Vincent\Desktop\MoneyGenerator.exe [544768]
  464. [MD5.AF5B90F9A9BC151D50F58CCBFC632EB5] [SPRF][25/04/2010] (.Pas de propriétaire - NamedBinaryTag.) -- C:\Users\Vincent\Desktop\NamedBinaryTag.dll [28672]
  465. [MD5.90D9972CF48C3542D4B59F32E2AD6185] [SPRF][09/06/2010] (.Pas de propriétaire - NBTedit.) -- C:\Users\Vincent\Desktop\NBTedit.exe [118784]
  466. [MD5.A0FD647AE0DE91F4F16B20934C5B9674] [SPRF][07/06/2007] (.Home - PboView.) -- C:\Users\Vincent\Desktop\PboView.exe [69632]
  467. [MD5.0409809D67CC2D02F1F11A61187B9DE0] [SPRF][11/10/2014] (.Pas de propriétaire - Technic Launcher.) -- C:\Users\Vincent\Desktop\TechnicLauncher.exe [2346942]
  468. [MD5.8011DBB766E03FD2A13F5A6A1B736BC8] [SPRF][29/07/2014] (...) -- C:\Users\Vincent\Desktop\test.reg [169]
  469. [MD5.6CEEC4E37D463A707198FB754B25316C] [SPRF][06/06/2007] (...) -- C:\Users\Vincent\Desktop\texture.dll [364544]
  470. [MD5.2EC56E11D99AFAD1E6FBA39BE82DF172] [SPRF][09/09/2014] (...) -- C:\Users\Vincent\Desktop\v.bat [384]
  471. [MD5.38FA6A234B3B6D51C8C720CA9B006828] [SPRF][15/11/2013] (...) -- C:\Users\Vincent\Desktop\va32.exe [11324104]
  472. ~ Files: 29 Legitimates Filtered in 00mn 00s
  473.  
  474.  
  475.  
  476. ---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
  477. O87 - FAEL: "{0A7CE180-5BA7-4FC1-95EB-324E14BA4322}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Vincent\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
  478. O87 - FAEL: "{7C0B293A-527F-456B-985C-EB258F3A9C64}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Vincent\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
  479. O87 - FAEL: "{C0EB0505-4EB5-4804-9EFF-E185BB78AF6E}" | In - Domain - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  480. O87 - FAEL: "{E11B6DF1-1F86-4BAE-8744-555D84328DA9}" | In - Domain - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  481. O87 - FAEL: "{D211E74A-16E0-46CD-8CA7-BCFBD7FED64E}" | In - Domain - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  482. O87 - FAEL: "TCP Query User{0BD7D9BB-BDF4-4F03-88EB-BFB3C7A34B81}C:\users\vincent\appdata\roaming\utorrent\updates\3.4.1_31139.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\vincent\appdata\roaming\utorrent\updates\3.4.1_31139.exe =>P2P.BitTorrent
  483. O87 - FAEL: "UDP Query User{DEF2C2E4-3FB0-489B-B52C-30E1818B34D5}C:\users\vincent\appdata\roaming\utorrent\updates\3.4.1_31139.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\vincent\appdata\roaming\utorrent\updates\3.4.1_31139.exe =>P2P.BitTorrent
  484. O87 - FAEL: "{33164E19-72BF-4012-B08F-3A20626CADCC}" | In - Domain - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  485. O87 - FAEL: "{7545EEF7-FA97-409D-B82B-9E00303E909D}" | In - Domain - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  486. O87 - FAEL: "{9F39E5E5-2E8D-4022-9931-3E5CCF60F52C}" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  487. O87 - FAEL: "{0954241F-8997-4485-8423-40F13C547881}" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  488. O87 - FAEL: "{6B9E25C6-A541-40BC-979B-BC98EA564AB4}" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  489. O87 - FAEL: "{6778F31D-EBEF-4225-BE86-293E6C638BC1}" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  490. O87 - FAEL: "{2C080C22-5941-49F2-8762-584A7013C946}" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  491. O87 - FAEL: "{90F8E67E-F2C8-4440-B344-E2DF8A625655}" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  492. O87 - FAEL: "{189A6A81-05FA-43EF-8439-5F314800FEE2}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  493. O87 - FAEL: "{19FA8A71-33E5-4B5C-92B1-E546D35938A6}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vincent\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
  494. ~ Firewall: 17 Legitimates Filtered in 00mn 03s
  495.  
  496.  
  497.  
  498. ---\\ Recherche de clés de registre Tracing (O100)
  499. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_RASAPI32 =>P2P.BitComet
  500. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_RASMANCS =>P2P.BitComet
  501. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_stats_RASAPI32 =>P2P.BitComet
  502. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitComet_stats_RASMANCS =>P2P.BitComet
  503. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bittorrent_bittorrent_7_RASAPI32 =>P2P.BitTorrent
  504. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bittorrent_bittorrent_7_RASMANCS =>P2P.BitTorrent
  505. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
  506. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
  507. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FastPlayer_RASAPI32 =>PUP.FastPlayer
  508. HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FastPlayer_RASMANCS =>PUP.FastPlayer
  509. ~ BTK: 468 Legitimates Filtered in 00mn 00s
  510.  
  511.  
  512.  
  513. ---\\ Recherche de clés de registre CLSID (O101)
  514. [HKCR\CLSID\{E7513E10-C980-6686-EF49-FEDD29EB561A}] (ShoppingChip) =>Adware.ShoppingChip
  515. ~ BCK: 5470 Legitimates Filtered in 00mn 04s
  516.  
  517.  
  518.  
  519. ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
  520. SS - | Disabled 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
  521. SS - | Disabled 29/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  522. SS - | Disabled 24/10/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  523. SS - | Disabled 22/03/2014 49152 | (BEService) . (...) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
  524. SS - | Disabled 12/07/2010 53248 | (D_Link_DWA-140_WPS) . (...) - C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
  525. SS - | Disabled 19/12/2013 1677080 | (GS In-Game Service) . (.ClanServers Hosting LLC.) - C:\Program Files (x86)\GameTracker\GSInGameService.exe
  526. SS - | Disabled 07/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  527. SS - | Disabled 07/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  528. SS - | Disabled 04/09/2014 2525008 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
  529. SS - | Disabled 13/02/2013 731648 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
  530. SS - | Disabled 13/02/2013 820184 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
  531. SS - | Disabled 13/06/2013 357144 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
  532. SS - | Disabled 08/08/2014 377616 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
  533. SS - | Auto 01/10/2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
  534. SS - | Auto 01/10/2014 968504 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
  535. SS - | Disabled 29/09/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
  536. SS - | Disabled 26/04/2014 14243 | (MySQL56) . (...) - C:\ProgramData\MySQL\MySQL Server 5.6\my.ini
  537. SS - | Auto 18/06/2014 328832 | (nlsvc) . (.Locktime Software.) - C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
  538. SS - | Disabled 09/08/2014 1721800 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
  539. SS - | Disabled 16/10/2014 933064 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
  540. SS - | Disabled 18/05/2012 2938880 | (PaceLicenseDServices) . (.PACE Anti-Piracy, Inc..) - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
  541. SS - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
  542. SS - | Disabled 01/03/2013 118520 | (rpcapd) . (.Riverbed Technology, Inc..) - C:\Program Files (x86)\WinPcap\rpcapd.exe
  543. SS - | Disabled 25/04/2014 1738200 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
  544. SS - | Disabled 25/04/2014 2081752 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
  545. SS - | Disabled 25/04/2014 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
  546. SS - | Demand 21/10/2014 833728 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
  547. SS - | Disabled 16/10/2014 410952 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  548. SS - | Disabled 25/04/2014 5024576 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
  549. SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
  550. SS - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
  551. SS - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
  552. SR - | Auto 22/08/2014 23784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
  553. ~ Services: Scanned in 00mn 10s
  554.  
  555.  
  556.  
  557. ---\\ Scan Additionnel (O88)
  558. Database Version : 13026 - (03/11/2014)
  559. Clés trouvées (Keys found) : 7
  560. Valeurs trouvées (Values found) : 13
  561. Dossiers trouvés (Folders found) : 1
  562. Fichiers trouvés (Files found) : 2
  563.  
  564. [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gold Barre] =>Toolbar.GoldBarre^
  565. [HKLM\Software\Classes\Toolbar3.SBCONVERT] =>Toolbar.Agent
  566. [HKLM\Software\Classes\Toolbar3.SBCONVERT.1] =>Toolbar.Agent
  567. [HKLM\Software\Wow6432Node\Classes\Toolbar3.SBCONVERT] =>Toolbar.Agent
  568. [HKLM\Software\Wow6432Node\Classes\Toolbar3.SBCONVERT.1] =>Toolbar.Agent
  569. [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
  570. [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
  571. C:\Users\Vincent\AppData\Roaming\BitComet =>P2P.BitComet^
  572. [HKCU\Software\BitComet] =>P2P.BitComet^
  573. [HKCR\CLSID\{E7513E10-C980-6686-EF49-FEDD29EB561A}] (ShoppingChip) =>Adware.ShoppingChip^
  574. ~ Additionnel Scan: 440265 Items scanned in 01mn 14s
  575.  
  576.  
  577.  
  578. ---\\ Informations complémentaires sur les modules
  579. ~ http://nicolascoolman.fr/g0-page-de-demarrage-google-chrome/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
  580. ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
  581. ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
  582. ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
  583. ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
  584. ~ AMI: 5 Legitimates Filtered in 00mn 00s
  585.  
  586.  
  587.  
  588. ---\\ Récapitulatif des détections trouvées sur votre station
  589. http://nicolascoolman.fr/pup-rockturner =>PUP.RockTurner
  590. http://nicolascoolman.fr/pup-isstart =>PUP.IsStart
  591. http://www.nicolascoolman.fr/blog/ =>Toolbar.GoldBarre
  592. http://nicolascoolman.fr/hijacker-torntv =>Hijacker.TornTV
  593. http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
  594. http://www.nicolascoolman.fr/blog/ =>PUP.FastPlayer
  595. http://nicolascoolman.fr/adware-shoppingchip =>Adware.ShoppingChip
  596. http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
  597. http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
  598. ~ MSI: 9 link(s) detected in 00mn 00s
  599.  
  600.  
  601.  
  602. ~ 1752 Legitimates filtered by white list
  603. End of the scan (602 lines in 04mn 47s)(0)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!