Redirection depuis youtube
Fermé
magicshark
Messages postés
399
Date d'inscription
mardi 27 juillet 2010
Statut
Membre
Dernière intervention
6 mai 2014
-
6 janv. 2014 à 21:10
Marou81 Messages postés 4175 Date d'inscription mercredi 13 janvier 2010 Statut Membre Dernière intervention 18 mars 2014 - 7 janv. 2014 à 23:55
Marou81 Messages postés 4175 Date d'inscription mercredi 13 janvier 2010 Statut Membre Dernière intervention 18 mars 2014 - 7 janv. 2014 à 23:55
A voir également:
- Redirection depuis youtube
- Bloqueur de pub youtube - Guide
- Comment télécharger une vidéo youtube - Guide
- Youtube sans pub - Guide
- Script vidéo youtube - Guide
- Télécharger youtube gratuit en arabe - Télécharger - TV & Vidéo
4 réponses
Faeris
Messages postés
748
Date d'inscription
vendredi 30 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2014
155
6 janv. 2014 à 21:17
6 janv. 2014 à 21:17
Salut, utilise ce logiciel de diagnostique qui me permettra de t'aider :
▶ Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau
▶ Lance le (si tu es sous Windows Vista ou Windows 7, fais le par un clic-droit --> Exécuter en temps qu'administrateur)
▶ Laisse toi guider lors de l'installation (pense à cocher la case pour créer un raccourci sur le Bureau). Il se lancera automatiquement à la fin de l'installation.
▶ /!\ Suite à ces actions,l'outil a créé 2 raccourcis : ( ZHPFix, ZHPDiag )
▶ Pour exécuter une analyse complète, clique sur l'icône bureau "ZHPDiag" représentant un "parchemin".
▶ Dans l'interface du logiciel, clique sur le bouton "Configurer" pour accéder aux réglages.
▶ Clique ensuite sur bouton "Loupe +" en bas à gauche, pour lancer un Diagnostic Full options.
▶ L'analyse s'effectue, patientez quelques minutes pendant le travail de l'outil indiqué par "Traitement en cours..."
▶ A l'issue de l'analyse qui sera indiquée dans l'interface du programme, 100%, le rapport va s'ouvrir dans le bloc note.
▶ Rends toi sur ce site, clique sur "Parcourir", sélectionne le rapport de ZHPDiag et clique sur Envoyer le fichier. Patiente pendant l'envoi du fichier, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.
Le rapport ZHPDiag.txt sera aussi sur ton bureau. En cas de nécessité, il est sauvegardé dans C:\ZHP\ZHPDiag.txt.
▶ Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau
▶ Lance le (si tu es sous Windows Vista ou Windows 7, fais le par un clic-droit --> Exécuter en temps qu'administrateur)
▶ Laisse toi guider lors de l'installation (pense à cocher la case pour créer un raccourci sur le Bureau). Il se lancera automatiquement à la fin de l'installation.
▶ /!\ Suite à ces actions,l'outil a créé 2 raccourcis : ( ZHPFix, ZHPDiag )
▶ Pour exécuter une analyse complète, clique sur l'icône bureau "ZHPDiag" représentant un "parchemin".
▶ Dans l'interface du logiciel, clique sur le bouton "Configurer" pour accéder aux réglages.
▶ Clique ensuite sur bouton "Loupe +" en bas à gauche, pour lancer un Diagnostic Full options.
▶ L'analyse s'effectue, patientez quelques minutes pendant le travail de l'outil indiqué par "Traitement en cours..."
▶ A l'issue de l'analyse qui sera indiquée dans l'interface du programme, 100%, le rapport va s'ouvrir dans le bloc note.
▶ Rends toi sur ce site, clique sur "Parcourir", sélectionne le rapport de ZHPDiag et clique sur Envoyer le fichier. Patiente pendant l'envoi du fichier, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.
Le rapport ZHPDiag.txt sera aussi sur ton bureau. En cas de nécessité, il est sauvegardé dans C:\ZHP\ZHPDiag.txt.
magicshark
Messages postés
399
Date d'inscription
mardi 27 juillet 2010
Statut
Membre
Dernière intervention
6 mai 2014
13
6 janv. 2014 à 21:40
6 janv. 2014 à 21:40
Bonjour, merci de votre rapidité voici le lien
Merci voici le lien
https://pjjoint.malekal.com/files.php?read=ZHPDiag_20140106_n7c11j6e9n6
Merci voici le lien
https://pjjoint.malekal.com/files.php?read=ZHPDiag_20140106_n7c11j6e9n6
Faeris
Messages postés
748
Date d'inscription
vendredi 30 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2014
155
6 janv. 2014 à 21:42
6 janv. 2014 à 21:42
Utilises cet outil de désinfection spécifique aux logiciels publicitaires :
▶ Télécharge AdwCleaner (de Xplode) sur ton Bureau.
▶ Lance le, clique sur Analyse puis patiente le temps du scan et clique sur Suppression
▶ Ensuite, le rapport s'ouvrira après un redémarrage : poste le dans ta prochaine réponse.
Puis, utilises cet outil en complément à ADWCleaner :
▶ Télécharge et lance Junkware Removal Tool de Thisisu En tant qu'administrateur
▶ Lis les conditions d'utilisations puis veille à bien fermer tous les programmes actifs
▶ Lance le en appuyant sur n'importe quelle touche
▶ Ne fais plus rien et attends que le logiciel termine (il se ferme tout seul et affiche normalement un rapport enregistré sur le bureau)
▶ Poste le rapport dans ta prochaine réponse
Ensuite, fais un examen complet avec Malwarebyte's et postes le rapport une fois terminé.
Enfin, refais un scan avec ZHPDiag comme la première fois.
▶ Télécharge AdwCleaner (de Xplode) sur ton Bureau.
▶ Lance le, clique sur Analyse puis patiente le temps du scan et clique sur Suppression
▶ Ensuite, le rapport s'ouvrira après un redémarrage : poste le dans ta prochaine réponse.
Puis, utilises cet outil en complément à ADWCleaner :
▶ Télécharge et lance Junkware Removal Tool de Thisisu En tant qu'administrateur
▶ Lis les conditions d'utilisations puis veille à bien fermer tous les programmes actifs
▶ Lance le en appuyant sur n'importe quelle touche
▶ Ne fais plus rien et attends que le logiciel termine (il se ferme tout seul et affiche normalement un rapport enregistré sur le bureau)
▶ Poste le rapport dans ta prochaine réponse
Ensuite, fais un examen complet avec Malwarebyte's et postes le rapport une fois terminé.
Enfin, refais un scan avec ZHPDiag comme la première fois.
magicshark
Messages postés
399
Date d'inscription
mardi 27 juillet 2010
Statut
Membre
Dernière intervention
6 mai 2014
13
6 janv. 2014 à 21:45
6 janv. 2014 à 21:45
j'ai fait un scan minutieux sur tous mes dd avant tiers de Malwarebyte's dois-je recommencer ?
Faeris
Messages postés
748
Date d'inscription
vendredi 30 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2014
155
6 janv. 2014 à 21:47
6 janv. 2014 à 21:47
Non, postes directement le rapport. Ils sont disponible dans l'onglet Rapport/log quand tu ouvres Malwarebyte's.
magicshark
Messages postés
399
Date d'inscription
mardi 27 juillet 2010
Statut
Membre
Dernière intervention
6 mai 2014
13
6 janv. 2014 à 22:17
6 janv. 2014 à 22:17
je finirai les manipulation demain j'ai besoin que mon PC rèste allumer désolé. Merci beaucoup de l'aide en tous cas
Faeris
Messages postés
748
Date d'inscription
vendredi 30 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2014
155
6 janv. 2014 à 22:31
6 janv. 2014 à 22:31
Pas de soucis.
magicshark
Messages postés
399
Date d'inscription
mardi 27 juillet 2010
Statut
Membre
Dernière intervention
6 mai 2014
13
7 janv. 2014 à 21:02
7 janv. 2014 à 21:02
ZhpDiag :
~ Rapport de ZHPDiag v2014.1.2.5 - Nicolas Coolman (02/01/2014)
~ Lancé par pierrot (06/01/2014 21:19:34)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 18.0.1
GCIE: Google Chrome v31.0.1650.63 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, VOLUME_MAK channel
Windows ID Activation : OK
~ Windows Partial Key : 4G37D
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
Pando Media Booster v2.6.0.1
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Java 7 Update 45
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 5 GB (6%) free of 74 GB
---\\ Mode de connexion au système
~ Computer Name: PIERROT-PC
~ User Name: pierrot
~ All Users Names: pierrot, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\pierrot\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\pierrot\AppData\Roaming\
~ %Desktop% : C:\Users\pierrot\Desktop\
~ %Favorites% : C:\Users\pierrot\Favorites\
~ %LocalAppData% : C:\Users\pierrot\AppData\Local\
~ %StartMenu% : C:\Users\pierrot\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 5 Go of 74 Go)
D: Hard drive, Flash drive, Thumb drive (Free 8 Go of 149 Go)
E: CD-ROM drive (Not Inserted)
G: Hard drive, Flash drive, Thumb drive (Free 9 Go of 75 Go)
K: Floppy drive, Flash card reader, USB Key (Not Inserted)
L: Floppy drive, Flash card reader, USB Key (Not Inserted)
M: Floppy drive, Flash card reader, USB Key (Not Inserted)
N: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 07:33:33.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/31
~ Mes musiques (My Musics) : 1/26
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 2/141
~ Mon Bureau (My Desktop) : 1/4955
~ Menu demarrer (Programs) : 1/78
~ Hidden Files: Scanned in 00mn 09s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1624]
[MD5.D49C6A597814433ED6C3BF7ECF2D27BD] - (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe [2565520] [PID.372]
[MD5.00AB2B491C7037BB219BEB26FAD34C72] - (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.exe [1612920] [PID.2416]
[MD5.5F7EE76129F9A591F22F99F95D97AC95] - (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016] [PID.2484]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.1728]
[MD5.0B692C328AF648AD478A967C21DD7936] - (.Pas de propriétaire - AgentMon Application.) -- G:\ordi Zayan\VTech\DownloadManager\System\AgentMonitor.exe [391040] [PID.2972]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392] [PID.3236]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Users\pierrot\AppData\Local\Google\Chrome\Application\chrome.exe [863184] [PID.5336]
[MD5.E9ACE8568F9F906996B16363E9861829] - (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- G:\Steam\Steam.exe [1823656] [PID.4592]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.2696]
[MD5.96D15D600A881779177985166A8F022F] - (.Nicolas Coolman - ZHPDiag Setup.) -- D:\telechargement\ZHPDiag2.exe [6864398] [PID.4184]
[MD5.9E30AB5E3F6B43F69F928E6B4FCFD604] - (.Pas de propriétaire - Setup/Uninstall.) -- C:\Users\pierrot\AppData\Local\Temp\is-53VPH.tmp\ZHPDiag2.tmp [680960] [PID.5144]
[MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8321024] [PID.2624]
[MD5.4B9298FD6707980AB8E3A8F0E642EC9A] - (.AMD - AMD External Events Service Module.) -- C:\Windows\system32\atiesrxx.exe [163328] [PID.832]
[MD5.F4E24BB33314593B8AAA269A85045909] - (.AMD - AMD External Events Client Module.) -- C:\Windows\system32\atieclxx.exe [405504] [PID.1316]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.1940]
[MD5.CE1EE31FFF730CA975A5535D8A71AF61] - (.Pas de propriétaire - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.exe [138192] [PID.2008]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.380]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.720]
[MD5.8C02B0CC65BEE71124A565062BA77B39] - (...) -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064] [PID.1188]
[MD5.F502A4B72524D21C5CA7183E61FB522E] - (.Ralink Technology, Corp. - RalinkRegistryWriter.) -- C:\Program Files\Ralink\Common\RaRegistry.exe [375872] [PID.1744]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.1656]
[MD5.4D09B93F16DA1AA08EB226F9F1AA4D51] - (.VMware, Inc. - VMware USB Arbitration Service.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [665200] [PID.2060]
[MD5.95EEC9F8FEB9D06872A433F058AB8E60] - (.VMware, Inc. - VMware NAT Service.) -- C:\Windows\system32\vmnat.exe [432752] [PID.2108]
[MD5.E3DED404ED971CA58DE75F45227F947C] - (.VTech - VTech Service Installer.) -- G:\ordi Zayan\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [82344] [PID.2152]
[MD5.82FF155BF3F16AFEF04A26045EFECECF] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\Windows\system32\vmnetdhcp.exe [354416] [PID.2184]
[MD5.1B27939FC5B5B697D10BE276A83D3C35] - (.VTech - VTech USB Socket Service.) -- G:\ordi Zayan\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe [183720] [PID.2192]
[MD5.0FC29ADB3F634ED3E535A76395B470B5] - (.VMware, Inc. - VMware Authorization Service.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872] [PID.2224]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.4916]
[MD5.6F44F5C0BC6B210FE5F5A1C8D899AD0A] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [77312] [PID.4088]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.4576]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\pierrot\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google\u00C2 Wallet v.0.0.6.0 (Activé)
~ Google Browser: 11 Legitimates Filtered in 03mn 02s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\pierrot\AppData\Roaming\Mozilla\Firefox\Profiles\rh29j0kd.default\prefs.js
C:\Users\pierrot\AppData\Roaming\Mozilla\Firefox\Profiles\zns3e3ac.default\prefs.js
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (...) -- C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (.not file.)
P2 - FPN: [HKLM] [@divx.com/DivX VOD Helper,version=1.0.0] - (...) -- C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (.not file.)
~ Firefox Browser: 27 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 07s
~ Nombre de lignes (Lines number): 26
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Battle.net.lnk . (.Blizzard Entertainment - Battle.net Setup.) -- C:\Program Files\Battle.net\Battle.net Launcher.exe
O4 - GS\Desktop [Public]: Brutal Legend.lnk . (...) -- G:\Brutal legend\Brutal Legend\BrutalLegend.exe (.not file.)
O4 - GS\Desktop [Public]: Hearthstone.lnk . (.Blizzard Entertainment - Hearthstone Setup.) -- C:\Program Files\Hearthstone\Hearthstone Beta Launcher.exe
O4 - GS\Desktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\Program [Public]: Brutal Legend.lnk . (...) -- G:\Brutal legend\Brutal Legend\BrutalLegend.exe (.not file.)
O4 - GS\Program [Public]: Chivalry Medieval Warfare.lnk . (...) -- D:\chivalry\Chivalry Medieval Warfare\Binaries\Win32\UDK.exe (.not file.)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [pierrot]: Easy Audio Cutter.lnk . (...) -- C:\Program Files\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe (.not file.)
O4 - GS\QuickLaunch [pierrot]: Free CD Ripper.lnk . (...) -- C:\Program Files\Free mp3 Wma Converter\Free CD Ripper\FreeCDRipper.exe (.not file.)
O4 - GS\QuickLaunch [pierrot]: Free Mp3 Wma Converter.lnk . (...) -- C:\Program Files\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (.not file.)
O4 - GS\QuickLaunch [pierrot]: KVIrc.lnk . (...) -- C:\Program Files\KVIrc\kvirc.exe (.not file.)
O4 - GS\QuickLaunch [pierrot]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [pierrot]: VMware Player.lnk . (.VMware, Inc. - VMware Player.) -- C:\Program Files\VMware\VMware Player\vmplayer.exe
O4 - GS\TaskBar [pierrot]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\pierrot\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [pierrot]: Minecraft (1).lnk . (...) -- C:\Users\pierrot\Downloads\Minecraft (1).exe
O4 - GS\TaskBar [pierrot]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [pierrot]: SSH, Telnet and Rlogin client.lnk . (...) -- C:\Users\pierrot\Desktop\putty.exe (.not file.)
O4 - GS\TaskBar [pierrot]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\TaskBar [pierrot]: wperl.lnk . (...) -- C:\strawberry\perl\bin\wperl.exe
O4 - GS\Program [pierrot]: Chat-Land messenger.lnk . (...) -- C:\Users\pierrot\chat-land\Chat-Landmessenger.exe (.not file.) =>Hijacker.ChercheUS
O4 - GS\Program [pierrot]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [pierrot]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [pierrot]: Chromium.lnk . (.Escolade Solutions LTD - Oxy.) -- C:\Users\pierrot\AppData\Local\Oxy\Application\oxy.exe
O4 - GS\Desktop [pierrot]: Explor@ Park.lnk . (...) -- G:\ordi Zayan\VTech\DownloadManager\System\AgentMonitor.exe
O4 - GS\Desktop [pierrot]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\pierrot\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [pierrot]: PS3 Media Server.lnk . (.PS3 Media Server - PS3 Media Server.) -- D:\PS3 Media Server\PMS.exe
~ Global Startup: 85 Legitimates Filtered in 00mn 08s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: OpenVPN Client.lnk . (...) -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe
O4 - GS\Startup [Public]: Ralink Wireless Utility.lnk . (.Ralink Technology, Corp. - Ralink Wireless LAN Card Utility.) -- C:\Program Files\Ralink\Common\RaUI.exe
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKLM\..\Run: [CanonSolutionMenuEx] . (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.exe
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] . (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AgentMonitor] . (.Pas de propriétaire - AgentMon Application.) -- G:\ordi Zayan\VTech\DownloadManager\System\AgentMonitor.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\pierrot\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- G:\Steam\steam.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2685745190-3337387317-3771212626-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\pierrot\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-2685745190-3337387317-3771212626-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-2685745190-3337387317-3771212626-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2685745190-3337387317-3771212626-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2685745190-3337387317-3771212626-1000\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- G:\Steam\steam.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6622DA2-0BF7-4C71-B777-6CD2FAC3EDB7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D6622DA2-0BF7-4C71-B777-6CD2FAC3EDB7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D6622DA2-0BF7-4C71-B777-6CD2FAC3EDB7}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{D6622DA2-0BF7-4C71-B777-6CD2FAC3EDB7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = pierrot.lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\ProgramData\WinWeb protection\WinWebprotection.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: WinWeb protection (89f7ebe4) . (...) - C:\Program Files\winweb~1\WinWebprotectionSvc.dll (.not file.)
O23 - Service: OpenVPN Access Client (OpenVPNAccessClient) . (...) - C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
O23 - Service: VTechUSBSocketService (VTechUSBSocketService) . (.VTech - VTech Service Installer.) - G:\ordi Zayan\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe
~ Services: 14 Legitimates Filtered in 01mn 13s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job [294]
[MD5.00000000000000000000000000000000] [APT] [{03548914-2CCF-4A4B-8725-9F3FF9C337BF}] (...) -- C:\Users\pierrot\chat-land\UChatLand.exe (.not file.) [0] =>Hijacker.ChercheUS
[MD5.00000000000000000000000000000000] [APT] [{6234AF4E-54E0-482F-83CC-6298D04E2BBA}] (...) -- D:\The Elder Scrolls V Skyrim\TESV.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B1DF23F5-235B-4BEA-A8FE-A20796AC0020}] (...) -- C:\Program Files\Claro LTD\claro\1.8.8.5\GUninstaller.exe (.not file.) [0] =>PUP.ClaroSearch
[MD5.00000000000000000000000000000000] [APT] [{FFD168B3-18C3-4B20-84E6-EACF586D3F34}] (...) -- D:\The Elder Scrolls V Skyrim\TESV.exe (.not file.) [0]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 16s
---\\ Logiciels installés (O42)
O42 - Logiciel: BrowseToSave - (...) [HKLM] -- {F9474663-1411-4529-A7C2-5C3322A46495} =>Adware.Browse2Save
O42 - Logiciel: Brutal Legend version 1 - (...) [HKLM] -- QnJ1dGFsIExlZ2VuZA==_is1
O42 - Logiciel: Eye 110 - (...) [HKLM] -- {C679F9B9-C65D-4C65-BD6C-BF90B859E281}
O42 - Logiciel: No More Room in Hell - (.No More Room in Hell Team.) [HKLM] -- Steam App 224260
O42 - Logiciel: WinWeb protection - (.PlanetCore.) [HKLM] -- {5F189DF5-2D05-472B-9091-84D9848AE48B}{89f7ebe4}
~ Logic: 23 Legitimates Filtered in 00mn 04s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Emtec]
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKCU\Software\Pando Networks]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\Dejan0]
[HKLM\Software\Dejan1]
[HKLM\Software\Dejan2]
[HKLM\Software\Dejan3]
[HKLM\Software\Emtec]
[HKLM\Software\IncrediMail]
[HKLM\Software\Nom de votre sociét]
[HKLM\Software\Pando Networks]
[HKLM\Software\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\SProtector] =>PUP.Mocaflix
[HKLM\Software\Vittalia] =>PUP.Vittalia
~ Key Software: 326 Legitimates Filtered in 00mn 04s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/12/2013 - 23:17:43 - [0] ----D C:\Program Files\BrowseToSave =>Adware.Browse2Save
O43 - CFD: 27/01/2013 - 13:21:44 - [115,946] ----D C:\Program Files\glassfish-3.1.2.2
O43 - CFD: 05/12/2011 - 22:40:18 - [7,134] ----D C:\Program Files\Pando Networks
O43 - CFD: 01/01/2014 - 15:51:18 - [0,002] ----D C:\ProgramData\1409411e1f0bea8e
O43 - CFD: 07/04/2013 - 14:38:00 - [0,025] ----D C:\ProgramData\BBrowsee2sAove =>Adware.Browse2Save
O43 - CFD: 05/10/2013 - 21:46:40 - [4,159] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 01/01/2014 - 15:51:12 - [0,007] ----D C:\ProgramData\ogefojeehnajpbfgfbpligkeieoobjgn
O43 - CFD: 04/01/2014 - 12:47:26 - [0,007] ----D C:\ProgramData\RanedomPricce =>PUP.RandomPrice
O43 - CFD: 04/01/2014 - 12:47:26 - [0,007] ----D C:\ProgramData\SaveLoTs
O43 - CFD: 28/12/2013 - 23:17:58 - [4,360] ----D C:\ProgramData\WinWeb protection
O43 - CFD: 05/01/2014 - 22:07:56 - [0] ----D C:\Users\pierrot\AppData\Roaming\Oxy
O43 - CFD: 25/07/2012 - 12:10:35 - [0] ----D C:\Users\pierrot\AppData\Roaming\Toad Data Modeler Freeware
O43 - CFD: 05/01/2014 - 22:06:01 - [77,768] ----D C:\Users\pierrot\AppData\Local\Oxy
O43 - CFD: 09/04/2013 - 21:57:38 - [0,017] ----D C:\Users\pierrot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio
~ 369 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 628 Legitimates Filtered in 02mn 33s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.4AC1E8599B98226A3E98604226A2AD97] - 06/01/2014 - 21:24:59 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [28288]
O44 - LFC:[MD5.4AC1E8599B98226A3E98604226A2AD97] - 06/01/2014 - 21:24:59 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [28288]
~ Files: 12 Legitimates Filtered in 00mn 10s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.07E13F41252F46B49AA7B41FA78A3EDF] - 06/01/2014 - 10:41:24 ---A- - C:\Windows\Prefetch\WLRMDR.EXE-C2B47318.pf
O45 - LFCP:[MD5.E32770840B83871549B394B74A34E222] - 06/01/2014 - 20:57:39 ---A- - C:\Windows\Prefetch\RAMEDIASERVER.EXE-EDE1787E.pf
~ Prefetcher: 66 Legitimates Filtered in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{93479e9b-ec60-11e2-87f8-00241d93e602}\AutoRun\command. (...) -- H:\HTC_Sync_Manager_PC.exe (.not file.)
O51 - MPSK:{d3852023-e929-11e2-a398-00241d93e602}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Chat-Landmessenger [Key] . (...) -- C:\Users\pierrot\Chat-land\Chat-Landmessenger.exe (.not file.) =>Hijacker.ChercheUS
~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.67BAA789B7216F8B2CAC097FBD92F78F] - 22/12/2009 - 12:43:42 ---A- . (.Windows (R) Win 7 DDK provider - BulkUsb Driver.) -- C:\Windows\System32\Drivers\br_mcu2usb.sys [19968]
O58 - SDL:[MD5.FB38473835476A6FB272215A1D972AF9] - 26/01/2012 - 18:59:24 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [239168]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.9482616A0F87384C5AFB5F34A317BF6C] - 25/10/2007 - 17:31:08 ---A- . (.PixArt Imaging Inc. - PFC027.) -- C:\Windows\System32\Drivers\PFC027.SYS [616064]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.A089FA4AF3D36AE69A349627A15BCA4C] - 08/12/2011 - 22:15:40 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [12984]
O58 - SDL:[MD5.8CF6E2AE1707D82E904ECCA68CEF8B87] - 15/12/2011 - 18:29:42 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [26624]
O58 - SDL:[MD5.827C8058C284FF0013E4462EFE2591A3] - 03/08/2010 - 16:25:28 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tapoas.sys [26112]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 07s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Archived History [57344]
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Archived History-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Cookies [26624]
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Cookies-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Current Session [817]
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Current Tabs [514]
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Extension State\CURRENT [16]
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Extension State\LOG [0]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Extension State\LOG.old [793]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Extension State\MANIFEST-000002 [172] =>.Google Inc
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Extension State\MANIFEST-001456 [1096] =>.Google Inc
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Favicons [20480]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Favicons-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History [90112]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2013-05 [36864]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2013-05-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2013-11 [36864]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2013-11-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2013-12 [36864]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2013-12-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2014-01 [36864]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2014-01-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Provider Cache [494]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Last Session [59]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_djedmhnojidjdlnbidmcolkmkbgmomja_0.localstorage [10240]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_djedmhnojidjdlnbidmcolkmkbgmomja_0.localstorage-journal [10832]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Managed Mode Settings [8]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Origin Bound Certs [15360]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Origin Bound Certs-journal [13928]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Preferences [76259]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Session Storage\CURRENT [16]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Session Storage\LOG [316]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Session Storage\LOG.old [361]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Session Storage\MANIFEST-000398 [288] =>.Google Inc
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Top Sites [20480]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Top Sites-journal [12824]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\User StyleSheets\Custom.css [0]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Visited Links [131072]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Web Data [75776]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Web Data-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Local State [59101]
O61 - LFC: 05/01/2014 - 21:28:41 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Safe Browsing Cookies [6144]
O61 - LFC: 05/01/2014 - 21:28:41 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Safe Browsing Cookies-journal [4640]
O61 - LFC: 05/01/2014 - 21:29:13 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Oxy\Application\First Run [0]
O61 - LFC: 05/01/2014 - 21:30:28 ---A- . (...) -- C:\Users\pierrot\AppData\Roaming\Oxy\config.xml [314]
O61 - LFC: 06/01/2014 - 21:28:42 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [264941]
O61 - LFC: 06/01/2014 - 21:29:04 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Google\Chrome\User Data\Local State [62215]
O61 - LFC: 06/01/2014 - 21:30:29 ---A- . (...) -- C:\Users\pierrot\AppData\Roaming\ZHP\Log.txt [15190] =>.Nicolas Coolman
O61 - LFC: 06/01/2014 - 21:30:29 ---A- . (...) -- C:\Users\pierrot\AppData\Roaming\ZHP\TestsZHPDiag.txt [2860] =>.Nicolas Coolman
~ 43 Fichiers temporaires (Temporary files)
~ Files: 961 Legitimates Filtered in 02mn 09s
---\\ Fichiers Alternate Data Stream (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\d3dx9_42.dll:Zone.Identifier
~ ADS: Scanned in 00mn 07s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Chromium.C3DAUQBGZUV6OF7HL7RBKKZDLA> <Chromium>[HKLM\..\Shell\open\Command] (.Escolade Solutions LTD - Oxy.) -- C:\Users\pierrot\AppData\Local\Oxy\Application\oxy.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\pierrot\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s
---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\pierrot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_keygenfiles.com_0.localstorage
C:\Users\pierrot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_keygenfiles.com_0.localstorage-journal
C:\Users\pierrot\AppData\Local\Temp\Download_133B\{Hearthstone_Keygen}_Downloader.exe
C:\Users\pierrot\AppData\Local\Temp\{Hearthstone Keygen}Download_3645\{Hearthstone_Keygen}_Downloader.exe
C:\Users\pierrot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_keygenfiles.com_0.localstorage
C:\Users\pierrot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_keygenfiles.com_0.localstorage-journal
C:\Users\pierrot\AppData\Local\Temp\Download_133B\{Hearthstone_Keygen}_Downloader.exe
C:\Users\pierrot\AppData\Local\Temp\{Hearthstone Keygen}Download_3645\{Hearthstone_Keygen}_Downloader.exe
~ Files: Scanned in 02mn 13s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.FE106A2F4D67EE4B677AB6B8FA18CF40] [SPRF][22/03/2013] (...) -- C:\Users\pierrot\AppData\Local\Temp\instloffer.exe [196336]
[MD5.9F4A92C7E3DDD525BC6624E0233C31E7] [SPRF][05/01/2014] (.Amônétízé Ltd - Installer.) -- C:\Users\pierrot\AppData\Local\Temp\setup.exe [337448]
[MD5.3433CDC9B6A08060F555A26F571CB128] [SPRF][05/01/2014] (...) -- C:\Users\pierrot\AppData\Local\Temp\tmp4E1B.exe [72232]
[MD5.A9F2EEA910CD28E2FD7A30341A5063C6] [SPRF][05/01/2014] (.FINEDREAM INVEST LTD - Oxy Setup.) -- C:\Users\pierrot\AppData\Local\Temp\tmp5E97.exe [46105760]
[MD5.3433CDC9B6A08060F555A26F571CB128] [SPRF][05/01/2014] (...) -- C:\Users\pierrot\AppData\Local\Temp\tmp8218.exe [72232]
[MD5.3433CDC9B6A08060F555A26F571CB128] [SPRF][05/01/2014] (...) -- C:\Users\pierrot\AppData\Local\Temp\tmp981A.exe [72232]
[MD5.3433CDC9B6A08060F555A26F571CB128] [SPRF][05/01/2014] (...) -- C:\Users\pierrot\AppData\Local\Temp\tmpAE2B.exe [72232]
[MD5.BD408CE142B9E7703D96D026FA1D9D20] [SPRF][27/09/2013] (...) -- C:\Users\pierrot\Desktop\HearthStone Beta Key Generator.exe [483027]
~ Files: 21 Legitimates Filtered in 00mn 02s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{99C6260B-CFA4-433F-A990-EBC6248B963B}C:\program files\kvirc\kvirc.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\kvirc\kvirc.exe (.not file.)
O87 - FAEL: "UDP Query User{356ED937-A04F-4BAA-A791-64DAFE5B402A}C:\program files\kvirc\kvirc.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\kvirc\kvirc.exe (.not file.)
O87 - FAEL: "TCP Query User{1130423F-A4AF-4B93-8445-7C2226F64AF7}C:\windows\kmsemulator.exe" | In - Private - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe
O87 - FAEL: "UDP Query User{9963DC49-DF46-4A8A-9441-B5EE7D9F171C}C:\windows\kmsemulator.exe" | In - Private - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe
O87 - FAEL: "{679BF84A-5315-4CF5-BEE8-C0646E8C8213}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{F4E92E99-A9D5-4740-9F11-5C86FC99D64C}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{4679F6F0-7385-47FA-A9AB-4CFBA010F704}" | In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{0C827E6A-FEC8-4211-8625-88462E158910}" | In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{765D8A24-0BB4-43FF-8E93-E65C0E2AF8D2}" | In - Private - P6 - TRUE | .(...) -- C:\Users\pierrot\AppData\Local\Oxy\Application\bin\oxy-downloader.exe
O87 - FAEL: "{28EAA537-B500-4AE7-8240-827354406E4D}" | In - Private - P17 - TRUE | .(...) -- C:\Users\pierrot\AppData\Local\Oxy\Application\bin\oxy-downloader.exe
~ Firewall: 273 Legitimates Filtered in 00mn 03s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "F264C71DDFB641017B5D7A4B0894CA7F" . (.Strawberry Perl.) -- C:\Windows\Installer\{D17C462F-6BFD-1014-B7D5-A7B48049ACF7}\i_main_ico
~ Update Products: 91 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.0EDDB0D2B3A3AF5BE400253B3E587D51] [WIS][06/02/2013] (.strawberryperl.com project - Perl for Win32 operating systems..) -- C:\Windows\Installer\16569.msi [65978368]
[MD5.F75F288EF3F562C1CB20596906F8C8E8] [WIS][06/11/2012] (.OpenVPN Technologies - OpenVPN Client.) -- C:\Windows\Installer\26750ae.msi [16289280]
~ WIS: 93 Legitimates Filtered in 00mn 20s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 04/04/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 14/11/2011 311928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SS - | Demand 21/01/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 15/12/2011 14848 | (OpenVPNService) . (...) - C:\Program Files\OpenVPN\bin\openvpnserv.exe
SS - | Demand 18/08/2011 625728 | (RaMediaServer) . (...) - C:\Program Files\Ralink\Common\RaMediaServer.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 06/09/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 23/06/2013 22016 | (wampapache) . (.Apache Software Foundation.) - G:\DEV\wamp\bin\apache\apache2.4.4\bin\httpd.exe
SS - | Demand 23/06/2013 10923520 | (wampmysqld) . (...) - G:\DEV\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe
SR - | Auto 10/07/1658 0 | (89f7ebe4) . (...) - C:\Program Files\winweb~1\WinWebprotectionSvc.dll
SR - | Auto 09/03/2012 163328 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 07/02/2011 138192 | (IJPLMSVC) . (...) - C:\Program Files\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 12/08/2010 24064 | (OpenVPNAccessClient) . (...) - C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
SR - | Auto 31/03/2011 375872 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files\Ralink\Common\RaRegistry.exe
SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Auto 22/08/2011 79872 | (VMAuthdService) . (.VMware, Inc..) - C:\Program Files\VMware\VMware Player\vmware-authd.exe
SR - | Auto 22/08/2011 354416 | (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\system32\vmnetdhcp.exe
SR - | Auto 21/08/2011 665200 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
SR - | Auto 22/08/2011 432752 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe
SR - | Auto 07/05/2012 82344 | (VTechUSBSocketService) . (.VTech.) - G:\ordi Zayan\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 23s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by pierrot at 06/01/2014 21:33:35
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13018 - (02/01/2014)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 5
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F9474663-1411-4529-A7C2-5C3322A46495}] =>Adware.Browse2Save^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Chat-Landmessenger] =>Hijacker.ChercheUS^
[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
C:\Program Files\BrowseToSave =>Adware.Browse2Save^
C:\ProgramData\BBrowsee2sAove =>Adware.Browse2Save^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\RanedomPricce =>PUP.RandomPrice^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Vittalia] =>PUP.Vittalia^
C:\Users\pierrot\AppData\Local\Temp\instloffer.exe =>PUP.OfferBox
C:\Windows\KMSEmulator.exe =>Hijacker.Windows
~ Additionnel Scan: 361749 Items scanned in 01mn 33s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26609108-hijacker-chercheus =>Hijacker.ChercheUS
~ http://nicolascoolman.webs.com/apps/blog/show/27563212-pup-clarosearch =>PUP.ClaroSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26627530-adware-browse2save =>Adware.Browse2Save
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
~ http://nicolascoolman.webs.com/apps/blog/show/28486577-pup-mocaflix =>PUP.MocaFlix
~ http://nicolascoolman.webs.com/apps/blog/show/35115580-pup-vittalia =>PUP.Vittalia
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/40325236-pup-randomprice =>PUP.RandomPrice
~ http://nicolascoolman.webs.com/apps/blog/show/27350807-adware-recordnrip =>Adware.RecordNRip
~ http://nicolascoolman.webs.com/apps/blog/show/26632189-adware-magnipic =>Adware.MagniPic
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blog/show/39592164-hijacker-windows =>Hijacker.Windows
~ MSI: 14 link(s) detected in 01mn 34s
~ 2651 Legitimates filtered by white list
End of the scan (679 lines in 15mn 38s)(8)
JRT :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x86
Ran by pierrot on 07/01/2014 at 20:48:28,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2685745190-3337387317-3771212626-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2685745190-3337387317-3771212626-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasmancs
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{00232930-C885-4F2E-87B2-F051B7EAFC21}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0089D6DC-9F67-4613-9554-6DE4E29CC73A}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0098EF0D-B8BD-4844-A6A0-BBB07E1B3807}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{00BFA643-9B49-45F2-9951-C32187EBFFCB}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{00E71AB4-846E-441C-B2B4-DE866ADF8A3E}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{01276AEC-BEE5-4006-8FDF-5B1175D9B1B8}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{014E0DCD-03ED-4858-B924-F17B2BAACD0E}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0181C433-B669-43C6-A233-B32D66255F1F}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{02927C72-4054-4296-9584-C887E918BC9A}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{02F5AD14-2D8F-4F54-B1AE-62F6DCC32FB1}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{03915491-4CBA-42E2-9E23-7E3D8EA1710C}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{03D44C30-9ECC-44A7-BBAF-29C5345D4070}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{043AE949-1016-489F-AB80-9474315F7F93}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{04AD2085-158E-4EC5-96C5-A2E20B14D1BD}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{084C21D3-B290-48AB-B24D-548D315673B1}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{085FCA2A-7174-425E-886D-FE6B1E23664B}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{09AAF294-3ED6-4A90-9CF6-82D7864B8CF1}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0B1D39A5-BA6C-4331-AF63-2513E35B4BF9}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0B405B9C-D99A-4FF6-AAEB-D60BE1D1EB22}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0C055972-680E-42DE-BF94-0810E0BB95F9}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0C665AC2-E759-4198-89BD-D86981EA7250}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0C94E903-7220-499B-A8D6-ABCCF43EC2C1}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0CCC8A14-8E72-46CB-9893-CCC6C73AD823}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0D5565F5-70CE-4AED-B555-F3F3F84A3F11}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0DD94405-74D2-4C99-AFDC-E9E640316F54}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0E073C77-161C-459B-85B4-8282C0C7988C}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0E47B660-CB90-4EFC-86F4-8956A6653928}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0E553593-D1FF-44EA-9547-37CBAA86D570}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0F9CA8F3-51
~ Rapport de ZHPDiag v2014.1.2.5 - Nicolas Coolman (02/01/2014)
~ Lancé par pierrot (06/01/2014 21:19:34)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 18.0.1
GCIE: Google Chrome v31.0.1650.63 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, VOLUME_MAK channel
Windows ID Activation : OK
~ Windows Partial Key : 4G37D
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
Pando Media Booster v2.6.0.1
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Java 7 Update 45
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 5 GB (6%) free of 74 GB
---\\ Mode de connexion au système
~ Computer Name: PIERROT-PC
~ User Name: pierrot
~ All Users Names: pierrot, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\pierrot\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\pierrot\AppData\Roaming\
~ %Desktop% : C:\Users\pierrot\Desktop\
~ %Favorites% : C:\Users\pierrot\Favorites\
~ %LocalAppData% : C:\Users\pierrot\AppData\Local\
~ %StartMenu% : C:\Users\pierrot\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 5 Go of 74 Go)
D: Hard drive, Flash drive, Thumb drive (Free 8 Go of 149 Go)
E: CD-ROM drive (Not Inserted)
G: Hard drive, Flash drive, Thumb drive (Free 9 Go of 75 Go)
K: Floppy drive, Flash card reader, USB Key (Not Inserted)
L: Floppy drive, Flash card reader, USB Key (Not Inserted)
M: Floppy drive, Flash card reader, USB Key (Not Inserted)
N: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 07:33:33.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/31
~ Mes musiques (My Musics) : 1/26
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 2/141
~ Mon Bureau (My Desktop) : 1/4955
~ Menu demarrer (Programs) : 1/78
~ Hidden Files: Scanned in 00mn 09s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1624]
[MD5.D49C6A597814433ED6C3BF7ECF2D27BD] - (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe [2565520] [PID.372]
[MD5.00AB2B491C7037BB219BEB26FAD34C72] - (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.exe [1612920] [PID.2416]
[MD5.5F7EE76129F9A591F22F99F95D97AC95] - (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016] [PID.2484]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.1728]
[MD5.0B692C328AF648AD478A967C21DD7936] - (.Pas de propriétaire - AgentMon Application.) -- G:\ordi Zayan\VTech\DownloadManager\System\AgentMonitor.exe [391040] [PID.2972]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392] [PID.3236]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Users\pierrot\AppData\Local\Google\Chrome\Application\chrome.exe [863184] [PID.5336]
[MD5.E9ACE8568F9F906996B16363E9861829] - (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- G:\Steam\Steam.exe [1823656] [PID.4592]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.2696]
[MD5.96D15D600A881779177985166A8F022F] - (.Nicolas Coolman - ZHPDiag Setup.) -- D:\telechargement\ZHPDiag2.exe [6864398] [PID.4184]
[MD5.9E30AB5E3F6B43F69F928E6B4FCFD604] - (.Pas de propriétaire - Setup/Uninstall.) -- C:\Users\pierrot\AppData\Local\Temp\is-53VPH.tmp\ZHPDiag2.tmp [680960] [PID.5144]
[MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8321024] [PID.2624]
[MD5.4B9298FD6707980AB8E3A8F0E642EC9A] - (.AMD - AMD External Events Service Module.) -- C:\Windows\system32\atiesrxx.exe [163328] [PID.832]
[MD5.F4E24BB33314593B8AAA269A85045909] - (.AMD - AMD External Events Client Module.) -- C:\Windows\system32\atieclxx.exe [405504] [PID.1316]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.1940]
[MD5.CE1EE31FFF730CA975A5535D8A71AF61] - (.Pas de propriétaire - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.exe [138192] [PID.2008]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.380]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.720]
[MD5.8C02B0CC65BEE71124A565062BA77B39] - (...) -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064] [PID.1188]
[MD5.F502A4B72524D21C5CA7183E61FB522E] - (.Ralink Technology, Corp. - RalinkRegistryWriter.) -- C:\Program Files\Ralink\Common\RaRegistry.exe [375872] [PID.1744]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.1656]
[MD5.4D09B93F16DA1AA08EB226F9F1AA4D51] - (.VMware, Inc. - VMware USB Arbitration Service.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [665200] [PID.2060]
[MD5.95EEC9F8FEB9D06872A433F058AB8E60] - (.VMware, Inc. - VMware NAT Service.) -- C:\Windows\system32\vmnat.exe [432752] [PID.2108]
[MD5.E3DED404ED971CA58DE75F45227F947C] - (.VTech - VTech Service Installer.) -- G:\ordi Zayan\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [82344] [PID.2152]
[MD5.82FF155BF3F16AFEF04A26045EFECECF] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\Windows\system32\vmnetdhcp.exe [354416] [PID.2184]
[MD5.1B27939FC5B5B697D10BE276A83D3C35] - (.VTech - VTech USB Socket Service.) -- G:\ordi Zayan\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe [183720] [PID.2192]
[MD5.0FC29ADB3F634ED3E535A76395B470B5] - (.VMware, Inc. - VMware Authorization Service.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872] [PID.2224]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.4916]
[MD5.6F44F5C0BC6B210FE5F5A1C8D899AD0A] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [77312] [PID.4088]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.4576]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\pierrot\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google\u00C2 Wallet v.0.0.6.0 (Activé)
~ Google Browser: 11 Legitimates Filtered in 03mn 02s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\pierrot\AppData\Roaming\Mozilla\Firefox\Profiles\rh29j0kd.default\prefs.js
C:\Users\pierrot\AppData\Roaming\Mozilla\Firefox\Profiles\zns3e3ac.default\prefs.js
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (...) -- C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (.not file.)
P2 - FPN: [HKLM] [@divx.com/DivX VOD Helper,version=1.0.0] - (...) -- C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (.not file.)
~ Firefox Browser: 27 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 07s
~ Nombre de lignes (Lines number): 26
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Battle.net.lnk . (.Blizzard Entertainment - Battle.net Setup.) -- C:\Program Files\Battle.net\Battle.net Launcher.exe
O4 - GS\Desktop [Public]: Brutal Legend.lnk . (...) -- G:\Brutal legend\Brutal Legend\BrutalLegend.exe (.not file.)
O4 - GS\Desktop [Public]: Hearthstone.lnk . (.Blizzard Entertainment - Hearthstone Setup.) -- C:\Program Files\Hearthstone\Hearthstone Beta Launcher.exe
O4 - GS\Desktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\Program [Public]: Brutal Legend.lnk . (...) -- G:\Brutal legend\Brutal Legend\BrutalLegend.exe (.not file.)
O4 - GS\Program [Public]: Chivalry Medieval Warfare.lnk . (...) -- D:\chivalry\Chivalry Medieval Warfare\Binaries\Win32\UDK.exe (.not file.)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [pierrot]: Easy Audio Cutter.lnk . (...) -- C:\Program Files\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe (.not file.)
O4 - GS\QuickLaunch [pierrot]: Free CD Ripper.lnk . (...) -- C:\Program Files\Free mp3 Wma Converter\Free CD Ripper\FreeCDRipper.exe (.not file.)
O4 - GS\QuickLaunch [pierrot]: Free Mp3 Wma Converter.lnk . (...) -- C:\Program Files\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (.not file.)
O4 - GS\QuickLaunch [pierrot]: KVIrc.lnk . (...) -- C:\Program Files\KVIrc\kvirc.exe (.not file.)
O4 - GS\QuickLaunch [pierrot]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [pierrot]: VMware Player.lnk . (.VMware, Inc. - VMware Player.) -- C:\Program Files\VMware\VMware Player\vmplayer.exe
O4 - GS\TaskBar [pierrot]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\pierrot\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [pierrot]: Minecraft (1).lnk . (...) -- C:\Users\pierrot\Downloads\Minecraft (1).exe
O4 - GS\TaskBar [pierrot]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [pierrot]: SSH, Telnet and Rlogin client.lnk . (...) -- C:\Users\pierrot\Desktop\putty.exe (.not file.)
O4 - GS\TaskBar [pierrot]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\TaskBar [pierrot]: wperl.lnk . (...) -- C:\strawberry\perl\bin\wperl.exe
O4 - GS\Program [pierrot]: Chat-Land messenger.lnk . (...) -- C:\Users\pierrot\chat-land\Chat-Landmessenger.exe (.not file.) =>Hijacker.ChercheUS
O4 - GS\Program [pierrot]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [pierrot]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [pierrot]: Chromium.lnk . (.Escolade Solutions LTD - Oxy.) -- C:\Users\pierrot\AppData\Local\Oxy\Application\oxy.exe
O4 - GS\Desktop [pierrot]: Explor@ Park.lnk . (...) -- G:\ordi Zayan\VTech\DownloadManager\System\AgentMonitor.exe
O4 - GS\Desktop [pierrot]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\pierrot\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [pierrot]: PS3 Media Server.lnk . (.PS3 Media Server - PS3 Media Server.) -- D:\PS3 Media Server\PMS.exe
~ Global Startup: 85 Legitimates Filtered in 00mn 08s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: OpenVPN Client.lnk . (...) -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe
O4 - GS\Startup [Public]: Ralink Wireless Utility.lnk . (.Ralink Technology, Corp. - Ralink Wireless LAN Card Utility.) -- C:\Program Files\Ralink\Common\RaUI.exe
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKLM\..\Run: [CanonSolutionMenuEx] . (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.exe
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] . (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AgentMonitor] . (.Pas de propriétaire - AgentMon Application.) -- G:\ordi Zayan\VTech\DownloadManager\System\AgentMonitor.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\pierrot\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- G:\Steam\steam.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2685745190-3337387317-3771212626-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\pierrot\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-2685745190-3337387317-3771212626-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-2685745190-3337387317-3771212626-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2685745190-3337387317-3771212626-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2685745190-3337387317-3771212626-1000\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- G:\Steam\steam.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6622DA2-0BF7-4C71-B777-6CD2FAC3EDB7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D6622DA2-0BF7-4C71-B777-6CD2FAC3EDB7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D6622DA2-0BF7-4C71-B777-6CD2FAC3EDB7}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{D6622DA2-0BF7-4C71-B777-6CD2FAC3EDB7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = pierrot.lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\ProgramData\WinWeb protection\WinWebprotection.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: WinWeb protection (89f7ebe4) . (...) - C:\Program Files\winweb~1\WinWebprotectionSvc.dll (.not file.)
O23 - Service: OpenVPN Access Client (OpenVPNAccessClient) . (...) - C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
O23 - Service: VTechUSBSocketService (VTechUSBSocketService) . (.VTech - VTech Service Installer.) - G:\ordi Zayan\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe
~ Services: 14 Legitimates Filtered in 01mn 13s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job [294]
[MD5.00000000000000000000000000000000] [APT] [{03548914-2CCF-4A4B-8725-9F3FF9C337BF}] (...) -- C:\Users\pierrot\chat-land\UChatLand.exe (.not file.) [0] =>Hijacker.ChercheUS
[MD5.00000000000000000000000000000000] [APT] [{6234AF4E-54E0-482F-83CC-6298D04E2BBA}] (...) -- D:\The Elder Scrolls V Skyrim\TESV.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B1DF23F5-235B-4BEA-A8FE-A20796AC0020}] (...) -- C:\Program Files\Claro LTD\claro\1.8.8.5\GUninstaller.exe (.not file.) [0] =>PUP.ClaroSearch
[MD5.00000000000000000000000000000000] [APT] [{FFD168B3-18C3-4B20-84E6-EACF586D3F34}] (...) -- D:\The Elder Scrolls V Skyrim\TESV.exe (.not file.) [0]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 16s
---\\ Logiciels installés (O42)
O42 - Logiciel: BrowseToSave - (...) [HKLM] -- {F9474663-1411-4529-A7C2-5C3322A46495} =>Adware.Browse2Save
O42 - Logiciel: Brutal Legend version 1 - (...) [HKLM] -- QnJ1dGFsIExlZ2VuZA==_is1
O42 - Logiciel: Eye 110 - (...) [HKLM] -- {C679F9B9-C65D-4C65-BD6C-BF90B859E281}
O42 - Logiciel: No More Room in Hell - (.No More Room in Hell Team.) [HKLM] -- Steam App 224260
O42 - Logiciel: WinWeb protection - (.PlanetCore.) [HKLM] -- {5F189DF5-2D05-472B-9091-84D9848AE48B}{89f7ebe4}
~ Logic: 23 Legitimates Filtered in 00mn 04s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Emtec]
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKCU\Software\Pando Networks]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\Dejan0]
[HKLM\Software\Dejan1]
[HKLM\Software\Dejan2]
[HKLM\Software\Dejan3]
[HKLM\Software\Emtec]
[HKLM\Software\IncrediMail]
[HKLM\Software\Nom de votre sociét]
[HKLM\Software\Pando Networks]
[HKLM\Software\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\SProtector] =>PUP.Mocaflix
[HKLM\Software\Vittalia] =>PUP.Vittalia
~ Key Software: 326 Legitimates Filtered in 00mn 04s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/12/2013 - 23:17:43 - [0] ----D C:\Program Files\BrowseToSave =>Adware.Browse2Save
O43 - CFD: 27/01/2013 - 13:21:44 - [115,946] ----D C:\Program Files\glassfish-3.1.2.2
O43 - CFD: 05/12/2011 - 22:40:18 - [7,134] ----D C:\Program Files\Pando Networks
O43 - CFD: 01/01/2014 - 15:51:18 - [0,002] ----D C:\ProgramData\1409411e1f0bea8e
O43 - CFD: 07/04/2013 - 14:38:00 - [0,025] ----D C:\ProgramData\BBrowsee2sAove =>Adware.Browse2Save
O43 - CFD: 05/10/2013 - 21:46:40 - [4,159] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 01/01/2014 - 15:51:12 - [0,007] ----D C:\ProgramData\ogefojeehnajpbfgfbpligkeieoobjgn
O43 - CFD: 04/01/2014 - 12:47:26 - [0,007] ----D C:\ProgramData\RanedomPricce =>PUP.RandomPrice
O43 - CFD: 04/01/2014 - 12:47:26 - [0,007] ----D C:\ProgramData\SaveLoTs
O43 - CFD: 28/12/2013 - 23:17:58 - [4,360] ----D C:\ProgramData\WinWeb protection
O43 - CFD: 05/01/2014 - 22:07:56 - [0] ----D C:\Users\pierrot\AppData\Roaming\Oxy
O43 - CFD: 25/07/2012 - 12:10:35 - [0] ----D C:\Users\pierrot\AppData\Roaming\Toad Data Modeler Freeware
O43 - CFD: 05/01/2014 - 22:06:01 - [77,768] ----D C:\Users\pierrot\AppData\Local\Oxy
O43 - CFD: 09/04/2013 - 21:57:38 - [0,017] ----D C:\Users\pierrot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio
~ 369 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 628 Legitimates Filtered in 02mn 33s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.4AC1E8599B98226A3E98604226A2AD97] - 06/01/2014 - 21:24:59 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [28288]
O44 - LFC:[MD5.4AC1E8599B98226A3E98604226A2AD97] - 06/01/2014 - 21:24:59 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [28288]
~ Files: 12 Legitimates Filtered in 00mn 10s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.07E13F41252F46B49AA7B41FA78A3EDF] - 06/01/2014 - 10:41:24 ---A- - C:\Windows\Prefetch\WLRMDR.EXE-C2B47318.pf
O45 - LFCP:[MD5.E32770840B83871549B394B74A34E222] - 06/01/2014 - 20:57:39 ---A- - C:\Windows\Prefetch\RAMEDIASERVER.EXE-EDE1787E.pf
~ Prefetcher: 66 Legitimates Filtered in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{93479e9b-ec60-11e2-87f8-00241d93e602}\AutoRun\command. (...) -- H:\HTC_Sync_Manager_PC.exe (.not file.)
O51 - MPSK:{d3852023-e929-11e2-a398-00241d93e602}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Chat-Landmessenger [Key] . (...) -- C:\Users\pierrot\Chat-land\Chat-Landmessenger.exe (.not file.) =>Hijacker.ChercheUS
~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.67BAA789B7216F8B2CAC097FBD92F78F] - 22/12/2009 - 12:43:42 ---A- . (.Windows (R) Win 7 DDK provider - BulkUsb Driver.) -- C:\Windows\System32\Drivers\br_mcu2usb.sys [19968]
O58 - SDL:[MD5.FB38473835476A6FB272215A1D972AF9] - 26/01/2012 - 18:59:24 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [239168]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.9482616A0F87384C5AFB5F34A317BF6C] - 25/10/2007 - 17:31:08 ---A- . (.PixArt Imaging Inc. - PFC027.) -- C:\Windows\System32\Drivers\PFC027.SYS [616064]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.A089FA4AF3D36AE69A349627A15BCA4C] - 08/12/2011 - 22:15:40 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [12984]
O58 - SDL:[MD5.8CF6E2AE1707D82E904ECCA68CEF8B87] - 15/12/2011 - 18:29:42 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [26624]
O58 - SDL:[MD5.827C8058C284FF0013E4462EFE2591A3] - 03/08/2010 - 16:25:28 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tapoas.sys [26112]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 07s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Archived History [57344]
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Archived History-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Cookies [26624]
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Cookies-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Current Session [817]
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Current Tabs [514]
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Extension State\CURRENT [16]
O61 - LFC: 05/01/2014 - 21:28:38 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Extension State\LOG [0]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Extension State\LOG.old [793]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Extension State\MANIFEST-000002 [172] =>.Google Inc
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Extension State\MANIFEST-001456 [1096] =>.Google Inc
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Favicons [20480]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Favicons-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History [90112]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2013-05 [36864]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2013-05-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2013-11 [36864]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2013-11-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2013-12 [36864]
O61 - LFC: 05/01/2014 - 21:28:39 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2013-12-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2014-01 [36864]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Index 2014-01-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History Provider Cache [494]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\History-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Last Session [59]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_djedmhnojidjdlnbidmcolkmkbgmomja_0.localstorage [10240]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_djedmhnojidjdlnbidmcolkmkbgmomja_0.localstorage-journal [10832]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Managed Mode Settings [8]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Origin Bound Certs [15360]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Origin Bound Certs-journal [13928]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Preferences [76259]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Session Storage\CURRENT [16]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Session Storage\LOG [316]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Session Storage\LOG.old [361]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Session Storage\MANIFEST-000398 [288] =>.Google Inc
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Top Sites [20480]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Top Sites-journal [12824]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\User StyleSheets\Custom.css [0]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Visited Links [131072]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Web Data [75776]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Default\Web Data-journal [16384]
O61 - LFC: 05/01/2014 - 21:28:40 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Local State [59101]
O61 - LFC: 05/01/2014 - 21:28:41 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Safe Browsing Cookies [6144]
O61 - LFC: 05/01/2014 - 21:28:41 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Chromium\User Data\Safe Browsing Cookies-journal [4640]
O61 - LFC: 05/01/2014 - 21:29:13 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Oxy\Application\First Run [0]
O61 - LFC: 05/01/2014 - 21:30:28 ---A- . (...) -- C:\Users\pierrot\AppData\Roaming\Oxy\config.xml [314]
O61 - LFC: 06/01/2014 - 21:28:42 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [264941]
O61 - LFC: 06/01/2014 - 21:29:04 ---A- . (...) -- C:\Users\pierrot\AppData\Local\Google\Chrome\User Data\Local State [62215]
O61 - LFC: 06/01/2014 - 21:30:29 ---A- . (...) -- C:\Users\pierrot\AppData\Roaming\ZHP\Log.txt [15190] =>.Nicolas Coolman
O61 - LFC: 06/01/2014 - 21:30:29 ---A- . (...) -- C:\Users\pierrot\AppData\Roaming\ZHP\TestsZHPDiag.txt [2860] =>.Nicolas Coolman
~ 43 Fichiers temporaires (Temporary files)
~ Files: 961 Legitimates Filtered in 02mn 09s
---\\ Fichiers Alternate Data Stream (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\d3dx9_42.dll:Zone.Identifier
~ ADS: Scanned in 00mn 07s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Chromium.C3DAUQBGZUV6OF7HL7RBKKZDLA> <Chromium>[HKLM\..\Shell\open\Command] (.Escolade Solutions LTD - Oxy.) -- C:\Users\pierrot\AppData\Local\Oxy\Application\oxy.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\pierrot\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s
---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\pierrot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_keygenfiles.com_0.localstorage
C:\Users\pierrot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_keygenfiles.com_0.localstorage-journal
C:\Users\pierrot\AppData\Local\Temp\Download_133B\{Hearthstone_Keygen}_Downloader.exe
C:\Users\pierrot\AppData\Local\Temp\{Hearthstone Keygen}Download_3645\{Hearthstone_Keygen}_Downloader.exe
C:\Users\pierrot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_keygenfiles.com_0.localstorage
C:\Users\pierrot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_keygenfiles.com_0.localstorage-journal
C:\Users\pierrot\AppData\Local\Temp\Download_133B\{Hearthstone_Keygen}_Downloader.exe
C:\Users\pierrot\AppData\Local\Temp\{Hearthstone Keygen}Download_3645\{Hearthstone_Keygen}_Downloader.exe
~ Files: Scanned in 02mn 13s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.FE106A2F4D67EE4B677AB6B8FA18CF40] [SPRF][22/03/2013] (...) -- C:\Users\pierrot\AppData\Local\Temp\instloffer.exe [196336]
[MD5.9F4A92C7E3DDD525BC6624E0233C31E7] [SPRF][05/01/2014] (.Amônétízé Ltd - Installer.) -- C:\Users\pierrot\AppData\Local\Temp\setup.exe [337448]
[MD5.3433CDC9B6A08060F555A26F571CB128] [SPRF][05/01/2014] (...) -- C:\Users\pierrot\AppData\Local\Temp\tmp4E1B.exe [72232]
[MD5.A9F2EEA910CD28E2FD7A30341A5063C6] [SPRF][05/01/2014] (.FINEDREAM INVEST LTD - Oxy Setup.) -- C:\Users\pierrot\AppData\Local\Temp\tmp5E97.exe [46105760]
[MD5.3433CDC9B6A08060F555A26F571CB128] [SPRF][05/01/2014] (...) -- C:\Users\pierrot\AppData\Local\Temp\tmp8218.exe [72232]
[MD5.3433CDC9B6A08060F555A26F571CB128] [SPRF][05/01/2014] (...) -- C:\Users\pierrot\AppData\Local\Temp\tmp981A.exe [72232]
[MD5.3433CDC9B6A08060F555A26F571CB128] [SPRF][05/01/2014] (...) -- C:\Users\pierrot\AppData\Local\Temp\tmpAE2B.exe [72232]
[MD5.BD408CE142B9E7703D96D026FA1D9D20] [SPRF][27/09/2013] (...) -- C:\Users\pierrot\Desktop\HearthStone Beta Key Generator.exe [483027]
~ Files: 21 Legitimates Filtered in 00mn 02s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{99C6260B-CFA4-433F-A990-EBC6248B963B}C:\program files\kvirc\kvirc.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\kvirc\kvirc.exe (.not file.)
O87 - FAEL: "UDP Query User{356ED937-A04F-4BAA-A791-64DAFE5B402A}C:\program files\kvirc\kvirc.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\kvirc\kvirc.exe (.not file.)
O87 - FAEL: "TCP Query User{1130423F-A4AF-4B93-8445-7C2226F64AF7}C:\windows\kmsemulator.exe" | In - Private - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe
O87 - FAEL: "UDP Query User{9963DC49-DF46-4A8A-9441-B5EE7D9F171C}C:\windows\kmsemulator.exe" | In - Private - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe
O87 - FAEL: "{679BF84A-5315-4CF5-BEE8-C0646E8C8213}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{F4E92E99-A9D5-4740-9F11-5C86FC99D64C}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{4679F6F0-7385-47FA-A9AB-4CFBA010F704}" | In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{0C827E6A-FEC8-4211-8625-88462E158910}" | In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{765D8A24-0BB4-43FF-8E93-E65C0E2AF8D2}" | In - Private - P6 - TRUE | .(...) -- C:\Users\pierrot\AppData\Local\Oxy\Application\bin\oxy-downloader.exe
O87 - FAEL: "{28EAA537-B500-4AE7-8240-827354406E4D}" | In - Private - P17 - TRUE | .(...) -- C:\Users\pierrot\AppData\Local\Oxy\Application\bin\oxy-downloader.exe
~ Firewall: 273 Legitimates Filtered in 00mn 03s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "F264C71DDFB641017B5D7A4B0894CA7F" . (.Strawberry Perl.) -- C:\Windows\Installer\{D17C462F-6BFD-1014-B7D5-A7B48049ACF7}\i_main_ico
~ Update Products: 91 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.0EDDB0D2B3A3AF5BE400253B3E587D51] [WIS][06/02/2013] (.strawberryperl.com project - Perl for Win32 operating systems..) -- C:\Windows\Installer\16569.msi [65978368]
[MD5.F75F288EF3F562C1CB20596906F8C8E8] [WIS][06/11/2012] (.OpenVPN Technologies - OpenVPN Client.) -- C:\Windows\Installer\26750ae.msi [16289280]
~ WIS: 93 Legitimates Filtered in 00mn 20s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 04/04/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 14/11/2011 311928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SS - | Demand 21/01/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 15/12/2011 14848 | (OpenVPNService) . (...) - C:\Program Files\OpenVPN\bin\openvpnserv.exe
SS - | Demand 18/08/2011 625728 | (RaMediaServer) . (...) - C:\Program Files\Ralink\Common\RaMediaServer.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 06/09/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 23/06/2013 22016 | (wampapache) . (.Apache Software Foundation.) - G:\DEV\wamp\bin\apache\apache2.4.4\bin\httpd.exe
SS - | Demand 23/06/2013 10923520 | (wampmysqld) . (...) - G:\DEV\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe
SR - | Auto 10/07/1658 0 | (89f7ebe4) . (...) - C:\Program Files\winweb~1\WinWebprotectionSvc.dll
SR - | Auto 09/03/2012 163328 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 07/02/2011 138192 | (IJPLMSVC) . (...) - C:\Program Files\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 12/08/2010 24064 | (OpenVPNAccessClient) . (...) - C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
SR - | Auto 31/03/2011 375872 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files\Ralink\Common\RaRegistry.exe
SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Auto 22/08/2011 79872 | (VMAuthdService) . (.VMware, Inc..) - C:\Program Files\VMware\VMware Player\vmware-authd.exe
SR - | Auto 22/08/2011 354416 | (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\system32\vmnetdhcp.exe
SR - | Auto 21/08/2011 665200 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
SR - | Auto 22/08/2011 432752 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe
SR - | Auto 07/05/2012 82344 | (VTechUSBSocketService) . (.VTech.) - G:\ordi Zayan\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 23s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by pierrot at 06/01/2014 21:33:35
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13018 - (02/01/2014)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 5
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F9474663-1411-4529-A7C2-5C3322A46495}] =>Adware.Browse2Save^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Chat-Landmessenger] =>Hijacker.ChercheUS^
[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
C:\Program Files\BrowseToSave =>Adware.Browse2Save^
C:\ProgramData\BBrowsee2sAove =>Adware.Browse2Save^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\RanedomPricce =>PUP.RandomPrice^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Vittalia] =>PUP.Vittalia^
C:\Users\pierrot\AppData\Local\Temp\instloffer.exe =>PUP.OfferBox
C:\Windows\KMSEmulator.exe =>Hijacker.Windows
~ Additionnel Scan: 361749 Items scanned in 01mn 33s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26609108-hijacker-chercheus =>Hijacker.ChercheUS
~ http://nicolascoolman.webs.com/apps/blog/show/27563212-pup-clarosearch =>PUP.ClaroSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26627530-adware-browse2save =>Adware.Browse2Save
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
~ http://nicolascoolman.webs.com/apps/blog/show/28486577-pup-mocaflix =>PUP.MocaFlix
~ http://nicolascoolman.webs.com/apps/blog/show/35115580-pup-vittalia =>PUP.Vittalia
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/40325236-pup-randomprice =>PUP.RandomPrice
~ http://nicolascoolman.webs.com/apps/blog/show/27350807-adware-recordnrip =>Adware.RecordNRip
~ http://nicolascoolman.webs.com/apps/blog/show/26632189-adware-magnipic =>Adware.MagniPic
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blog/show/39592164-hijacker-windows =>Hijacker.Windows
~ MSI: 14 link(s) detected in 01mn 34s
~ 2651 Legitimates filtered by white list
End of the scan (679 lines in 15mn 38s)(8)
JRT :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x86
Ran by pierrot on 07/01/2014 at 20:48:28,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2685745190-3337387317-3771212626-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2685745190-3337387317-3771212626-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasmancs
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{00232930-C885-4F2E-87B2-F051B7EAFC21}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0089D6DC-9F67-4613-9554-6DE4E29CC73A}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0098EF0D-B8BD-4844-A6A0-BBB07E1B3807}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{00BFA643-9B49-45F2-9951-C32187EBFFCB}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{00E71AB4-846E-441C-B2B4-DE866ADF8A3E}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{01276AEC-BEE5-4006-8FDF-5B1175D9B1B8}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{014E0DCD-03ED-4858-B924-F17B2BAACD0E}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0181C433-B669-43C6-A233-B32D66255F1F}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{02927C72-4054-4296-9584-C887E918BC9A}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{02F5AD14-2D8F-4F54-B1AE-62F6DCC32FB1}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{03915491-4CBA-42E2-9E23-7E3D8EA1710C}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{03D44C30-9ECC-44A7-BBAF-29C5345D4070}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{043AE949-1016-489F-AB80-9474315F7F93}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{04AD2085-158E-4EC5-96C5-A2E20B14D1BD}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{084C21D3-B290-48AB-B24D-548D315673B1}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{085FCA2A-7174-425E-886D-FE6B1E23664B}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{09AAF294-3ED6-4A90-9CF6-82D7864B8CF1}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0B1D39A5-BA6C-4331-AF63-2513E35B4BF9}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0B405B9C-D99A-4FF6-AAEB-D60BE1D1EB22}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0C055972-680E-42DE-BF94-0810E0BB95F9}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0C665AC2-E759-4198-89BD-D86981EA7250}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0C94E903-7220-499B-A8D6-ABCCF43EC2C1}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0CCC8A14-8E72-46CB-9893-CCC6C73AD823}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0D5565F5-70CE-4AED-B555-F3F3F84A3F11}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0DD94405-74D2-4C99-AFDC-E9E640316F54}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0E073C77-161C-459B-85B4-8282C0C7988C}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0E47B660-CB90-4EFC-86F4-8956A6653928}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0E553593-D1FF-44EA-9547-37CBAA86D570}
Successfully deleted: [Empty Folder] C:\Users\pierrot\appdata\local\{0F9CA8F3-51
Faeris
Messages postés
748
Date d'inscription
vendredi 30 octobre 2009
Statut
Membre
Dernière intervention
29 juin 2014
155
7 janv. 2014 à 21:19
7 janv. 2014 à 21:19
Je t'avais demandé de passer les logiciels dans ce sens :
1- ADWCleaner
2- JRT
3- ZHPDiag
Car tu as refais le scan avec ZHPDiag avant les autres, ce qui revient à reprendre le premier que tu m'ais donné au départ. :)
1- ADWCleaner
2- JRT
3- ZHPDiag
Car tu as refais le scan avec ZHPDiag avant les autres, ce qui revient à reprendre le premier que tu m'ais donné au départ. :)
