Virus
Fermé
ASBH95
Messages postés
61
Date d'inscription
dimanche 16 février 2014
Statut
Membre
Dernière intervention
8 mai 2017
-
16 févr. 2014 à 17:57
ArnaudLy6 Messages postés 4412 Date d'inscription samedi 22 mai 2010 Statut Membre Dernière intervention 13 février 2016 - 16 févr. 2014 à 22:52
ArnaudLy6 Messages postés 4412 Date d'inscription samedi 22 mai 2010 Statut Membre Dernière intervention 13 février 2016 - 16 févr. 2014 à 22:52
A voir également:
- Virus
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Virus mcafee - Accueil - Piratage
- Faux message virus ordinateur - Accueil - Arnaque
- Faux message virus iphone ✓ - Forum Virus
11 réponses
ArnaudLy6
Messages postés
4412
Date d'inscription
samedi 22 mai 2010
Statut
Membre
Dernière intervention
13 février 2016
189
16 févr. 2014 à 18:06
16 févr. 2014 à 18:06
Salut,
Télécharge AdwCleaner : https://www.commentcamarche.net/telecharger/securite/2759-adwcleaner/#q=adwcleaner&cur=1&url=%2F
Ensuite suis ces étapes :
- Lance le logiciel
- Clique sur "Scanner"
- Une fois le scan terminé, clique sur "Nettoyer"
- Le logiciel va redémarrer ton ordinateur
- Une fois ta session ouverte, tu devrais avoir un rapport de nettoyage
- Colle ce rapport dans ton prochain message
Télécharge AdwCleaner : https://www.commentcamarche.net/telecharger/securite/2759-adwcleaner/#q=adwcleaner&cur=1&url=%2F
Ensuite suis ces étapes :
- Lance le logiciel
- Clique sur "Scanner"
- Une fois le scan terminé, clique sur "Nettoyer"
- Le logiciel va redémarrer ton ordinateur
- Une fois ta session ouverte, tu devrais avoir un rapport de nettoyage
- Colle ce rapport dans ton prochain message
ASBH95
Messages postés
61
Date d'inscription
dimanche 16 février 2014
Statut
Membre
Dernière intervention
8 mai 2017
16 févr. 2014 à 18:22
16 févr. 2014 à 18:22
# AdwCleaner v3.018 - Rapport créé le 16/02/2014 à 18:19:56
# Mis à jour le 28/01/2014 par Xplode
# Système d'exploitation : Windows 8 (64 bits)
# Nom d'utilisateur : Cyrille - MAISON
# Exécuté depuis : C:\Users\Cyrille\Downloads\adwcleaner.exe
# Option : Scanner
***** [ Services ] *****
***** [ Fichiers / Dossiers ] *****
***** [ Raccourcis ] *****
***** [ Registre ] *****
***** [ Navigateurs ] *****
-\\ Internet Explorer v10.0.9200.16798
-\\ Google Chrome v32.0.1700.107
[ Fichier : C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8228 octets] - [10/02/2014 22:58:56]
AdwCleaner[R10].txt - [1961 octets] - [15/02/2014 23:35:43]
AdwCleaner[R11].txt - [761 octets] - [16/02/2014 18:19:56]
AdwCleaner[R1].txt - [1235 octets] - [10/02/2014 23:30:04]
AdwCleaner[R2].txt - [2130 octets] - [13/02/2014 18:16:02]
AdwCleaner[R3].txt - [1229 octets] - [13/02/2014 18:20:12]
AdwCleaner[R4].txt - [1349 octets] - [13/02/2014 18:24:59]
AdwCleaner[R5].txt - [1470 octets] - [13/02/2014 18:29:05]
AdwCleaner[R6].txt - [1590 octets] - [13/02/2014 18:32:13]
AdwCleaner[R7].txt - [1710 octets] - [13/02/2014 18:38:31]
AdwCleaner[R8].txt - [2867 octets] - [13/02/2014 22:49:30]
AdwCleaner[R9].txt - [1930 octets] - [13/02/2014 23:08:40]
AdwCleaner[S0].txt - [7866 octets] - [10/02/2014 22:59:23]
AdwCleaner[S1].txt - [1254 octets] - [10/02/2014 23:30:33]
AdwCleaner[S2].txt - [1951 octets] - [13/02/2014 18:17:15]
AdwCleaner[S3].txt - [1246 octets] - [13/02/2014 18:21:01]
AdwCleaner[S4].txt - [1366 octets] - [13/02/2014 18:25:32]
AdwCleaner[S5].txt - [1486 octets] - [13/02/2014 18:29:46]
AdwCleaner[S6].txt - [1606 octets] - [13/02/2014 18:32:43]
AdwCleaner[S7].txt - [2785 octets] - [13/02/2014 22:50:02]
AdwCleaner[S8].txt - [1947 octets] - [13/02/2014 23:09:00]
AdwCleaner[S9].txt - [2023 octets] - [15/02/2014 23:36:32]
########## EOF - C:\AdwCleaner\AdwCleaner[R11].txt - [1961 octets] ##########
voici le rapport comme demandé
# Mis à jour le 28/01/2014 par Xplode
# Système d'exploitation : Windows 8 (64 bits)
# Nom d'utilisateur : Cyrille - MAISON
# Exécuté depuis : C:\Users\Cyrille\Downloads\adwcleaner.exe
# Option : Scanner
***** [ Services ] *****
***** [ Fichiers / Dossiers ] *****
***** [ Raccourcis ] *****
***** [ Registre ] *****
***** [ Navigateurs ] *****
-\\ Internet Explorer v10.0.9200.16798
-\\ Google Chrome v32.0.1700.107
[ Fichier : C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8228 octets] - [10/02/2014 22:58:56]
AdwCleaner[R10].txt - [1961 octets] - [15/02/2014 23:35:43]
AdwCleaner[R11].txt - [761 octets] - [16/02/2014 18:19:56]
AdwCleaner[R1].txt - [1235 octets] - [10/02/2014 23:30:04]
AdwCleaner[R2].txt - [2130 octets] - [13/02/2014 18:16:02]
AdwCleaner[R3].txt - [1229 octets] - [13/02/2014 18:20:12]
AdwCleaner[R4].txt - [1349 octets] - [13/02/2014 18:24:59]
AdwCleaner[R5].txt - [1470 octets] - [13/02/2014 18:29:05]
AdwCleaner[R6].txt - [1590 octets] - [13/02/2014 18:32:13]
AdwCleaner[R7].txt - [1710 octets] - [13/02/2014 18:38:31]
AdwCleaner[R8].txt - [2867 octets] - [13/02/2014 22:49:30]
AdwCleaner[R9].txt - [1930 octets] - [13/02/2014 23:08:40]
AdwCleaner[S0].txt - [7866 octets] - [10/02/2014 22:59:23]
AdwCleaner[S1].txt - [1254 octets] - [10/02/2014 23:30:33]
AdwCleaner[S2].txt - [1951 octets] - [13/02/2014 18:17:15]
AdwCleaner[S3].txt - [1246 octets] - [13/02/2014 18:21:01]
AdwCleaner[S4].txt - [1366 octets] - [13/02/2014 18:25:32]
AdwCleaner[S5].txt - [1486 octets] - [13/02/2014 18:29:46]
AdwCleaner[S6].txt - [1606 octets] - [13/02/2014 18:32:43]
AdwCleaner[S7].txt - [2785 octets] - [13/02/2014 22:50:02]
AdwCleaner[S8].txt - [1947 octets] - [13/02/2014 23:09:00]
AdwCleaner[S9].txt - [2023 octets] - [15/02/2014 23:36:32]
########## EOF - C:\AdwCleaner\AdwCleaner[R11].txt - [1961 octets] ##########
voici le rapport comme demandé
ArnaudLy6
Messages postés
4412
Date d'inscription
samedi 22 mai 2010
Statut
Membre
Dernière intervention
13 février 2016
189
16 févr. 2014 à 18:26
16 févr. 2014 à 18:26
Télécharge Malwarebytes Anti-Malware : https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
- Lance-le
- Clique sur l'onglet "mise à jour"
- Clique ensuite sur " Rechercher des mises à jour"
- Va dans l'onglet "Paramètres"
- Va dans le sous-onglet "Paramètres d'examen"
- Choisis pour les lignes Action pour[...](PUP) et Action pour[...](PUM) Afficher dans les résultats, pré-coché pour supression
- Retourne dans l'onglet "Recherche"
- Sélectionne " Exécuter un examen complet"
- Clique sur "Rechercher"
- Attends la fin de l'analyse
- Une fois l'analyse terminée, clique sur "afficher les résultats"
- Coche tous les éléments détectés
- Enfin, clique sur "supprimer la sélection"
- L'ordinateur devrait ensuite redémarrer
Une fois que ton ordinateur a redémarré, relance Malwarebytes Anti-Malware et cette fois-ci rends toi dans l'onglet "Rapports/Logs",
ouvre le rapport le plus récent et copie tout ce qu'il contient dans ton prochain message.
- Lance-le
- Clique sur l'onglet "mise à jour"
- Clique ensuite sur " Rechercher des mises à jour"
- Va dans l'onglet "Paramètres"
- Va dans le sous-onglet "Paramètres d'examen"
- Choisis pour les lignes Action pour[...](PUP) et Action pour[...](PUM) Afficher dans les résultats, pré-coché pour supression
- Retourne dans l'onglet "Recherche"
- Sélectionne " Exécuter un examen complet"
- Clique sur "Rechercher"
- Attends la fin de l'analyse
- Une fois l'analyse terminée, clique sur "afficher les résultats"
- Coche tous les éléments détectés
- Enfin, clique sur "supprimer la sélection"
- L'ordinateur devrait ensuite redémarrer
Une fois que ton ordinateur a redémarré, relance Malwarebytes Anti-Malware et cette fois-ci rends toi dans l'onglet "Rapports/Logs",
ouvre le rapport le plus récent et copie tout ce qu'il contient dans ton prochain message.
ASBH95
Messages postés
61
Date d'inscription
dimanche 16 février 2014
Statut
Membre
Dernière intervention
8 mai 2017
16 févr. 2014 à 19:31
16 févr. 2014 à 19:31
voici le rapport, mais Boxore est toujours présent
Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org
Version de la base de données: v2014.02.16.04
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Cyrille :: MAISON [administrateur]
Protection: Désactivé
16/02/2014 18:36:28
mbam-log-2014-02-16 (18-36-28).txt
Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 404152
Temps écoulé: 43 minute(s), 34 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 1
C:\Users\Cyrille\AppData\Local\Temp\ICReinstall_7z922.exe (PUP.Optional.InstallCore.A) -> Mis en quarantaine et supprimé avec succès.
(fin)
Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org
Version de la base de données: v2014.02.16.04
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Cyrille :: MAISON [administrateur]
Protection: Désactivé
16/02/2014 18:36:28
mbam-log-2014-02-16 (18-36-28).txt
Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 404152
Temps écoulé: 43 minute(s), 34 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 1
C:\Users\Cyrille\AppData\Local\Temp\ICReinstall_7z922.exe (PUP.Optional.InstallCore.A) -> Mis en quarantaine et supprimé avec succès.
(fin)
ArnaudLy6
Messages postés
4412
Date d'inscription
samedi 22 mai 2010
Statut
Membre
Dernière intervention
13 février 2016
189
16 févr. 2014 à 19:46
16 févr. 2014 à 19:46
- Télécharge ZHPDiag : https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/#q=zhp+idag&cur=1&url=%2F
- Lance-le (icone avec un parchemin)
- Clique sur "Configurer"
- Clique sur la loupe avec un +
- Attends la fin de l'analyse
- Une fois l'analyse terminée, un fichier bloc note devrait se créer sur ton bureau (il devrait s'appeler ZHPDiag)
- Rends-toi sur ce site : https://www.cjoint.com/
- Clique sur "Choisir un fichier" et choisis le bloc note ZHPDiag qui est sur ton bureau
- Dans le type de diffusion choisis "Privée"
- Dans le champ "Pour quelle durée" choisis 4 jours
- Remplis ensuite la suite du formulaire
- Enfin, donne-nous le lien du fichier que tu viens de mettre sur le site
- Lance-le (icone avec un parchemin)
- Clique sur "Configurer"
- Clique sur la loupe avec un +
- Attends la fin de l'analyse
- Une fois l'analyse terminée, un fichier bloc note devrait se créer sur ton bureau (il devrait s'appeler ZHPDiag)
- Rends-toi sur ce site : https://www.cjoint.com/
- Clique sur "Choisir un fichier" et choisis le bloc note ZHPDiag qui est sur ton bureau
- Dans le type de diffusion choisis "Privée"
- Dans le champ "Pour quelle durée" choisis 4 jours
- Remplis ensuite la suite du formulaire
- Enfin, donne-nous le lien du fichier que tu viens de mettre sur le site
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ASBH95
Messages postés
61
Date d'inscription
dimanche 16 février 2014
Statut
Membre
Dernière intervention
8 mai 2017
16 févr. 2014 à 20:12
16 févr. 2014 à 20:12
je n'arrives pas à avoir le lien du fichier mais j'ai copier l'ensemble de l'analyse
~ Rapport de ZHPDiag v2014.2.14.14 - Nicolas Coolman (14/02/2014)
~ Lancé par Cyrille (16/02/2014 19:52:38)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16798
GCIE: Google Chrome v32.0.1700.107 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : HFPMG
Windows License : OK
~ Windows Remaining Initializations Number : 998
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8084 MB (77% free)
System Restore: Activé (Enable)
System drive C: has 844 GB (93%) free of 906 GB
---\\ Mode de connexion au système
~ Computer Name: MAISON
~ User Name: Cyrille
~ All Users Names: Cyrille, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Cyrille\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Cyrille\AppData\Roaming\
~ %Desktop% : C:\Users\Cyrille\Desktop\
~ %Favorites% : C:\Users\Cyrille\Favorites\
~ %LocalAppData% : C:\Users\Cyrille\AppData\Local\
~ %StartMenu% : C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 844 Go of 906 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 24 Go)
E: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.90860E913075B03369BEB7B0B510DC2F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/02/2014 - 10:19:49.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/06/2013 - 04:23:30.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/06/2013 - 04:07:49.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.20/06/2013 - 04:40:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.20/06/2013 - 04:43:45.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/188
~ Mon Bureau (My Desktop) : 1/7
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3024]
[MD5.434FEE6FF661DCABADB69E55E0747494] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312] [PID.2284]
[MD5.4E9AF25BA5E8219310E384AEA5B0EED8] - (.CyberLink - CyberLink MediaLibrary Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576] [PID.2884]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3268]
[MD5.6E0A993681A809FB61B2BF0D1959AAA4] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416] [PID.4976]
[MD5.D213F06AE294341F3503FD74E22E7DDA] - (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136] [PID.4324]
[MD5.E2043ABD9E13E1B7BF74B1D05E15AA47] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304] [PID.4764]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.4556]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.492]
[MD5.21CBCE4FC4B7916E7755710883C36AE1] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832] [PID.4204]
[MD5.528F404CB22A7EA85795E2315BE4F482] - (.Pas de propriétaire - Rugbyrama (NO).) -- C:\Program Files\WindowsApps\25979Thitony.RugbyramaNO_1.0.0.7_neutral__c1x5g03cap1dy\Rugbyrama (NO).exe [84480] [PID.1800]
[MD5.5CCF60E8557F42D6494ACE11144E16C3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8337920] [PID.5388]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 16 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 2037
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\Desktop [Public]: HP Games.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
O4 - GS\Desktop [Public]: HP Quick Start.lnk . (.Hewlett-Packard - HP Quick Start.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\QuickLaunch [Cyrille]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Cyrille]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [Cyrille]: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
O4 - GS\TaskBar [Cyrille]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.google.com/?gws_rd=ssl =>Hijacker.Browsers
O4 - GS\Program [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [Cyrille]: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
~ Global Startup: 51 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office XP component.) -- C:\Program Files (x86)\Microsoft Office\Office10\OSA.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_78] Clé orpheline =>PUA.FSTfr9
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (.not file.) =>PUP.BrowserSafeguard
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{09E1F296-EF97-4D90-8443-367ACFAE5404}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{C542D77A-2D55-4C56-AD89-FA27835B7762}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{09E1F296-EF97-4D90-8443-367ACFAE5404}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{C542D77A-2D55-4C56-AD89-FA27835B7762}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{725D67D8-CCFA-4DB9-86C9-DEB07C659333}] (...) -- C:\Program Files (x86)\Desk 365\eUninstall.exe (.not file.) [0] =>Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [{EDBF8529-BDB9-4C04-A4B1-96048C7B9374}] (...) -- C:\Program Files (x86)\click-n-mark-5\Uninstall.exe (.not file.) [0]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 07s
---\\ Logiciels installés (O42)
O42 - Logiciel: Bizzybolt - (.Bizzybolt.) [HKLM][64Bits] -- Bizzybolt =>PUP.Bizzybolt
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E} =>Adware.Boxore
O42 - Logiciel: BringStar - (.BringStar.) [HKLM][64Bits] -- BringStar
O42 - Logiciel: OEM Application Profile - (.Nom de votre société.) [HKLM][64Bits] -- {C89A97B6-F991-EBB5-77B7-927BCF420EBE}
O42 - Logiciel: PMU Poker - (.PMU.) [HKLM][64Bits] -- PMUPoker
~ Logic: 45 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\PMU]
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 257 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/02/2014 - 00:27:54 - [0] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 13/02/2014 - 19:03:40 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 16/02/2014 - 00:49:24 - [0,003] ----D C:\Users\Cyrille\AppData\Roaming\PMU
O43 - CFD: 08/02/2014 - 18:43:48 - [0] ----D C:\Users\Cyrille\AppData\Roaming\wam
O43 - CFD: 08/02/2014 - 18:43:49 - [0,628] ----D C:\Users\Cyrille\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 08/02/2014 - 18:50:11 - [0,002] ----D C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop
~ Program Folder: 127 Legitimates Filtered in 00mn 28s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.17DC3AD4488BD77E7DB50E5BB23D8CD4] - 08/02/2014 - 18:31:05 ---A- . (...) -- C:\Windows\System32\RaCoInst.log [2662]
O44 - LFC:[MD5.A828B9E8BBD15782F87F870ADC3B36C5] - 10/02/2014 - 21:52:37 ---A- . (...) -- C:\Windows\DPINST.LOG [13678]
O44 - LFC:[MD5.E7BB47C90A87171B229275636599A404] - 10/02/2014 - 21:52:37 ---A- . (...) -- C:\Windows\Synaptics.log [1332]
O44 - LFC:[MD5.0C81219B850B76C608F845EE8DF8F8E4] - 10/02/2014 - 22:48:55 ---A- . (...) -- C:\Windows\System32\Drivers\rtkhdaud.dat [8]
O44 - LFC:[MD5.EF16C439EF0FEF1580C12A3C105C8E54] - 10/02/2014 - 22:49:15 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [445929]
O44 - LFC:[MD5.4B916278E1487A5CD5F8F9A521980026] - 12/02/2014 - 00:29:51 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [385614]
O44 - LFC:[MD5.F548B91C5BEE2FB054D4EFF2E48308F6] - 12/02/2014 - 20:17:44 ---A- . (...) -- C:\Windows\IE10_main.log [1998]
O44 - LFC:[MD5.E50972DF270BE239ABE99A6FEC24EB88] - 15/02/2014 - 12:13:45 ---A- . (...) -- C:\Windows\win.ini [188]
O44 - LFC:[MD5.B06A2FFC4503DFF01BAD161F37FFE0F9] - 15/02/2014 - 12:13:53 ---A- . (...) -- C:\Windows\ODBC.INI [382]
O44 - LFC:[MD5.59BC44F885368AF507A359C4054289A9] - 15/02/2014 - 21:00:06 ---A- . (...) -- C:\Windows\DtcInstall.log [5499]
O44 - LFC:[MD5.97E1CD22CCEAA8F8EEDD93B277E11C34] - 15/02/2014 - 21:00:09 ---A- . (...) -- C:\Windows\iis.log [12507]
O44 - LFC:[MD5.050C668A459D689E7C033DBCA4417642] - 15/02/2014 - 21:01:13 ---A- . (...) -- C:\Windows\diagerr.xml [22863]
O44 - LFC:[MD5.050C668A459D689E7C033DBCA4417642] - 15/02/2014 - 21:01:15 ---A- . (...) -- C:\Windows\diagwrn.xml [22863]
O44 - LFC:[MD5.704E305631A922F923C6261AC535DF9B] - 15/02/2014 - 22:02:27 ---A- . (...) -- C:\Windows\comsetup.log [6574]
O44 - LFC:[MD5.87E5AAE1AA9431EF1DDEDC46D2145BDB] - 15/02/2014 - 23:23:14 ---A- . (...) -- C:\Windows\0 [32]
~ Files: 288 Legitimates Filtered in 00mn 08s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.39EE9CFE54A00BA7D511ABE8C6C55DE8] - 09/02/2014 - 16:12:07 ---A- - C:\Windows\Prefetch\GROOVESTREAM.EXE-9A5570A8.pf
O45 - LFCP:[MD5.D7880E4305A30BC0CBDDD8C853503A7A] - 09/02/2014 - 17:12:06 ---A- - C:\Windows\Prefetch\HPNETWORKCHECK.EXE-1B1BFCC5.pf
O45 - LFCP:[MD5.D3D2A93AC881E46C01AD2CEBCAC55F29] - 10/02/2014 - 19:07:49 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-ACD94D17.pf =>Adware.Lollipop
O45 - LFCP:[MD5.29B6EB28C0CC0A2898583299012520FF] - 10/02/2014 - 19:39:38 ---A- - C:\Windows\Prefetch\MOUNTVOL.EXE-84487FEE.pf
O45 - LFCP:[MD5.4640A51D59ED7401C4043CB261312EF8] - 11/02/2014 - 23:52:54 ---A- - C:\Windows\Prefetch\WLRMDR.EXE-8CD26CA2.pf
O45 - LFCP:[MD5.80AB3E312122B7045F93AF3AB72F62F9] - 12/02/2014 - 13:26:09 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-F9CF7E6E.pf
O45 - LFCP:[MD5.05456697E1E97978F4F1371E8714D0F7] - 12/02/2014 - 13:49:11 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.43CB099DE9ECC8B739669C8784DC3B65] - 12/02/2014 - 20:17:44 ---A- - C:\Windows\Prefetch\INTERNET-EXPLORER-10_INTERNET-4D180290.pf
O45 - LFCP:[MD5.ADB994BAEBB196F333D08FAAF0CAD741] - 13/02/2014 - 18:41:11 ---A- - C:\Windows\Prefetch\SETUP (1).EXE-0EB61499.pf
O45 - LFCP:[MD5.7DD855852DA8FD7114899580FD79F342] - 13/02/2014 - 18:44:50 ---A- - C:\Windows\Prefetch\ENHANCETRONICSETUP_20131220.E-6DE78913.pf
O45 - LFCP:[MD5.EF40C6C8CD52C893C478C41F78EB0986] - 13/02/2014 - 19:43:56 ---A- - C:\Windows\Prefetch\INSTUP.EXE-A4CED936.pf
O45 - LFCP:[MD5.21F0E975D50C66F244EB85440C975BE7] - 15/02/2014 - 11:34:49 ---A- - C:\Windows\Prefetch\UPFST_FR_78.EXE-8E04742E.pf =>PUA.FSTfr9
O45 - LFCP:[MD5.62D28861F01AF256E14AED0C562BA3E8] - 15/02/2014 - 11:41:56 ---A- - C:\Windows\Prefetch\PREDM.TMP-8C2D42D4.pf
O45 - LFCP:[MD5.DAC12829421BE2858F4B056FF010AD43] - 15/02/2014 - 13:00:30 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT.EXE-CEA0AABB.pf
O45 - LFCP:[MD5.F5002AFF71679992FBC1956F7F511039] - 15/02/2014 - 13:00:42 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-55154128.pf
O45 - LFCP:[MD5.AA9176ACB9EA8A2F21546D9B26B7C4B3] - 15/02/2014 - 14:03:47 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-31CA2EBF.pf
O45 - LFCP:[MD5.4F37154B9BA7F04B3F4AB2C0557DDDA8] - 15/02/2014 - 14:17:49 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.526614A1EF1197DAF75045A214D1448A] - 15/02/2014 - 14:41:24 ---A- - C:\Windows\Prefetch\SP60497.EXE-B10C74AB.pf
O45 - LFCP:[MD5.06A7D803EF48B87C37414FAC0DE7F336] - 15/02/2014 - 14:44:32 ---A- - C:\Windows\Prefetch\WINDOWS8-UPGRADEASSISTANT.EXE-1610A0E4.pf
O45 - LFCP:[MD5.3732F9416D508F82519158752A76320C] - 15/02/2014 - 14:44:36 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-3BD0A795.pf
O45 - LFCP:[MD5.EE4BC758D18977641F68058BEAF330DD] - 15/02/2014 - 14:51:23 ---A- - C:\Windows\Prefetch\SP61291 (2).EXE-584218AF.pf
O45 - LFCP:[MD5.E3BEDB11F83E8DAD36CFAF1C06236962] - 15/02/2014 - 15:07:02 ---A- - C:\Windows\Prefetch\POWERSHELL.EXE-022A1004.pf
O45 - LFCP:[MD5.98D8AAA5672DE2D242430889F03F135A] - 15/02/2014 - 15:13:10 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT (1).E-AFC38493.pf
O45 - LFCP:[MD5.5A322FD59A45DD83CDCCCECE453F5756] - 15/02/2014 - 15:13:15 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-C61D8530.pf
O45 - LFCP:[MD5.B6D04697D2428555B92BACB6CA19F671] - 15/02/2014 - 15:13:46 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT.EXE-423C1BD1.pf
O45 - LFCP:[MD5.ADDC59F5F6A22464ED0AD43795F500B7] - 15/02/2014 - 15:13:49 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-2D064BE2.pf
O45 - LFCP:[MD5.70F3002EA4CF6FB7C0D872A06F043135] - 15/02/2014 - 15:19:19 ---A- - C:\Windows\Prefetch\UNINSTALL.BROWSERSAFEGUARD.EX-2C228AF7.pf =>PUP.BrowserSafeguard
O45 - LFCP:[MD5.CC8CC2D845588D1ED3D1DBA65B3668EA] - 15/02/2014 - 23:52:40 ---A- - C:\Windows\Prefetch\WINAMAX POKER.EXE-C751BD0F.pf
O45 - LFCP:[MD5.3953641177439C25DED0D9DE4DB0B0DD] - 16/02/2014 - 00:48:46 ---A- - C:\Windows\Prefetch\SETF530.TMP-F86418B4.pf
O45 - LFCP:[MD5.F1889784179C4B29057D7E30CFEB2EAA] - 16/02/2014 - 00:48:56 ---A- - C:\Windows\Prefetch\SMARTINSTALLER.EXE-E3FA3FF7.pf
O45 - LFCP:[MD5.C9EE4AF51EE127B4A4458813A9D68C90] - 16/02/2014 - 01:34:52 ---A- - C:\Windows\Prefetch\PMU.EXE-2FA80D2C.pf
O45 - LFCP:[MD5.ABE57ADFA1FB0AB473F391302B3133D1] - 16/02/2014 - 01:51:49 ---A- - C:\Windows\Prefetch\PROFLWIZ.EXE-74F77E33.pf
O45 - LFCP:[MD5.B6B0D27D3120F568928816C0412C296E] - 16/02/2014 - 02:01:58 ---A- - C:\Windows\Prefetch\MSTORE.EXE-F16BBCEC.pf
O45 - LFCP:[MD5.59AF060AE951686BF9A86B8ECFCC96DA] - 16/02/2014 - 11:25:10 ---A- - C:\Windows\Prefetch\ADR.EXE-94AD225A.pf
O45 - LFCP:[MD5.6F03F1FB53560FCC844C6638142F26A2] - 16/02/2014 - 15:26:20 ---A- - C:\Windows\Prefetch\ICREINSTALL_7Z922.EXE-E32D93BA.pf
O45 - LFCP:[MD5.7B2ABC058215B0B707446933228A3EEB] - 16/02/2014 - 15:40:55 ---A- - C:\Windows\Prefetch\7Z922.EXE-9A06AAF8.pf
O45 - LFCP:[MD5.D99D97662C363D6AD8C453F62CEB3375] - 16/02/2014 - 18:02:00 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-53416568.pf
O45 - LFCP:[MD5.DE33B5ECAD17B5EDCBDC50FAB32C332C] - 16/02/2014 - 18:04:00 ---A- - C:\Windows\Prefetch\SMRTADPTR.EXE-9A49AE8F.pf
O45 - LFCP:[MD5.42422FD2ADA1AC69FD2D1E1DE2AD9F25] - 16/02/2014 - 19:25:44 ---A- - C:\Windows\Prefetch\OLRSTATECHECK.EXE-89EE9D3C.pf
O45 - LFCP:[MD5.2D97FAD4D0A361716004A300938483BE] - 16/02/2014 - 19:25:50 ---A- - C:\Windows\Prefetch\PDVD10SERV.EXE-99C8A7B5.pf
O45 - LFCP:[MD5.73665ACCDE909778E296166DBA0CCBD0] - 16/02/2014 - 19:27:49 ---A- - C:\Windows\Prefetch\MMAMAIN.EXE-09634970.pf
O45 - LFCP:[MD5.EA3E93222D57123029897EC173269E57] - 16/02/2014 - 19:39:36 ---A- - C:\Windows\Prefetch\RUGBYRAMA (NO).EXE-4F3CF53E.pf
~ Prefetcher: 226 Legitimates Filtered in 00mn 02s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 13/02/2014 - 19:44:51 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 13/02/2014 - 19:44:51 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.8DECF397B091FF0AF81CC48C601C6B94] - 04/12/2013 - 20:46:36 ---A- . (.Highlightly - Highlightly Driver x64.) -- C:\Windows\System32\Drivers\hlnfd.sys [58256]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 17 Legitimates Filtered in 00mn 03s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\First Run [0]
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_element.js.content [2385]
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_languages.json.content [2033]
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar DNS data\data [89]
O61 - LFC: 13/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\HOSTS.txt [118694] =>.Nicolas Coolman
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\GROUP_ICON\1000 [146]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\1.ico [1662]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\10.ico [1150]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\2.ico [766]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\3.ico [318]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\4.ico [3774]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\5.ico [2238]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\6.ico [1406]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\7 [47646]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\8.ico [9662]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\9.ico [4286]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\VERSION\1 [848]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1001 [3226]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1002 [3183]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1003 [3175]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1004 [3179]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1005 [3193]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1006 [3199]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1007 [3174]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1008 [3199]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1009 [3191]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1010 [3188]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1011 [3230]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1012 [3233]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1021 [2944]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1022 [2938]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1023 [2956]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1024 [2943]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1025 [2943]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1026 [2916]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1027 [2930]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1028 [2926]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1029 [2941]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1030 [2934]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1031 [2945]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1032 [2911]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1033\MANIFEST\1 [1100]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Links\SkyDrive.lnk [651]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Google\Local Search History\google%2Eweb.w [0]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Forms\RefEdit.exd [15428]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Modèles\Normal.dot [30720]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk [0]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Épreuve\PERSO.DIC [5]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1.html [29030]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1_fichiers\SetupReports.css [1938]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1_fichiers\SetupReportsLoc.css [4571]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8.html [27446]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_fichiers\SetupReports.css [1938]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_fichiers\SetupReportsLoc.css [4571]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Bluetooth\Share\Bluetooth_Default.vcf [50]
O61 - LFC: 16/02/2014 - 19:53:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [272730]
O61 - LFC: 16/02/2014 - 19:53:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 16/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Local State [59844]
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Clip Organizer\Offic10.MGC [148512]
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Clip Organizer\mstore10.mgc [197688]
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\Log.txt [99139] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\TestsZHPDiag.txt [2820] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPDiag.txt [33599] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R1].txt [625] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R2].txt [826] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R3].txt [907] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\7z922.exe [1138397]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\PMUPokerSetup (1).exe [786304]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\PMUPokerSetup.exe [786304]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\adwcleaner.exe [1166132]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\powarc61.exe [2137581]
~ 93 Fichiers temporaires (Temporary files)
~ Files: 1288 Legitimates Filtered in 00mn 17s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{C1B64D8E-BB88-4BE3-B26D-54F3AA606E7E}" | Out - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O87 - FAEL: "{A59E292A-3546-4D84-AD99-44E0B9E485D5}" | In - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
~ Firewall: 242 Legitimates Filtered in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "8DFFC309FB5815A4A8D6B4BBAC43A6E6" . (.Boxore Client.) -- C:\Windows\Installer\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}\boxore.ico =>Adware.Boxore
~ Update Products: 102 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/03/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 13/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/02/2014 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 10/12/2012 803872 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 20/06/2013 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 26/02/2013 241152 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 13/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 01/11/2013 1706744 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 01/11/2013 145656 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Demand 19/08/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 24/09/2012 31040 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 08/10/2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 10/04/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 10/12/2012 732160 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 14/01/2013 131032 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 14/01/2013 165336 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 14/01/2013 279000 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 20/02/2013 239176 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 14/01/2013 366040 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 08s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Cyrille at 16/02/2014 19:54:48
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Cyrille at 16/02/2014 19:54:50
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (14/02/2014)
Clés trouvées (Keys found) : 9
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 5
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bizzybolt] =>PUP.Bizzybolt^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_78 =>PUA.FSTfr9^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
~ Additionnel Scan: 255989 Items scanned in 00mn 11s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp
~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps/blog/show/33263878-hijacker-browser =>Hijacker.Browsers
~ http://nicolascoolman.webs.com/apps/blog/show/34014358-pua-fstfr9 =>PUA.FSTfr9
~ http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard
~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blog/show/38533684-pup-bizzybolt =>PUP.Bizzybolt
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad =>Adware.PredictAd
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ MSI: 14 link(s) detected in 00mn 11s
~ 2707 Legitimates filtered by white list
End of the scan (600 lines in 02mn 23s)(0)
~ Rapport de ZHPDiag v2014.2.14.14 - Nicolas Coolman (14/02/2014)
~ Lancé par Cyrille (16/02/2014 19:52:38)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16798
GCIE: Google Chrome v32.0.1700.107 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : HFPMG
Windows License : OK
~ Windows Remaining Initializations Number : 998
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8084 MB (77% free)
System Restore: Activé (Enable)
System drive C: has 844 GB (93%) free of 906 GB
---\\ Mode de connexion au système
~ Computer Name: MAISON
~ User Name: Cyrille
~ All Users Names: Cyrille, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Cyrille\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Cyrille\AppData\Roaming\
~ %Desktop% : C:\Users\Cyrille\Desktop\
~ %Favorites% : C:\Users\Cyrille\Favorites\
~ %LocalAppData% : C:\Users\Cyrille\AppData\Local\
~ %StartMenu% : C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 844 Go of 906 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 24 Go)
E: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.90860E913075B03369BEB7B0B510DC2F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/02/2014 - 10:19:49.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/06/2013 - 04:23:30.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/06/2013 - 04:07:49.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.20/06/2013 - 04:40:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.20/06/2013 - 04:43:45.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/188
~ Mon Bureau (My Desktop) : 1/7
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3024]
[MD5.434FEE6FF661DCABADB69E55E0747494] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312] [PID.2284]
[MD5.4E9AF25BA5E8219310E384AEA5B0EED8] - (.CyberLink - CyberLink MediaLibrary Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576] [PID.2884]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3268]
[MD5.6E0A993681A809FB61B2BF0D1959AAA4] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416] [PID.4976]
[MD5.D213F06AE294341F3503FD74E22E7DDA] - (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136] [PID.4324]
[MD5.E2043ABD9E13E1B7BF74B1D05E15AA47] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304] [PID.4764]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.4556]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.492]
[MD5.21CBCE4FC4B7916E7755710883C36AE1] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832] [PID.4204]
[MD5.528F404CB22A7EA85795E2315BE4F482] - (.Pas de propriétaire - Rugbyrama (NO).) -- C:\Program Files\WindowsApps\25979Thitony.RugbyramaNO_1.0.0.7_neutral__c1x5g03cap1dy\Rugbyrama (NO).exe [84480] [PID.1800]
[MD5.5CCF60E8557F42D6494ACE11144E16C3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8337920] [PID.5388]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 16 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 2037
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\Desktop [Public]: HP Games.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
O4 - GS\Desktop [Public]: HP Quick Start.lnk . (.Hewlett-Packard - HP Quick Start.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\QuickLaunch [Cyrille]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Cyrille]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [Cyrille]: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
O4 - GS\TaskBar [Cyrille]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.google.com/?gws_rd=ssl =>Hijacker.Browsers
O4 - GS\Program [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [Cyrille]: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
~ Global Startup: 51 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office XP component.) -- C:\Program Files (x86)\Microsoft Office\Office10\OSA.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_78] Clé orpheline =>PUA.FSTfr9
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (.not file.) =>PUP.BrowserSafeguard
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{09E1F296-EF97-4D90-8443-367ACFAE5404}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{C542D77A-2D55-4C56-AD89-FA27835B7762}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{09E1F296-EF97-4D90-8443-367ACFAE5404}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{C542D77A-2D55-4C56-AD89-FA27835B7762}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{725D67D8-CCFA-4DB9-86C9-DEB07C659333}] (...) -- C:\Program Files (x86)\Desk 365\eUninstall.exe (.not file.) [0] =>Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [{EDBF8529-BDB9-4C04-A4B1-96048C7B9374}] (...) -- C:\Program Files (x86)\click-n-mark-5\Uninstall.exe (.not file.) [0]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 07s
---\\ Logiciels installés (O42)
O42 - Logiciel: Bizzybolt - (.Bizzybolt.) [HKLM][64Bits] -- Bizzybolt =>PUP.Bizzybolt
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E} =>Adware.Boxore
O42 - Logiciel: BringStar - (.BringStar.) [HKLM][64Bits] -- BringStar
O42 - Logiciel: OEM Application Profile - (.Nom de votre société.) [HKLM][64Bits] -- {C89A97B6-F991-EBB5-77B7-927BCF420EBE}
O42 - Logiciel: PMU Poker - (.PMU.) [HKLM][64Bits] -- PMUPoker
~ Logic: 45 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\PMU]
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 257 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/02/2014 - 00:27:54 - [0] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 13/02/2014 - 19:03:40 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 16/02/2014 - 00:49:24 - [0,003] ----D C:\Users\Cyrille\AppData\Roaming\PMU
O43 - CFD: 08/02/2014 - 18:43:48 - [0] ----D C:\Users\Cyrille\AppData\Roaming\wam
O43 - CFD: 08/02/2014 - 18:43:49 - [0,628] ----D C:\Users\Cyrille\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 08/02/2014 - 18:50:11 - [0,002] ----D C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop
~ Program Folder: 127 Legitimates Filtered in 00mn 28s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.17DC3AD4488BD77E7DB50E5BB23D8CD4] - 08/02/2014 - 18:31:05 ---A- . (...) -- C:\Windows\System32\RaCoInst.log [2662]
O44 - LFC:[MD5.A828B9E8BBD15782F87F870ADC3B36C5] - 10/02/2014 - 21:52:37 ---A- . (...) -- C:\Windows\DPINST.LOG [13678]
O44 - LFC:[MD5.E7BB47C90A87171B229275636599A404] - 10/02/2014 - 21:52:37 ---A- . (...) -- C:\Windows\Synaptics.log [1332]
O44 - LFC:[MD5.0C81219B850B76C608F845EE8DF8F8E4] - 10/02/2014 - 22:48:55 ---A- . (...) -- C:\Windows\System32\Drivers\rtkhdaud.dat [8]
O44 - LFC:[MD5.EF16C439EF0FEF1580C12A3C105C8E54] - 10/02/2014 - 22:49:15 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [445929]
O44 - LFC:[MD5.4B916278E1487A5CD5F8F9A521980026] - 12/02/2014 - 00:29:51 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [385614]
O44 - LFC:[MD5.F548B91C5BEE2FB054D4EFF2E48308F6] - 12/02/2014 - 20:17:44 ---A- . (...) -- C:\Windows\IE10_main.log [1998]
O44 - LFC:[MD5.E50972DF270BE239ABE99A6FEC24EB88] - 15/02/2014 - 12:13:45 ---A- . (...) -- C:\Windows\win.ini [188]
O44 - LFC:[MD5.B06A2FFC4503DFF01BAD161F37FFE0F9] - 15/02/2014 - 12:13:53 ---A- . (...) -- C:\Windows\ODBC.INI [382]
O44 - LFC:[MD5.59BC44F885368AF507A359C4054289A9] - 15/02/2014 - 21:00:06 ---A- . (...) -- C:\Windows\DtcInstall.log [5499]
O44 - LFC:[MD5.97E1CD22CCEAA8F8EEDD93B277E11C34] - 15/02/2014 - 21:00:09 ---A- . (...) -- C:\Windows\iis.log [12507]
O44 - LFC:[MD5.050C668A459D689E7C033DBCA4417642] - 15/02/2014 - 21:01:13 ---A- . (...) -- C:\Windows\diagerr.xml [22863]
O44 - LFC:[MD5.050C668A459D689E7C033DBCA4417642] - 15/02/2014 - 21:01:15 ---A- . (...) -- C:\Windows\diagwrn.xml [22863]
O44 - LFC:[MD5.704E305631A922F923C6261AC535DF9B] - 15/02/2014 - 22:02:27 ---A- . (...) -- C:\Windows\comsetup.log [6574]
O44 - LFC:[MD5.87E5AAE1AA9431EF1DDEDC46D2145BDB] - 15/02/2014 - 23:23:14 ---A- . (...) -- C:\Windows\0 [32]
~ Files: 288 Legitimates Filtered in 00mn 08s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.39EE9CFE54A00BA7D511ABE8C6C55DE8] - 09/02/2014 - 16:12:07 ---A- - C:\Windows\Prefetch\GROOVESTREAM.EXE-9A5570A8.pf
O45 - LFCP:[MD5.D7880E4305A30BC0CBDDD8C853503A7A] - 09/02/2014 - 17:12:06 ---A- - C:\Windows\Prefetch\HPNETWORKCHECK.EXE-1B1BFCC5.pf
O45 - LFCP:[MD5.D3D2A93AC881E46C01AD2CEBCAC55F29] - 10/02/2014 - 19:07:49 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-ACD94D17.pf =>Adware.Lollipop
O45 - LFCP:[MD5.29B6EB28C0CC0A2898583299012520FF] - 10/02/2014 - 19:39:38 ---A- - C:\Windows\Prefetch\MOUNTVOL.EXE-84487FEE.pf
O45 - LFCP:[MD5.4640A51D59ED7401C4043CB261312EF8] - 11/02/2014 - 23:52:54 ---A- - C:\Windows\Prefetch\WLRMDR.EXE-8CD26CA2.pf
O45 - LFCP:[MD5.80AB3E312122B7045F93AF3AB72F62F9] - 12/02/2014 - 13:26:09 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-F9CF7E6E.pf
O45 - LFCP:[MD5.05456697E1E97978F4F1371E8714D0F7] - 12/02/2014 - 13:49:11 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.43CB099DE9ECC8B739669C8784DC3B65] - 12/02/2014 - 20:17:44 ---A- - C:\Windows\Prefetch\INTERNET-EXPLORER-10_INTERNET-4D180290.pf
O45 - LFCP:[MD5.ADB994BAEBB196F333D08FAAF0CAD741] - 13/02/2014 - 18:41:11 ---A- - C:\Windows\Prefetch\SETUP (1).EXE-0EB61499.pf
O45 - LFCP:[MD5.7DD855852DA8FD7114899580FD79F342] - 13/02/2014 - 18:44:50 ---A- - C:\Windows\Prefetch\ENHANCETRONICSETUP_20131220.E-6DE78913.pf
O45 - LFCP:[MD5.EF40C6C8CD52C893C478C41F78EB0986] - 13/02/2014 - 19:43:56 ---A- - C:\Windows\Prefetch\INSTUP.EXE-A4CED936.pf
O45 - LFCP:[MD5.21F0E975D50C66F244EB85440C975BE7] - 15/02/2014 - 11:34:49 ---A- - C:\Windows\Prefetch\UPFST_FR_78.EXE-8E04742E.pf =>PUA.FSTfr9
O45 - LFCP:[MD5.62D28861F01AF256E14AED0C562BA3E8] - 15/02/2014 - 11:41:56 ---A- - C:\Windows\Prefetch\PREDM.TMP-8C2D42D4.pf
O45 - LFCP:[MD5.DAC12829421BE2858F4B056FF010AD43] - 15/02/2014 - 13:00:30 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT.EXE-CEA0AABB.pf
O45 - LFCP:[MD5.F5002AFF71679992FBC1956F7F511039] - 15/02/2014 - 13:00:42 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-55154128.pf
O45 - LFCP:[MD5.AA9176ACB9EA8A2F21546D9B26B7C4B3] - 15/02/2014 - 14:03:47 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-31CA2EBF.pf
O45 - LFCP:[MD5.4F37154B9BA7F04B3F4AB2C0557DDDA8] - 15/02/2014 - 14:17:49 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.526614A1EF1197DAF75045A214D1448A] - 15/02/2014 - 14:41:24 ---A- - C:\Windows\Prefetch\SP60497.EXE-B10C74AB.pf
O45 - LFCP:[MD5.06A7D803EF48B87C37414FAC0DE7F336] - 15/02/2014 - 14:44:32 ---A- - C:\Windows\Prefetch\WINDOWS8-UPGRADEASSISTANT.EXE-1610A0E4.pf
O45 - LFCP:[MD5.3732F9416D508F82519158752A76320C] - 15/02/2014 - 14:44:36 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-3BD0A795.pf
O45 - LFCP:[MD5.EE4BC758D18977641F68058BEAF330DD] - 15/02/2014 - 14:51:23 ---A- - C:\Windows\Prefetch\SP61291 (2).EXE-584218AF.pf
O45 - LFCP:[MD5.E3BEDB11F83E8DAD36CFAF1C06236962] - 15/02/2014 - 15:07:02 ---A- - C:\Windows\Prefetch\POWERSHELL.EXE-022A1004.pf
O45 - LFCP:[MD5.98D8AAA5672DE2D242430889F03F135A] - 15/02/2014 - 15:13:10 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT (1).E-AFC38493.pf
O45 - LFCP:[MD5.5A322FD59A45DD83CDCCCECE453F5756] - 15/02/2014 - 15:13:15 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-C61D8530.pf
O45 - LFCP:[MD5.B6D04697D2428555B92BACB6CA19F671] - 15/02/2014 - 15:13:46 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT.EXE-423C1BD1.pf
O45 - LFCP:[MD5.ADDC59F5F6A22464ED0AD43795F500B7] - 15/02/2014 - 15:13:49 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-2D064BE2.pf
O45 - LFCP:[MD5.70F3002EA4CF6FB7C0D872A06F043135] - 15/02/2014 - 15:19:19 ---A- - C:\Windows\Prefetch\UNINSTALL.BROWSERSAFEGUARD.EX-2C228AF7.pf =>PUP.BrowserSafeguard
O45 - LFCP:[MD5.CC8CC2D845588D1ED3D1DBA65B3668EA] - 15/02/2014 - 23:52:40 ---A- - C:\Windows\Prefetch\WINAMAX POKER.EXE-C751BD0F.pf
O45 - LFCP:[MD5.3953641177439C25DED0D9DE4DB0B0DD] - 16/02/2014 - 00:48:46 ---A- - C:\Windows\Prefetch\SETF530.TMP-F86418B4.pf
O45 - LFCP:[MD5.F1889784179C4B29057D7E30CFEB2EAA] - 16/02/2014 - 00:48:56 ---A- - C:\Windows\Prefetch\SMARTINSTALLER.EXE-E3FA3FF7.pf
O45 - LFCP:[MD5.C9EE4AF51EE127B4A4458813A9D68C90] - 16/02/2014 - 01:34:52 ---A- - C:\Windows\Prefetch\PMU.EXE-2FA80D2C.pf
O45 - LFCP:[MD5.ABE57ADFA1FB0AB473F391302B3133D1] - 16/02/2014 - 01:51:49 ---A- - C:\Windows\Prefetch\PROFLWIZ.EXE-74F77E33.pf
O45 - LFCP:[MD5.B6B0D27D3120F568928816C0412C296E] - 16/02/2014 - 02:01:58 ---A- - C:\Windows\Prefetch\MSTORE.EXE-F16BBCEC.pf
O45 - LFCP:[MD5.59AF060AE951686BF9A86B8ECFCC96DA] - 16/02/2014 - 11:25:10 ---A- - C:\Windows\Prefetch\ADR.EXE-94AD225A.pf
O45 - LFCP:[MD5.6F03F1FB53560FCC844C6638142F26A2] - 16/02/2014 - 15:26:20 ---A- - C:\Windows\Prefetch\ICREINSTALL_7Z922.EXE-E32D93BA.pf
O45 - LFCP:[MD5.7B2ABC058215B0B707446933228A3EEB] - 16/02/2014 - 15:40:55 ---A- - C:\Windows\Prefetch\7Z922.EXE-9A06AAF8.pf
O45 - LFCP:[MD5.D99D97662C363D6AD8C453F62CEB3375] - 16/02/2014 - 18:02:00 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-53416568.pf
O45 - LFCP:[MD5.DE33B5ECAD17B5EDCBDC50FAB32C332C] - 16/02/2014 - 18:04:00 ---A- - C:\Windows\Prefetch\SMRTADPTR.EXE-9A49AE8F.pf
O45 - LFCP:[MD5.42422FD2ADA1AC69FD2D1E1DE2AD9F25] - 16/02/2014 - 19:25:44 ---A- - C:\Windows\Prefetch\OLRSTATECHECK.EXE-89EE9D3C.pf
O45 - LFCP:[MD5.2D97FAD4D0A361716004A300938483BE] - 16/02/2014 - 19:25:50 ---A- - C:\Windows\Prefetch\PDVD10SERV.EXE-99C8A7B5.pf
O45 - LFCP:[MD5.73665ACCDE909778E296166DBA0CCBD0] - 16/02/2014 - 19:27:49 ---A- - C:\Windows\Prefetch\MMAMAIN.EXE-09634970.pf
O45 - LFCP:[MD5.EA3E93222D57123029897EC173269E57] - 16/02/2014 - 19:39:36 ---A- - C:\Windows\Prefetch\RUGBYRAMA (NO).EXE-4F3CF53E.pf
~ Prefetcher: 226 Legitimates Filtered in 00mn 02s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 13/02/2014 - 19:44:51 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 13/02/2014 - 19:44:51 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.8DECF397B091FF0AF81CC48C601C6B94] - 04/12/2013 - 20:46:36 ---A- . (.Highlightly - Highlightly Driver x64.) -- C:\Windows\System32\Drivers\hlnfd.sys [58256]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 17 Legitimates Filtered in 00mn 03s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\First Run [0]
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_element.js.content [2385]
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_languages.json.content [2033]
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar DNS data\data [89]
O61 - LFC: 13/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\HOSTS.txt [118694] =>.Nicolas Coolman
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\GROUP_ICON\1000 [146]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\1.ico [1662]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\10.ico [1150]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\2.ico [766]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\3.ico [318]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\4.ico [3774]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\5.ico [2238]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\6.ico [1406]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\7 [47646]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\8.ico [9662]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\9.ico [4286]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\VERSION\1 [848]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1001 [3226]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1002 [3183]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1003 [3175]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1004 [3179]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1005 [3193]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1006 [3199]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1007 [3174]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1008 [3199]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1009 [3191]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1010 [3188]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1011 [3230]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1012 [3233]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1021 [2944]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1022 [2938]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1023 [2956]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1024 [2943]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1025 [2943]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1026 [2916]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1027 [2930]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1028 [2926]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1029 [2941]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1030 [2934]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1031 [2945]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1032 [2911]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1033\MANIFEST\1 [1100]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Links\SkyDrive.lnk [651]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Google\Local Search History\google%2Eweb.w [0]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Forms\RefEdit.exd [15428]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Modèles\Normal.dot [30720]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk [0]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Épreuve\PERSO.DIC [5]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1.html [29030]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1_fichiers\SetupReports.css [1938]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1_fichiers\SetupReportsLoc.css [4571]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8.html [27446]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_fichiers\SetupReports.css [1938]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_fichiers\SetupReportsLoc.css [4571]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Bluetooth\Share\Bluetooth_Default.vcf [50]
O61 - LFC: 16/02/2014 - 19:53:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [272730]
O61 - LFC: 16/02/2014 - 19:53:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 16/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Local State [59844]
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Clip Organizer\Offic10.MGC [148512]
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Clip Organizer\mstore10.mgc [197688]
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\Log.txt [99139] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\TestsZHPDiag.txt [2820] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPDiag.txt [33599] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R1].txt [625] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R2].txt [826] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R3].txt [907] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\7z922.exe [1138397]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\PMUPokerSetup (1).exe [786304]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\PMUPokerSetup.exe [786304]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\adwcleaner.exe [1166132]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\powarc61.exe [2137581]
~ 93 Fichiers temporaires (Temporary files)
~ Files: 1288 Legitimates Filtered in 00mn 17s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{C1B64D8E-BB88-4BE3-B26D-54F3AA606E7E}" | Out - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O87 - FAEL: "{A59E292A-3546-4D84-AD99-44E0B9E485D5}" | In - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
~ Firewall: 242 Legitimates Filtered in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "8DFFC309FB5815A4A8D6B4BBAC43A6E6" . (.Boxore Client.) -- C:\Windows\Installer\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}\boxore.ico =>Adware.Boxore
~ Update Products: 102 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/03/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 13/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/02/2014 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 10/12/2012 803872 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 20/06/2013 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 26/02/2013 241152 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 13/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 01/11/2013 1706744 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 01/11/2013 145656 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Demand 19/08/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 24/09/2012 31040 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 08/10/2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 10/04/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 10/12/2012 732160 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 14/01/2013 131032 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 14/01/2013 165336 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 14/01/2013 279000 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 20/02/2013 239176 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 14/01/2013 366040 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 08s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Cyrille at 16/02/2014 19:54:48
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Cyrille at 16/02/2014 19:54:50
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (14/02/2014)
Clés trouvées (Keys found) : 9
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 5
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bizzybolt] =>PUP.Bizzybolt^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_78 =>PUA.FSTfr9^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
~ Additionnel Scan: 255989 Items scanned in 00mn 11s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp
~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps/blog/show/33263878-hijacker-browser =>Hijacker.Browsers
~ http://nicolascoolman.webs.com/apps/blog/show/34014358-pua-fstfr9 =>PUA.FSTfr9
~ http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard
~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blog/show/38533684-pup-bizzybolt =>PUP.Bizzybolt
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad =>Adware.PredictAd
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ MSI: 14 link(s) detected in 00mn 11s
~ 2707 Legitimates filtered by white list
End of the scan (600 lines in 02mn 23s)(0)
ASBH95
Messages postés
61
Date d'inscription
dimanche 16 février 2014
Statut
Membre
Dernière intervention
8 mai 2017
16 févr. 2014 à 20:24
16 févr. 2014 à 20:24
~ Rapport de ZHPDiag v2014.2.14.14 - Nicolas Coolman (14/02/2014)
~ Lancé par Cyrille (16/02/2014 19:52:38)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16798
GCIE: Google Chrome v32.0.1700.107 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : HFPMG
Windows License : OK
~ Windows Remaining Initializations Number : 998
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8084 MB (77% free)
System Restore: Activé (Enable)
System drive C: has 844 GB (93%) free of 906 GB
---\\ Mode de connexion au système
~ Computer Name: MAISON
~ User Name: Cyrille
~ All Users Names: Cyrille, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Cyrille\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Cyrille\AppData\Roaming\
~ %Desktop% : C:\Users\Cyrille\Desktop\
~ %Favorites% : C:\Users\Cyrille\Favorites\
~ %LocalAppData% : C:\Users\Cyrille\AppData\Local\
~ %StartMenu% : C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 844 Go of 906 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 24 Go)
E: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.90860E913075B03369BEB7B0B510DC2F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/02/2014 - 10:19:49.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/06/2013 - 04:23:30.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/06/2013 - 04:07:49.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.20/06/2013 - 04:40:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.20/06/2013 - 04:43:45.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/188
~ Mon Bureau (My Desktop) : 1/7
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3024]
[MD5.434FEE6FF661DCABADB69E55E0747494] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312] [PID.2284]
[MD5.4E9AF25BA5E8219310E384AEA5B0EED8] - (.CyberLink - CyberLink MediaLibrary Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576] [PID.2884]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3268]
[MD5.6E0A993681A809FB61B2BF0D1959AAA4] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416] [PID.4976]
[MD5.D213F06AE294341F3503FD74E22E7DDA] - (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136] [PID.4324]
[MD5.E2043ABD9E13E1B7BF74B1D05E15AA47] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304] [PID.4764]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.4556]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.492]
[MD5.21CBCE4FC4B7916E7755710883C36AE1] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832] [PID.4204]
[MD5.528F404CB22A7EA85795E2315BE4F482] - (.Pas de propriétaire - Rugbyrama (NO).) -- C:\Program Files\WindowsApps\25979Thitony.RugbyramaNO_1.0.0.7_neutral__c1x5g03cap1dy\Rugbyrama (NO).exe [84480] [PID.1800]
[MD5.5CCF60E8557F42D6494ACE11144E16C3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8337920] [PID.5388]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 16 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 2037
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\Desktop [Public]: HP Games.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
O4 - GS\Desktop [Public]: HP Quick Start.lnk . (.Hewlett-Packard - HP Quick Start.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\QuickLaunch [Cyrille]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Cyrille]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [Cyrille]: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
O4 - GS\TaskBar [Cyrille]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.google.com/?gws_rd=ssl =>Hijacker.Browsers
O4 - GS\Program [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [Cyrille]: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
~ Global Startup: 51 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office XP component.) -- C:\Program Files (x86)\Microsoft Office\Office10\OSA.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_78] Clé orpheline =>PUA.FSTfr9
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (.not file.) =>PUP.BrowserSafeguard
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{09E1F296-EF97-4D90-8443-367ACFAE5404}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{C542D77A-2D55-4C56-AD89-FA27835B7762}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{09E1F296-EF97-4D90-8443-367ACFAE5404}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{C542D77A-2D55-4C56-AD89-FA27835B7762}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{725D67D8-CCFA-4DB9-86C9-DEB07C659333}] (...) -- C:\Program Files (x86)\Desk 365\eUninstall.exe (.not file.) [0] =>Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [{EDBF8529-BDB9-4C04-A4B1-96048C7B9374}] (...) -- C:\Program Files (x86)\click-n-mark-5\Uninstall.exe (.not file.) [0]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 07s
---\\ Logiciels installés (O42)
O42 - Logiciel: Bizzybolt - (.Bizzybolt.) [HKLM][64Bits] -- Bizzybolt =>PUP.Bizzybolt
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E} =>Adware.Boxore
O42 - Logiciel: BringStar - (.BringStar.) [HKLM][64Bits] -- BringStar
O42 - Logiciel: OEM Application Profile - (.Nom de votre société.) [HKLM][64Bits] -- {C89A97B6-F991-EBB5-77B7-927BCF420EBE}
O42 - Logiciel: PMU Poker - (.PMU.) [HKLM][64Bits] -- PMUPoker
~ Logic: 45 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\PMU]
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 257 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/02/2014 - 00:27:54 - [0] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 13/02/2014 - 19:03:40 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 16/02/2014 - 00:49:24 - [0,003] ----D C:\Users\Cyrille\AppData\Roaming\PMU
O43 - CFD: 08/02/2014 - 18:43:48 - [0] ----D C:\Users\Cyrille\AppData\Roaming\wam
O43 - CFD: 08/02/2014 - 18:43:49 - [0,628] ----D C:\Users\Cyrille\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 08/02/2014 - 18:50:11 - [0,002] ----D C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop
~ Program Folder: 127 Legitimates Filtered in 00mn 28s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.17DC3AD4488BD77E7DB50E5BB23D8CD4] - 08/02/2014 - 18:31:05 ---A- . (...) -- C:\Windows\System32\RaCoInst.log [2662]
O44 - LFC:[MD5.A828B9E8BBD15782F87F870ADC3B36C5] - 10/02/2014 - 21:52:37 ---A- . (...) -- C:\Windows\DPINST.LOG [13678]
O44 - LFC:[MD5.E7BB47C90A87171B229275636599A404] - 10/02/2014 - 21:52:37 ---A- . (...) -- C:\Windows\Synaptics.log [1332]
O44 - LFC:[MD5.0C81219B850B76C608F845EE8DF8F8E4] - 10/02/2014 - 22:48:55 ---A- . (...) -- C:\Windows\System32\Drivers\rtkhdaud.dat [8]
O44 - LFC:[MD5.EF16C439EF0FEF1580C12A3C105C8E54] - 10/02/2014 - 22:49:15 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [445929]
O44 - LFC:[MD5.4B916278E1487A5CD5F8F9A521980026] - 12/02/2014 - 00:29:51 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [385614]
O44 - LFC:[MD5.F548B91C5BEE2FB054D4EFF2E48308F6] - 12/02/2014 - 20:17:44 ---A- . (...) -- C:\Windows\IE10_main.log [1998]
O44 - LFC:[MD5.E50972DF270BE239ABE99A6FEC24EB88] - 15/02/2014 - 12:13:45 ---A- . (...) -- C:\Windows\win.ini [188]
O44 - LFC:[MD5.B06A2FFC4503DFF01BAD161F37FFE0F9] - 15/02/2014 - 12:13:53 ---A- . (...) -- C:\Windows\ODBC.INI [382]
O44 - LFC:[MD5.59BC44F885368AF507A359C4054289A9] - 15/02/2014 - 21:00:06 ---A- . (...) -- C:\Windows\DtcInstall.log [5499]
O44 - LFC:[MD5.97E1CD22CCEAA8F8EEDD93B277E11C34] - 15/02/2014 - 21:00:09 ---A- . (...) -- C:\Windows\iis.log [12507]
O44 - LFC:[MD5.050C668A459D689E7C033DBCA4417642] - 15/02/2014 - 21:01:13 ---A- . (...) -- C:\Windows\diagerr.xml [22863]
O44 - LFC:[MD5.050C668A459D689E7C033DBCA4417642] - 15/02/2014 - 21:01:15 ---A- . (...) -- C:\Windows\diagwrn.xml [22863]
O44 - LFC:[MD5.704E305631A922F923C6261AC535DF9B] - 15/02/2014 - 22:02:27 ---A- . (...) -- C:\Windows\comsetup.log [6574]
O44 - LFC:[MD5.87E5AAE1AA9431EF1DDEDC46D2145BDB] - 15/02/2014 - 23:23:14 ---A- . (...) -- C:\Windows\0 [32]
~ Files: 288 Legitimates Filtered in 00mn 08s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.39EE9CFE54A00BA7D511ABE8C6C55DE8] - 09/02/2014 - 16:12:07 ---A- - C:\Windows\Prefetch\GROOVESTREAM.EXE-9A5570A8.pf
O45 - LFCP:[MD5.D7880E4305A30BC0CBDDD8C853503A7A] - 09/02/2014 - 17:12:06 ---A- - C:\Windows\Prefetch\HPNETWORKCHECK.EXE-1B1BFCC5.pf
O45 - LFCP:[MD5.D3D2A93AC881E46C01AD2CEBCAC55F29] - 10/02/2014 - 19:07:49 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-ACD94D17.pf =>Adware.Lollipop
O45 - LFCP:[MD5.29B6EB28C0CC0A2898583299012520FF] - 10/02/2014 - 19:39:38 ---A- - C:\Windows\Prefetch\MOUNTVOL.EXE-84487FEE.pf
O45 - LFCP:[MD5.4640A51D59ED7401C4043CB261312EF8] - 11/02/2014 - 23:52:54 ---A- - C:\Windows\Prefetch\WLRMDR.EXE-8CD26CA2.pf
O45 - LFCP:[MD5.80AB3E312122B7045F93AF3AB72F62F9] - 12/02/2014 - 13:26:09 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-F9CF7E6E.pf
O45 - LFCP:[MD5.05456697E1E97978F4F1371E8714D0F7] - 12/02/2014 - 13:49:11 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.43CB099DE9ECC8B739669C8784DC3B65] - 12/02/2014 - 20:17:44 ---A- - C:\Windows\Prefetch\INTERNET-EXPLORER-10_INTERNET-4D180290.pf
O45 - LFCP:[MD5.ADB994BAEBB196F333D08FAAF0CAD741] - 13/02/2014 - 18:41:11 ---A- - C:\Windows\Prefetch\SETUP (1).EXE-0EB61499.pf
O45 - LFCP:[MD5.7DD855852DA8FD7114899580FD79F342] - 13/02/2014 - 18:44:50 ---A- - C:\Windows\Prefetch\ENHANCETRONICSETUP_20131220.E-6DE78913.pf
O45 - LFCP:[MD5.EF40C6C8CD52C893C478C41F78EB0986] - 13/02/2014 - 19:43:56 ---A- - C:\Windows\Prefetch\INSTUP.EXE-A4CED936.pf
O45 - LFCP:[MD5.21F0E975D50C66F244EB85440C975BE7] - 15/02/2014 - 11:34:49 ---A- - C:\Windows\Prefetch\UPFST_FR_78.EXE-8E04742E.pf =>PUA.FSTfr9
O45 - LFCP:[MD5.62D28861F01AF256E14AED0C562BA3E8] - 15/02/2014 - 11:41:56 ---A- - C:\Windows\Prefetch\PREDM.TMP-8C2D42D4.pf
O45 - LFCP:[MD5.DAC12829421BE2858F4B056FF010AD43] - 15/02/2014 - 13:00:30 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT.EXE-CEA0AABB.pf
O45 - LFCP:[MD5.F5002AFF71679992FBC1956F7F511039] - 15/02/2014 - 13:00:42 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-55154128.pf
O45 - LFCP:[MD5.AA9176ACB9EA8A2F21546D9B26B7C4B3] - 15/02/2014 - 14:03:47 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-31CA2EBF.pf
O45 - LFCP:[MD5.4F37154B9BA7F04B3F4AB2C0557DDDA8] - 15/02/2014 - 14:17:49 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.526614A1EF1197DAF75045A214D1448A] - 15/02/2014 - 14:41:24 ---A- - C:\Windows\Prefetch\SP60497.EXE-B10C74AB.pf
O45 - LFCP:[MD5.06A7D803EF48B87C37414FAC0DE7F336] - 15/02/2014 - 14:44:32 ---A- - C:\Windows\Prefetch\WINDOWS8-UPGRADEASSISTANT.EXE-1610A0E4.pf
O45 - LFCP:[MD5.3732F9416D508F82519158752A76320C] - 15/02/2014 - 14:44:36 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-3BD0A795.pf
O45 - LFCP:[MD5.EE4BC758D18977641F68058BEAF330DD] - 15/02/2014 - 14:51:23 ---A- - C:\Windows\Prefetch\SP61291 (2).EXE-584218AF.pf
O45 - LFCP:[MD5.E3BEDB11F83E8DAD36CFAF1C06236962] - 15/02/2014 - 15:07:02 ---A- - C:\Windows\Prefetch\POWERSHELL.EXE-022A1004.pf
O45 - LFCP:[MD5.98D8AAA5672DE2D242430889F03F135A] - 15/02/2014 - 15:13:10 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT (1).E-AFC38493.pf
O45 - LFCP:[MD5.5A322FD59A45DD83CDCCCECE453F5756] - 15/02/2014 - 15:13:15 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-C61D8530.pf
O45 - LFCP:[MD5.B6D04697D2428555B92BACB6CA19F671] - 15/02/2014 - 15:13:46 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT.EXE-423C1BD1.pf
O45 - LFCP:[MD5.ADDC59F5F6A22464ED0AD43795F500B7] - 15/02/2014 - 15:13:49 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-2D064BE2.pf
O45 - LFCP:[MD5.70F3002EA4CF6FB7C0D872A06F043135] - 15/02/2014 - 15:19:19 ---A- - C:\Windows\Prefetch\UNINSTALL.BROWSERSAFEGUARD.EX-2C228AF7.pf =>PUP.BrowserSafeguard
O45 - LFCP:[MD5.CC8CC2D845588D1ED3D1DBA65B3668EA] - 15/02/2014 - 23:52:40 ---A- - C:\Windows\Prefetch\WINAMAX POKER.EXE-C751BD0F.pf
O45 - LFCP:[MD5.3953641177439C25DED0D9DE4DB0B0DD] - 16/02/2014 - 00:48:46 ---A- - C:\Windows\Prefetch\SETF530.TMP-F86418B4.pf
O45 - LFCP:[MD5.F1889784179C4B29057D7E30CFEB2EAA] - 16/02/2014 - 00:48:56 ---A- - C:\Windows\Prefetch\SMARTINSTALLER.EXE-E3FA3FF7.pf
O45 - LFCP:[MD5.C9EE4AF51EE127B4A4458813A9D68C90] - 16/02/2014 - 01:34:52 ---A- - C:\Windows\Prefetch\PMU.EXE-2FA80D2C.pf
O45 - LFCP:[MD5.ABE57ADFA1FB0AB473F391302B3133D1] - 16/02/2014 - 01:51:49 ---A- - C:\Windows\Prefetch\PROFLWIZ.EXE-74F77E33.pf
O45 - LFCP:[MD5.B6B0D27D3120F568928816C0412C296E] - 16/02/2014 - 02:01:58 ---A- - C:\Windows\Prefetch\MSTORE.EXE-F16BBCEC.pf
O45 - LFCP:[MD5.59AF060AE951686BF9A86B8ECFCC96DA] - 16/02/2014 - 11:25:10 ---A- - C:\Windows\Prefetch\ADR.EXE-94AD225A.pf
O45 - LFCP:[MD5.6F03F1FB53560FCC844C6638142F26A2] - 16/02/2014 - 15:26:20 ---A- - C:\Windows\Prefetch\ICREINSTALL_7Z922.EXE-E32D93BA.pf
O45 - LFCP:[MD5.7B2ABC058215B0B707446933228A3EEB] - 16/02/2014 - 15:40:55 ---A- - C:\Windows\Prefetch\7Z922.EXE-9A06AAF8.pf
O45 - LFCP:[MD5.D99D97662C363D6AD8C453F62CEB3375] - 16/02/2014 - 18:02:00 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-53416568.pf
O45 - LFCP:[MD5.DE33B5ECAD17B5EDCBDC50FAB32C332C] - 16/02/2014 - 18:04:00 ---A- - C:\Windows\Prefetch\SMRTADPTR.EXE-9A49AE8F.pf
O45 - LFCP:[MD5.42422FD2ADA1AC69FD2D1E1DE2AD9F25] - 16/02/2014 - 19:25:44 ---A- - C:\Windows\Prefetch\OLRSTATECHECK.EXE-89EE9D3C.pf
O45 - LFCP:[MD5.2D97FAD4D0A361716004A300938483BE] - 16/02/2014 - 19:25:50 ---A- - C:\Windows\Prefetch\PDVD10SERV.EXE-99C8A7B5.pf
O45 - LFCP:[MD5.73665ACCDE909778E296166DBA0CCBD0] - 16/02/2014 - 19:27:49 ---A- - C:\Windows\Prefetch\MMAMAIN.EXE-09634970.pf
O45 - LFCP:[MD5.EA3E93222D57123029897EC173269E57] - 16/02/2014 - 19:39:36 ---A- - C:\Windows\Prefetch\RUGBYRAMA (NO).EXE-4F3CF53E.pf
~ Prefetcher: 226 Legitimates Filtered in 00mn 02s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 13/02/2014 - 19:44:51 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 13/02/2014 - 19:44:51 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.8DECF397B091FF0AF81CC48C601C6B94] - 04/12/2013 - 20:46:36 ---A- . (.Highlightly - Highlightly Driver x64.) -- C:\Windows\System32\Drivers\hlnfd.sys [58256]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 17 Legitimates Filtered in 00mn 03s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\First Run [0]
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_element.js.content [2385]
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_languages.json.content [2033]
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar DNS data\data [89]
O61 - LFC: 13/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\HOSTS.txt [118694] =>.Nicolas Coolman
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\GROUP_ICON\1000 [146]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\1.ico [1662]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\10.ico [1150]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\2.ico [766]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\3.ico [318]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\4.ico [3774]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\5.ico [2238]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\6.ico [1406]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\7 [47646]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\8.ico [9662]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\9.ico [4286]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\VERSION\1 [848]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1001 [3226]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1002 [3183]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1003 [3175]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1004 [3179]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1005 [3193]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1006 [3199]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1007 [3174]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1008 [3199]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1009 [3191]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1010 [3188]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1011 [3230]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1012 [3233]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1021 [2944]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1022 [2938]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1023 [2956]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1024 [2943]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1025 [2943]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1026 [2916]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1027 [2930]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1028 [2926]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1029 [2941]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1030 [2934]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1031 [2945]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1032 [2911]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1033\MANIFEST\1 [1100]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Links\SkyDrive.lnk [651]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Google\Local Search History\google%2Eweb.w [0]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Forms\RefEdit.exd [15428]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Modèles\Normal.dot [30720]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk [0]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Épreuve\PERSO.DIC [5]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1.html [29030]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1_fichiers\SetupReports.css [1938]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1_fichiers\SetupReportsLoc.css [4571]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8.html [27446]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_fichiers\SetupReports.css [1938]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_fichiers\SetupReportsLoc.css [4571]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Bluetooth\Share\Bluetooth_Default.vcf [50]
O61 - LFC: 16/02/2014 - 19:53:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [272730]
O61 - LFC: 16/02/2014 - 19:53:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 16/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Local State [59844]
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Clip Organizer\Offic10.MGC [148512]
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Clip Organizer\mstore10.mgc [197688]
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\Log.txt [99139] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\TestsZHPDiag.txt [2820] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPDiag.txt [33599] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R1].txt [625] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R2].txt [826] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R3].txt [907] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\7z922.exe [1138397]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\PMUPokerSetup (1).exe [786304]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\PMUPokerSetup.exe [786304]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\adwcleaner.exe [1166132]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\powarc61.exe [2137581]
~ 93 Fichiers temporaires (Temporary files)
~ Files: 1288 Legitimates Filtered in 00mn 17s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{C1B64D8E-BB88-4BE3-B26D-54F3AA606E7E}" | Out - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O87 - FAEL: "{A59E292A-3546-4D84-AD99-44E0B9E485D5}" | In - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
~ Firewall: 242 Legitimates Filtered in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "8DFFC309FB5815A4A8D6B4BBAC43A6E6" . (.Boxore Client.) -- C:\Windows\Installer\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}\boxore.ico =>Adware.Boxore
~ Update Products: 102 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/03/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 13/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/02/2014 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 10/12/2012 803872 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 20/06/2013 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 26/02/2013 241152 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 13/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 01/11/2013 1706744 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 01/11/2013 145656 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Demand 19/08/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 24/09/2012 31040 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 08/10/2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 10/04/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 10/12/2012 732160 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 14/01/2013 131032 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 14/01/2013 165336 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 14/01/2013 279000 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 20/02/2013 239176 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 14/01/2013 366040 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 08s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Cyrille at 16/02/2014 19:54:48
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Cyrille at 16/02/2014 19:54:50
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (14/02/2014)
Clés trouvées (Keys found) : 9
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 5
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bizzybolt] =>PUP.Bizzybolt^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_78 =>PUA.FSTfr9^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
~ Additionnel Scan: 255989 Items scanned in 00mn 11s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp
~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps/blog/show/33263878-hijacker-browser =>Hijacker.Browsers
~ http://nicolascoolman.webs.com/apps/blog/show/34014358-pua-fstfr9 =>PUA.FSTfr9
~ http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard
~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blog/show/38533684-pup-bizzybolt =>PUP.Bizzybolt
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad =>Adware.PredictAd
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ MSI: 14 link(s) detected in 00mn 11s
~ 2707 Legitimates filtered by white list
End of the scan (600 lines in 02mn 23s)(0)
~ Lancé par Cyrille (16/02/2014 19:52:38)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16798
GCIE: Google Chrome v32.0.1700.107 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : HFPMG
Windows License : OK
~ Windows Remaining Initializations Number : 998
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8084 MB (77% free)
System Restore: Activé (Enable)
System drive C: has 844 GB (93%) free of 906 GB
---\\ Mode de connexion au système
~ Computer Name: MAISON
~ User Name: Cyrille
~ All Users Names: Cyrille, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Cyrille\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Cyrille\AppData\Roaming\
~ %Desktop% : C:\Users\Cyrille\Desktop\
~ %Favorites% : C:\Users\Cyrille\Favorites\
~ %LocalAppData% : C:\Users\Cyrille\AppData\Local\
~ %StartMenu% : C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 844 Go of 906 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 24 Go)
E: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.90860E913075B03369BEB7B0B510DC2F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/02/2014 - 10:19:49.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/06/2013 - 04:23:30.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/06/2013 - 04:07:49.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.20/06/2013 - 04:40:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.20/06/2013 - 04:43:45.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/188
~ Mon Bureau (My Desktop) : 1/7
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3024]
[MD5.434FEE6FF661DCABADB69E55E0747494] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312] [PID.2284]
[MD5.4E9AF25BA5E8219310E384AEA5B0EED8] - (.CyberLink - CyberLink MediaLibrary Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576] [PID.2884]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3268]
[MD5.6E0A993681A809FB61B2BF0D1959AAA4] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416] [PID.4976]
[MD5.D213F06AE294341F3503FD74E22E7DDA] - (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136] [PID.4324]
[MD5.E2043ABD9E13E1B7BF74B1D05E15AA47] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304] [PID.4764]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.4556]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.492]
[MD5.21CBCE4FC4B7916E7755710883C36AE1] - (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832] [PID.4204]
[MD5.528F404CB22A7EA85795E2315BE4F482] - (.Pas de propriétaire - Rugbyrama (NO).) -- C:\Program Files\WindowsApps\25979Thitony.RugbyramaNO_1.0.0.7_neutral__c1x5g03cap1dy\Rugbyrama (NO).exe [84480] [PID.1800]
[MD5.5CCF60E8557F42D6494ACE11144E16C3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8337920] [PID.5388]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 16 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 2037
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\Desktop [Public]: HP Games.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
O4 - GS\Desktop [Public]: HP Quick Start.lnk . (.Hewlett-Packard - HP Quick Start.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\QuickLaunch [Cyrille]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Cyrille]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\QuickLaunch [Cyrille]: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
O4 - GS\TaskBar [Cyrille]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.google.com/?gws_rd=ssl =>Hijacker.Browsers
O4 - GS\Program [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\Desktop [Cyrille]: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
~ Global Startup: 51 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office XP component.) -- C:\Program Files (x86)\Microsoft Office\Office10\OSA.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_78] Clé orpheline =>PUA.FSTfr9
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (.not file.) =>PUP.BrowserSafeguard
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKUS\S-1-5-21-3276696279-3461742331-3328500945-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Cyrille\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{09E1F296-EF97-4D90-8443-367ACFAE5404}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{C542D77A-2D55-4C56-AD89-FA27835B7762}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{09E1F296-EF97-4D90-8443-367ACFAE5404}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{C542D77A-2D55-4C56-AD89-FA27835B7762}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{725D67D8-CCFA-4DB9-86C9-DEB07C659333}] (...) -- C:\Program Files (x86)\Desk 365\eUninstall.exe (.not file.) [0] =>Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [{EDBF8529-BDB9-4C04-A4B1-96048C7B9374}] (...) -- C:\Program Files (x86)\click-n-mark-5\Uninstall.exe (.not file.) [0]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 07s
---\\ Logiciels installés (O42)
O42 - Logiciel: Bizzybolt - (.Bizzybolt.) [HKLM][64Bits] -- Bizzybolt =>PUP.Bizzybolt
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E} =>Adware.Boxore
O42 - Logiciel: BringStar - (.BringStar.) [HKLM][64Bits] -- BringStar
O42 - Logiciel: OEM Application Profile - (.Nom de votre société.) [HKLM][64Bits] -- {C89A97B6-F991-EBB5-77B7-927BCF420EBE}
O42 - Logiciel: PMU Poker - (.PMU.) [HKLM][64Bits] -- PMUPoker
~ Logic: 45 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\PMU]
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 257 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/02/2014 - 00:27:54 - [0] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 13/02/2014 - 19:03:40 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 16/02/2014 - 00:49:24 - [0,003] ----D C:\Users\Cyrille\AppData\Roaming\PMU
O43 - CFD: 08/02/2014 - 18:43:48 - [0] ----D C:\Users\Cyrille\AppData\Roaming\wam
O43 - CFD: 08/02/2014 - 18:43:49 - [0,628] ----D C:\Users\Cyrille\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 08/02/2014 - 18:50:11 - [0,002] ----D C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop
~ Program Folder: 127 Legitimates Filtered in 00mn 28s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.17DC3AD4488BD77E7DB50E5BB23D8CD4] - 08/02/2014 - 18:31:05 ---A- . (...) -- C:\Windows\System32\RaCoInst.log [2662]
O44 - LFC:[MD5.A828B9E8BBD15782F87F870ADC3B36C5] - 10/02/2014 - 21:52:37 ---A- . (...) -- C:\Windows\DPINST.LOG [13678]
O44 - LFC:[MD5.E7BB47C90A87171B229275636599A404] - 10/02/2014 - 21:52:37 ---A- . (...) -- C:\Windows\Synaptics.log [1332]
O44 - LFC:[MD5.0C81219B850B76C608F845EE8DF8F8E4] - 10/02/2014 - 22:48:55 ---A- . (...) -- C:\Windows\System32\Drivers\rtkhdaud.dat [8]
O44 - LFC:[MD5.EF16C439EF0FEF1580C12A3C105C8E54] - 10/02/2014 - 22:49:15 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [445929]
O44 - LFC:[MD5.4B916278E1487A5CD5F8F9A521980026] - 12/02/2014 - 00:29:51 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [385614]
O44 - LFC:[MD5.F548B91C5BEE2FB054D4EFF2E48308F6] - 12/02/2014 - 20:17:44 ---A- . (...) -- C:\Windows\IE10_main.log [1998]
O44 - LFC:[MD5.E50972DF270BE239ABE99A6FEC24EB88] - 15/02/2014 - 12:13:45 ---A- . (...) -- C:\Windows\win.ini [188]
O44 - LFC:[MD5.B06A2FFC4503DFF01BAD161F37FFE0F9] - 15/02/2014 - 12:13:53 ---A- . (...) -- C:\Windows\ODBC.INI [382]
O44 - LFC:[MD5.59BC44F885368AF507A359C4054289A9] - 15/02/2014 - 21:00:06 ---A- . (...) -- C:\Windows\DtcInstall.log [5499]
O44 - LFC:[MD5.97E1CD22CCEAA8F8EEDD93B277E11C34] - 15/02/2014 - 21:00:09 ---A- . (...) -- C:\Windows\iis.log [12507]
O44 - LFC:[MD5.050C668A459D689E7C033DBCA4417642] - 15/02/2014 - 21:01:13 ---A- . (...) -- C:\Windows\diagerr.xml [22863]
O44 - LFC:[MD5.050C668A459D689E7C033DBCA4417642] - 15/02/2014 - 21:01:15 ---A- . (...) -- C:\Windows\diagwrn.xml [22863]
O44 - LFC:[MD5.704E305631A922F923C6261AC535DF9B] - 15/02/2014 - 22:02:27 ---A- . (...) -- C:\Windows\comsetup.log [6574]
O44 - LFC:[MD5.87E5AAE1AA9431EF1DDEDC46D2145BDB] - 15/02/2014 - 23:23:14 ---A- . (...) -- C:\Windows\0 [32]
~ Files: 288 Legitimates Filtered in 00mn 08s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.39EE9CFE54A00BA7D511ABE8C6C55DE8] - 09/02/2014 - 16:12:07 ---A- - C:\Windows\Prefetch\GROOVESTREAM.EXE-9A5570A8.pf
O45 - LFCP:[MD5.D7880E4305A30BC0CBDDD8C853503A7A] - 09/02/2014 - 17:12:06 ---A- - C:\Windows\Prefetch\HPNETWORKCHECK.EXE-1B1BFCC5.pf
O45 - LFCP:[MD5.D3D2A93AC881E46C01AD2CEBCAC55F29] - 10/02/2014 - 19:07:49 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-ACD94D17.pf =>Adware.Lollipop
O45 - LFCP:[MD5.29B6EB28C0CC0A2898583299012520FF] - 10/02/2014 - 19:39:38 ---A- - C:\Windows\Prefetch\MOUNTVOL.EXE-84487FEE.pf
O45 - LFCP:[MD5.4640A51D59ED7401C4043CB261312EF8] - 11/02/2014 - 23:52:54 ---A- - C:\Windows\Prefetch\WLRMDR.EXE-8CD26CA2.pf
O45 - LFCP:[MD5.80AB3E312122B7045F93AF3AB72F62F9] - 12/02/2014 - 13:26:09 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-F9CF7E6E.pf
O45 - LFCP:[MD5.05456697E1E97978F4F1371E8714D0F7] - 12/02/2014 - 13:49:11 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.43CB099DE9ECC8B739669C8784DC3B65] - 12/02/2014 - 20:17:44 ---A- - C:\Windows\Prefetch\INTERNET-EXPLORER-10_INTERNET-4D180290.pf
O45 - LFCP:[MD5.ADB994BAEBB196F333D08FAAF0CAD741] - 13/02/2014 - 18:41:11 ---A- - C:\Windows\Prefetch\SETUP (1).EXE-0EB61499.pf
O45 - LFCP:[MD5.7DD855852DA8FD7114899580FD79F342] - 13/02/2014 - 18:44:50 ---A- - C:\Windows\Prefetch\ENHANCETRONICSETUP_20131220.E-6DE78913.pf
O45 - LFCP:[MD5.EF40C6C8CD52C893C478C41F78EB0986] - 13/02/2014 - 19:43:56 ---A- - C:\Windows\Prefetch\INSTUP.EXE-A4CED936.pf
O45 - LFCP:[MD5.21F0E975D50C66F244EB85440C975BE7] - 15/02/2014 - 11:34:49 ---A- - C:\Windows\Prefetch\UPFST_FR_78.EXE-8E04742E.pf =>PUA.FSTfr9
O45 - LFCP:[MD5.62D28861F01AF256E14AED0C562BA3E8] - 15/02/2014 - 11:41:56 ---A- - C:\Windows\Prefetch\PREDM.TMP-8C2D42D4.pf
O45 - LFCP:[MD5.DAC12829421BE2858F4B056FF010AD43] - 15/02/2014 - 13:00:30 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT.EXE-CEA0AABB.pf
O45 - LFCP:[MD5.F5002AFF71679992FBC1956F7F511039] - 15/02/2014 - 13:00:42 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-55154128.pf
O45 - LFCP:[MD5.AA9176ACB9EA8A2F21546D9B26B7C4B3] - 15/02/2014 - 14:03:47 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-31CA2EBF.pf
O45 - LFCP:[MD5.4F37154B9BA7F04B3F4AB2C0557DDDA8] - 15/02/2014 - 14:17:49 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.526614A1EF1197DAF75045A214D1448A] - 15/02/2014 - 14:41:24 ---A- - C:\Windows\Prefetch\SP60497.EXE-B10C74AB.pf
O45 - LFCP:[MD5.06A7D803EF48B87C37414FAC0DE7F336] - 15/02/2014 - 14:44:32 ---A- - C:\Windows\Prefetch\WINDOWS8-UPGRADEASSISTANT.EXE-1610A0E4.pf
O45 - LFCP:[MD5.3732F9416D508F82519158752A76320C] - 15/02/2014 - 14:44:36 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-3BD0A795.pf
O45 - LFCP:[MD5.EE4BC758D18977641F68058BEAF330DD] - 15/02/2014 - 14:51:23 ---A- - C:\Windows\Prefetch\SP61291 (2).EXE-584218AF.pf
O45 - LFCP:[MD5.E3BEDB11F83E8DAD36CFAF1C06236962] - 15/02/2014 - 15:07:02 ---A- - C:\Windows\Prefetch\POWERSHELL.EXE-022A1004.pf
O45 - LFCP:[MD5.98D8AAA5672DE2D242430889F03F135A] - 15/02/2014 - 15:13:10 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT (1).E-AFC38493.pf
O45 - LFCP:[MD5.5A322FD59A45DD83CDCCCECE453F5756] - 15/02/2014 - 15:13:15 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-C61D8530.pf
O45 - LFCP:[MD5.B6D04697D2428555B92BACB6CA19F671] - 15/02/2014 - 15:13:46 ---A- - C:\Windows\Prefetch\WINDOWSUPGRADEASSISTANT.EXE-423C1BD1.pf
O45 - LFCP:[MD5.ADDC59F5F6A22464ED0AD43795F500B7] - 15/02/2014 - 15:13:49 ---A- - C:\Windows\Prefetch\WEBPREP.EXE-2D064BE2.pf
O45 - LFCP:[MD5.70F3002EA4CF6FB7C0D872A06F043135] - 15/02/2014 - 15:19:19 ---A- - C:\Windows\Prefetch\UNINSTALL.BROWSERSAFEGUARD.EX-2C228AF7.pf =>PUP.BrowserSafeguard
O45 - LFCP:[MD5.CC8CC2D845588D1ED3D1DBA65B3668EA] - 15/02/2014 - 23:52:40 ---A- - C:\Windows\Prefetch\WINAMAX POKER.EXE-C751BD0F.pf
O45 - LFCP:[MD5.3953641177439C25DED0D9DE4DB0B0DD] - 16/02/2014 - 00:48:46 ---A- - C:\Windows\Prefetch\SETF530.TMP-F86418B4.pf
O45 - LFCP:[MD5.F1889784179C4B29057D7E30CFEB2EAA] - 16/02/2014 - 00:48:56 ---A- - C:\Windows\Prefetch\SMARTINSTALLER.EXE-E3FA3FF7.pf
O45 - LFCP:[MD5.C9EE4AF51EE127B4A4458813A9D68C90] - 16/02/2014 - 01:34:52 ---A- - C:\Windows\Prefetch\PMU.EXE-2FA80D2C.pf
O45 - LFCP:[MD5.ABE57ADFA1FB0AB473F391302B3133D1] - 16/02/2014 - 01:51:49 ---A- - C:\Windows\Prefetch\PROFLWIZ.EXE-74F77E33.pf
O45 - LFCP:[MD5.B6B0D27D3120F568928816C0412C296E] - 16/02/2014 - 02:01:58 ---A- - C:\Windows\Prefetch\MSTORE.EXE-F16BBCEC.pf
O45 - LFCP:[MD5.59AF060AE951686BF9A86B8ECFCC96DA] - 16/02/2014 - 11:25:10 ---A- - C:\Windows\Prefetch\ADR.EXE-94AD225A.pf
O45 - LFCP:[MD5.6F03F1FB53560FCC844C6638142F26A2] - 16/02/2014 - 15:26:20 ---A- - C:\Windows\Prefetch\ICREINSTALL_7Z922.EXE-E32D93BA.pf
O45 - LFCP:[MD5.7B2ABC058215B0B707446933228A3EEB] - 16/02/2014 - 15:40:55 ---A- - C:\Windows\Prefetch\7Z922.EXE-9A06AAF8.pf
O45 - LFCP:[MD5.D99D97662C363D6AD8C453F62CEB3375] - 16/02/2014 - 18:02:00 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-53416568.pf
O45 - LFCP:[MD5.DE33B5ECAD17B5EDCBDC50FAB32C332C] - 16/02/2014 - 18:04:00 ---A- - C:\Windows\Prefetch\SMRTADPTR.EXE-9A49AE8F.pf
O45 - LFCP:[MD5.42422FD2ADA1AC69FD2D1E1DE2AD9F25] - 16/02/2014 - 19:25:44 ---A- - C:\Windows\Prefetch\OLRSTATECHECK.EXE-89EE9D3C.pf
O45 - LFCP:[MD5.2D97FAD4D0A361716004A300938483BE] - 16/02/2014 - 19:25:50 ---A- - C:\Windows\Prefetch\PDVD10SERV.EXE-99C8A7B5.pf
O45 - LFCP:[MD5.73665ACCDE909778E296166DBA0CCBD0] - 16/02/2014 - 19:27:49 ---A- - C:\Windows\Prefetch\MMAMAIN.EXE-09634970.pf
O45 - LFCP:[MD5.EA3E93222D57123029897EC173269E57] - 16/02/2014 - 19:39:36 ---A- - C:\Windows\Prefetch\RUGBYRAMA (NO).EXE-4F3CF53E.pf
~ Prefetcher: 226 Legitimates Filtered in 00mn 02s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 13/02/2014 - 19:44:51 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 13/02/2014 - 19:44:51 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.8DECF397B091FF0AF81CC48C601C6B94] - 04/12/2013 - 20:46:36 ---A- . (.Highlightly - Highlightly Driver x64.) -- C:\Windows\System32\Drivers\hlnfd.sys [58256]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 17 Legitimates Filtered in 00mn 03s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\First Run [0]
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_element.js.content [2385]
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar Cache\7.5.4805.320\fr\translate_languages.json.content [2033]
O61 - LFC: 13/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Toolbar DNS data\data [89]
O61 - LFC: 13/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\HOSTS.txt [118694] =>.Nicolas Coolman
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\GROUP_ICON\1000 [146]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\1.ico [1662]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\10.ico [1150]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\2.ico [766]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\3.ico [318]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\4.ico [3774]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\5.ico [2238]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\6.ico [1406]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\7 [47646]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\8.ico [9662]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\ICON\9.ico [4286]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\0\VERSION\1 [848]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1001 [3226]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1002 [3183]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1003 [3175]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1004 [3179]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1005 [3193]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1006 [3199]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1007 [3174]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1008 [3199]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1009 [3191]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1010 [3188]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1011 [3230]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1012 [3233]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1021 [2944]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1022 [2938]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1023 [2956]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1024 [2943]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1025 [2943]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1026 [2916]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1027 [2930]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1028 [2926]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1029 [2941]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1030 [2934]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1031 [2945]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1029\FILE\1032 [2911]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\avast_free_antivirus_setup\.rsrc\1033\MANIFEST\1 [1100]
O61 - LFC: 13/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Links\SkyDrive.lnk [651]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Google\Local Search History\google%2Eweb.w [0]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Forms\RefEdit.exd [15428]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Modèles\Normal.dot [30720]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk [0]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Épreuve\PERSO.DIC [5]
O61 - LFC: 15/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1.html [29030]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1_fichiers\SetupReports.css [1938]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_1_fichiers\SetupReportsLoc.css [4571]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8.html [27446]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_fichiers\SetupReports.css [1938]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Assistant Mise à niveau de Windows 8_fichiers\SetupReportsLoc.css [4571]
O61 - LFC: 15/02/2014 - 19:54:13 ---A- . (...) -- C:\Users\Cyrille\Documents\Bluetooth\Share\Bluetooth_Default.vcf [50]
O61 - LFC: 16/02/2014 - 19:53:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [272730]
O61 - LFC: 16/02/2014 - 19:53:57 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 16/02/2014 - 19:54:01 ---A- . (...) -- C:\Users\Cyrille\AppData\Local\Google\Chrome\User Data\Local State [59844]
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Clip Organizer\Offic10.MGC [148512]
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Clip Organizer\mstore10.mgc [197688]
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\Log.txt [99139] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\TestsZHPDiag.txt [2820] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPDiag.txt [33599] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R1].txt [625] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R2].txt [826] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:12 ---A- . (...) -- C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R3].txt [907] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\7z922.exe [1138397]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\PMUPokerSetup (1).exe [786304]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\PMUPokerSetup.exe [786304]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\adwcleaner.exe [1166132]
O61 - LFC: 16/02/2014 - 19:54:14 ---A- . (...) -- C:\Users\Cyrille\Downloads\powarc61.exe [2137581]
~ 93 Fichiers temporaires (Temporary files)
~ Files: 1288 Legitimates Filtered in 00mn 17s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{C1B64D8E-BB88-4BE3-B26D-54F3AA606E7E}" | Out - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O87 - FAEL: "{A59E292A-3546-4D84-AD99-44E0B9E485D5}" | In - None - P6 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
~ Firewall: 242 Legitimates Filtered in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "8DFFC309FB5815A4A8D6B4BBAC43A6E6" . (.Boxore Client.) -- C:\Windows\Installer\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}\boxore.ico =>Adware.Boxore
~ Update Products: 102 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/03/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 13/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/02/2014 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 10/12/2012 803872 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 20/06/2013 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 26/02/2013 241152 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 13/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 01/11/2013 1706744 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 01/11/2013 145656 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Demand 19/08/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 24/09/2012 31040 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 08/10/2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 10/04/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 10/12/2012 732160 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 14/01/2013 131032 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 14/01/2013 165336 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 14/01/2013 279000 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 20/02/2013 239176 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 14/01/2013 366040 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 08s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Cyrille at 16/02/2014 19:54:48
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Cyrille at 16/02/2014 19:54:50
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (14/02/2014)
Clés trouvées (Keys found) : 9
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 5
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bizzybolt] =>PUP.Bizzybolt^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_78 =>PUA.FSTfr9^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
~ Additionnel Scan: 255989 Items scanned in 00mn 11s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp
~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps/blog/show/33263878-hijacker-browser =>Hijacker.Browsers
~ http://nicolascoolman.webs.com/apps/blog/show/34014358-pua-fstfr9 =>PUA.FSTfr9
~ http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard
~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blog/show/38533684-pup-bizzybolt =>PUP.Bizzybolt
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad =>Adware.PredictAd
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ MSI: 14 link(s) detected in 00mn 11s
~ 2707 Legitimates filtered by white list
End of the scan (600 lines in 02mn 23s)(0)
ASBH95
Messages postés
61
Date d'inscription
dimanche 16 février 2014
Statut
Membre
Dernière intervention
8 mai 2017
16 févr. 2014 à 20:27
16 févr. 2014 à 20:27
J'ai finalement trouvé le lien https://www.cjoint.com/?3Bquuz5x4Rr
merci pour votre patiente
merci pour votre patiente
ArnaudLy6
Messages postés
4412
Date d'inscription
samedi 22 mai 2010
Statut
Membre
Dernière intervention
13 février 2016
189
16 févr. 2014 à 21:25
16 févr. 2014 à 21:25
Voici les étapes à suivre :
- Vide complètement ta corbeille
- En suite lance cette fois-ci ZhpFix (clique droit et "Exécuter en tant qu'Administrateur"
- Clique sur "Importer'
- Et colle ça :
Script ZHPFix
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
O4 - GS\QuickLaunch [Cyrille]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\TaskBar [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.google.com/?gws_rd=ssl =>Hijacker.Browsers
O4 - GS\Program [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_78] Clé orpheline =>PUA.FSTfr9
O4 - HKLM\..\Wow6432Node\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (.not file.) =>PUP.BrowserSafeguard
[MD5.00000000000000000000000000000000] [APT] [{725D67D8-CCFA-4DB9-86C9-DEB07C659333}] (...) -- C:\Program Files (x86)\Desk 365\eUninstall.exe (.not file.) [0] =>Hijacker.22Find
O42 - Logiciel: Bizzybolt - (.Bizzybolt.) [HKLM][64Bits] -- Bizzybolt =>PUP.Bizzybolt
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E} =>Adware.Boxore
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
O43 - CFD: 16/02/2014 - 00:27:54 - [0] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 13/02/2014 - 19:03:40 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 08/02/2014 - 18:50:11 - [0,002] ----D C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop
O45 - LFCP:[MD5.D3D2A93AC881E46C01AD2CEBCAC55F29] - 10/02/2014 - 19:07:49 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-ACD94D17.pf =>Adware.Lollipop
O45 - LFCP:[MD5.21F0E975D50C66F244EB85440C975BE7] - 15/02/2014 - 11:34:49 ---A- - C:\Windows\Prefetch\UPFST_FR_78.EXE-8E04742E.pf =>PUA.FSTfr9
O45 - LFCP:[MD5.70F3002EA4CF6FB7C0D872A06F043135] - 15/02/2014 - 15:19:19 ---A- - C:\Windows\Prefetch\UNINSTALL.BROWSERSAFEGUARD.EX-2C228AF7.pf =>PUP.BrowserSafeguard
O90 - PUC: "8DFFC309FB5815A4A8D6B4BBAC43A6E6" . (.Boxore Client.) -- C:\Windows\Installer\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}\boxore.ico =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bizzybolt] =>PUP.Bizzybolt^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_78 =>PUA.FSTfr9^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
EmptyTemp
SysRestore
- Clique sur Go en bas à gauche
- Confirme le nettoyage
- Et accepte le "vidage de corbeille"
- Colle le rapport de nettoyage obtenu
ATTENTION : ce script ne doit pas être utilisé par un autre ordinateur
- Vide complètement ta corbeille
- En suite lance cette fois-ci ZhpFix (clique droit et "Exécuter en tant qu'Administrateur"
- Clique sur "Importer'
- Et colle ça :
Script ZHPFix
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
O4 - GS\QuickLaunch [Cyrille]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - GS\TaskBar [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.google.com/?gws_rd=ssl =>Hijacker.Browsers
O4 - GS\Program [Cyrille]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_78] Clé orpheline =>PUA.FSTfr9
O4 - HKLM\..\Wow6432Node\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (.not file.) =>PUP.BrowserSafeguard
[MD5.00000000000000000000000000000000] [APT] [{725D67D8-CCFA-4DB9-86C9-DEB07C659333}] (...) -- C:\Program Files (x86)\Desk 365\eUninstall.exe (.not file.) [0] =>Hijacker.22Find
O42 - Logiciel: Bizzybolt - (.Bizzybolt.) [HKLM][64Bits] -- Bizzybolt =>PUP.Bizzybolt
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E} =>Adware.Boxore
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
O43 - CFD: 16/02/2014 - 00:27:54 - [0] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 13/02/2014 - 19:03:40 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 08/02/2014 - 18:50:11 - [0,002] ----D C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop
O45 - LFCP:[MD5.D3D2A93AC881E46C01AD2CEBCAC55F29] - 10/02/2014 - 19:07:49 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-ACD94D17.pf =>Adware.Lollipop
O45 - LFCP:[MD5.21F0E975D50C66F244EB85440C975BE7] - 15/02/2014 - 11:34:49 ---A- - C:\Windows\Prefetch\UPFST_FR_78.EXE-8E04742E.pf =>PUA.FSTfr9
O45 - LFCP:[MD5.70F3002EA4CF6FB7C0D872A06F043135] - 15/02/2014 - 15:19:19 ---A- - C:\Windows\Prefetch\UNINSTALL.BROWSERSAFEGUARD.EX-2C228AF7.pf =>PUP.BrowserSafeguard
O90 - PUC: "8DFFC309FB5815A4A8D6B4BBAC43A6E6" . (.Boxore Client.) -- C:\Windows\Installer\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}\boxore.ico =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bizzybolt] =>PUP.Bizzybolt^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422512282}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_78 =>PUA.FSTfr9^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
EmptyTemp
SysRestore
- Clique sur Go en bas à gauche
- Confirme le nettoyage
- Et accepte le "vidage de corbeille"
- Colle le rapport de nettoyage obtenu
ATTENTION : ce script ne doit pas être utilisé par un autre ordinateur
ASBH95
Messages postés
61
Date d'inscription
dimanche 16 février 2014
Statut
Membre
Dernière intervention
8 mai 2017
16 févr. 2014 à 22:19
16 févr. 2014 à 22:19
voici le nouveau rapport
Rapport de ZHPFix 2014.2.12.2 par Nicolas Coolman, Update du 12/02/2014
Fichier d'export Registre :
Run by Cyrille at 16/02/2014 22:16:40
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Corbeille vidée (00mn 30s)
========== Logiciels ==========
SUPPRIMÉ: Boxore Client
========== Clés du Registre ==========
SUPPRIMÉ: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}]
SUPPRIMÉ: HKLM\Software\Wow6432Node\Wpm
SUPPRIMÉ: HKLM\Software\Wow6432Node\supTab
SUPPRIMÉ: HKLM\Software\Wow6432Node\supWPM
SUPPRIMÉ: [HKLM\Software\Classes\Installer\Products\\8DFFC309FB5815A4A8D6B4BBAC43A6E6]
SUPPRIMÉ: [HKLM\Software\Classes\Installer\Features\8DFFC309FB5815A4A8D6B4BBAC43A6E6]
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bizzybolt
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160
SUPPRIMÉ:* HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422512282}
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC
========== Valeurs du Registre ==========
SUPPRIMÉ RunValue: fst_fr_78
SUPPRIMÉ RunValue: BrowserSafeguard
========== Eléments de donnée du Registre ==========
SUPPRIMÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
SUPPRIMÉ: R1 Search Page =
========== Dossiers ==========
SUPPRIMÉ: C:\Program Files (x86)\SupTab
SUPPRIMÉ: C:\ProgramData\WPM
SUPPRIMÉ: C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
SUPPRIMÉS Temporaires Windows (83)
========== Fichiers ==========
SUPPRIMÉ: c:\users\cyrille\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk (http://www.awesomehp.com)
CRÉÉ: C:\Users\Cyrille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
SUPPRIMÉ: c:\users\cyrille\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk (http://www.google.com)
CRÉÉ: C:\Users\Cyrille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
SUPPRIMÉ: c:\users\cyrille\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk (http://www.awesomehp.com)
CRÉÉ: C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
SUPPRIMÉ: c:\windows\prefetch\lollipop.exe-acd94d17.pf
SUPPRIMÉ: c:\windows\prefetch\upfst_fr_78.exe-8e04742e.pf
SUPPRIMÉ: c:\windows\prefetch\uninstall.browsersafeguard.ex-2c228af7.pf
SUPPRIMÉ: C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller1.log
SUPPRIMÉ: C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller2.log
SUPPRIMÉS Temporaires Windows (520) (259 097 997 octets)
========== Tache planifiée ==========
SUPPRIMÉ: {725D67D8-CCFA-4DB9-86C9-DEB07C659333}
========== Restauration Système ==========
Point de restauration du système créé avec succès
========== Récapitulatif ==========
13 : Clés du Registre
2 : Valeurs du Registre
2 : Eléments de donnée du Registre
4 : Dossiers
12 : Fichiers
1 : Logiciels
1 : Tache planifiée
1 : Restauration Système
End of clean in 33mn 21s
========== Chemin de fichier rapport ==========
C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/02/2014 13:24:36 [625]
C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R2].txt - 16/02/2014 13:25:09 [826]
C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R3].txt - 16/02/2014 13:25:24 [907]
C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R4].txt - 16/02/2014 22:17:11 [4037]
Rapport de ZHPFix 2014.2.12.2 par Nicolas Coolman, Update du 12/02/2014
Fichier d'export Registre :
Run by Cyrille at 16/02/2014 22:16:40
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Corbeille vidée (00mn 30s)
========== Logiciels ==========
SUPPRIMÉ: Boxore Client
========== Clés du Registre ==========
SUPPRIMÉ: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}]
SUPPRIMÉ: HKLM\Software\Wow6432Node\Wpm
SUPPRIMÉ: HKLM\Software\Wow6432Node\supTab
SUPPRIMÉ: HKLM\Software\Wow6432Node\supWPM
SUPPRIMÉ: [HKLM\Software\Classes\Installer\Products\\8DFFC309FB5815A4A8D6B4BBAC43A6E6]
SUPPRIMÉ: [HKLM\Software\Classes\Installer\Features\8DFFC309FB5815A4A8D6B4BBAC43A6E6]
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bizzybolt
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160
SUPPRIMÉ:* HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422512282}
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC
========== Valeurs du Registre ==========
SUPPRIMÉ RunValue: fst_fr_78
SUPPRIMÉ RunValue: BrowserSafeguard
========== Eléments de donnée du Registre ==========
SUPPRIMÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
SUPPRIMÉ: R1 Search Page =
========== Dossiers ==========
SUPPRIMÉ: C:\Program Files (x86)\SupTab
SUPPRIMÉ: C:\ProgramData\WPM
SUPPRIMÉ: C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
SUPPRIMÉS Temporaires Windows (83)
========== Fichiers ==========
SUPPRIMÉ: c:\users\cyrille\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk (http://www.awesomehp.com)
CRÉÉ: C:\Users\Cyrille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
SUPPRIMÉ: c:\users\cyrille\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk (http://www.google.com)
CRÉÉ: C:\Users\Cyrille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
SUPPRIMÉ: c:\users\cyrille\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk (http://www.awesomehp.com)
CRÉÉ: C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
SUPPRIMÉ: c:\windows\prefetch\lollipop.exe-acd94d17.pf
SUPPRIMÉ: c:\windows\prefetch\upfst_fr_78.exe-8e04742e.pf
SUPPRIMÉ: c:\windows\prefetch\uninstall.browsersafeguard.ex-2c228af7.pf
SUPPRIMÉ: C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller1.log
SUPPRIMÉ: C:\Users\Cyrille\AppData\Local\Temp\GoogleToolbarInstaller2.log
SUPPRIMÉS Temporaires Windows (520) (259 097 997 octets)
========== Tache planifiée ==========
SUPPRIMÉ: {725D67D8-CCFA-4DB9-86C9-DEB07C659333}
========== Restauration Système ==========
Point de restauration du système créé avec succès
========== Récapitulatif ==========
13 : Clés du Registre
2 : Valeurs du Registre
2 : Eléments de donnée du Registre
4 : Dossiers
12 : Fichiers
1 : Logiciels
1 : Tache planifiée
1 : Restauration Système
End of clean in 33mn 21s
========== Chemin de fichier rapport ==========
C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/02/2014 13:24:36 [625]
C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R2].txt - 16/02/2014 13:25:09 [826]
C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R3].txt - 16/02/2014 13:25:24 [907]
C:\Users\Cyrille\AppData\Roaming\ZHP\ZHPFix[R4].txt - 16/02/2014 22:17:11 [4037]
ArnaudLy6
Messages postés
4412
Date d'inscription
samedi 22 mai 2010
Statut
Membre
Dernière intervention
13 février 2016
189
16 févr. 2014 à 22:27
16 févr. 2014 à 22:27
Comment va ton pc ?
ASBH95
Messages postés
61
Date d'inscription
dimanche 16 février 2014
Statut
Membre
Dernière intervention
8 mai 2017
16 févr. 2014 à 22:39
16 févr. 2014 à 22:39
très bien, je ne te remercierai jamais assez, tu m' as rendu un très grand service.
ArnaudLy6
Messages postés
4412
Date d'inscription
samedi 22 mai 2010
Statut
Membre
Dernière intervention
13 février 2016
189
16 févr. 2014 à 22:46
16 févr. 2014 à 22:46
Je t'en prie !
Je te propose de finaliser le nettoyage demain avec la supression des logiciels utilisés ;)
Je te propose de finaliser le nettoyage demain avec la supression des logiciels utilisés ;)
ASBH95
Messages postés
61
Date d'inscription
dimanche 16 février 2014
Statut
Membre
Dernière intervention
8 mai 2017
16 févr. 2014 à 22:49
16 févr. 2014 à 22:49
ok et bonne soirée à toi
ArnaudLy6
Messages postés
4412
Date d'inscription
samedi 22 mai 2010
Statut
Membre
Dernière intervention
13 février 2016
189
16 févr. 2014 à 22:52
16 févr. 2014 à 22:52
Merci, bonne soirée à toi aussi ;)
16 févr. 2014 à 18:23