Comment supprimer Feven Pro
Résolu/Fermé
Rayker
Messages postés
227
Date d'inscription
vendredi 14 février 2014
Statut
Membre
Dernière intervention
16 septembre 2017
-
Modifié par Rayker le 28/02/2014 à 17:08
Rayker Messages postés 227 Date d'inscription vendredi 14 février 2014 Statut Membre Dernière intervention 16 septembre 2017 - 3 mars 2014 à 16:55
Rayker Messages postés 227 Date d'inscription vendredi 14 février 2014 Statut Membre Dernière intervention 16 septembre 2017 - 3 mars 2014 à 16:55
A voir également:
- Comment supprimer Feven Pro
- Comment supprimer une page sur word - Guide
- Supprimer compte instagram - Guide
- Clé d'activation windows 10 pro - Guide
- Supprimer pub youtube - Accueil - Streaming
- Comment recuperer un message supprimé sur whatsapp - Guide
84 réponses
Rayker
Messages postés
227
Date d'inscription
vendredi 14 février 2014
Statut
Membre
Dernière intervention
16 septembre 2017
2
1 mars 2014 à 14:42
1 mars 2014 à 14:42
Euhh je supprime les fichiers trouvé ?
Je n'arrive pas a acceder a Cjoint.com
Je n'arrive pas a acceder a Cjoint.com
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
1 mars 2014 à 14:48
1 mars 2014 à 14:48
Oui pour cjoint c'est normal ils ont été hacké
Passe directement ici :)
Passe directement ici :)
Rayker
Messages postés
227
Date d'inscription
vendredi 14 février 2014
Statut
Membre
Dernière intervention
16 septembre 2017
2
1 mars 2014 à 14:51
1 mars 2014 à 14:51
Oui mais comment j'envoie par ici
PS:Déso je viens de m'inscrire
PS:Déso je viens de m'inscrire
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
1 mars 2014 à 14:52
1 mars 2014 à 14:52
Copier coller :^)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Rayker
Messages postés
227
Date d'inscription
vendredi 14 février 2014
Statut
Membre
Dernière intervention
16 septembre 2017
2
1 mars 2014 à 14:57
1 mars 2014 à 14:57
Ah... je penser a une pièce jointe ....
Voici le rapport du coup:
RogueKiller V8.8.10 [Feb 28 2014] par Adlice Software
mail : https://www.adlice.com/contact/
Remontees : https://forum.adlice.com/
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : https://www.adlice.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : BEN-HASSEN [Droits d'admin]
Mode : Recherche -- Date : 03/01/2014 14:38:29
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 7 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Tâches planifiées : 2 ¤¤¤
[V2][SUSP PATH] BoxSoftwareUpdate : "C:\ProgramData\BoxUpdChk\updchk.exe" [x] -> TROUVÉ
[V2][SUSP PATH] HPSA Upgrade : C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [7] -> TROUVÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS +++++
--- User ---
[MBR] fe53ccf42f0ca3c13a08a817937ba599
[BSP] f8422884458fb97a72cefbafd766848e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 939635 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1924579328 | Size: 14132 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] bce847dfc1f87f28f13491e7ceb245f2
[BSP] ec04aec60bfdc9fe21e71cbc577b06a0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo
Termine : << RKreport[0]_S_03012014_143829.txt >>
Voici le rapport du coup:
RogueKiller V8.8.10 [Feb 28 2014] par Adlice Software
mail : https://www.adlice.com/contact/
Remontees : https://forum.adlice.com/
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : https://www.adlice.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : BEN-HASSEN [Droits d'admin]
Mode : Recherche -- Date : 03/01/2014 14:38:29
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 7 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Tâches planifiées : 2 ¤¤¤
[V2][SUSP PATH] BoxSoftwareUpdate : "C:\ProgramData\BoxUpdChk\updchk.exe" [x] -> TROUVÉ
[V2][SUSP PATH] HPSA Upgrade : C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [7] -> TROUVÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS +++++
--- User ---
[MBR] fe53ccf42f0ca3c13a08a817937ba599
[BSP] f8422884458fb97a72cefbafd766848e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 939635 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1924579328 | Size: 14132 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] bce847dfc1f87f28f13491e7ceb245f2
[BSP] ec04aec60bfdc9fe21e71cbc577b06a0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo
Termine : << RKreport[0]_S_03012014_143829.txt >>
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
1 mars 2014 à 15:02
1 mars 2014 à 15:02
* Quitte tous tes programmes en cours
* Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, clique sur Scan
* Vérifie que tous les éléments sont cochés puis clique sur Suppression
* Poste le rapport RKreport.txt présent sur le bureau.
* Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, clique sur Scan
* Vérifie que tous les éléments sont cochés puis clique sur Suppression
* Poste le rapport RKreport.txt présent sur le bureau.
Rayker
Messages postés
227
Date d'inscription
vendredi 14 février 2014
Statut
Membre
Dernière intervention
16 septembre 2017
2
1 mars 2014 à 15:07
1 mars 2014 à 15:07
RogueKiller V8.8.10 [Feb 28 2014] par Adlice Software
mail : https://www.adlice.com/contact/
Remontees : https://forum.adlice.com/
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : https://www.adlice.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : BEN-HASSEN [Droits d'admin]
Mode : Recherche -- Date : 03/01/2014 15:05:31
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS +++++
--- User ---
[MBR] fe53ccf42f0ca3c13a08a817937ba599
[BSP] f8422884458fb97a72cefbafd766848e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 939635 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1924579328 | Size: 14132 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] bce847dfc1f87f28f13491e7ceb245f2
[BSP] ec04aec60bfdc9fe21e71cbc577b06a0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo
Termine : << RKreport[0]_S_03012014_150531.txt >>
RKreport[0]_D_03012014_145815.txt;RKreport[0]_S_03012014_143829.txt;RKreport[0]_S_03012014_150237.txt
mail : https://www.adlice.com/contact/
Remontees : https://forum.adlice.com/
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : https://www.adlice.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : BEN-HASSEN [Droits d'admin]
Mode : Recherche -- Date : 03/01/2014 15:05:31
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS +++++
--- User ---
[MBR] fe53ccf42f0ca3c13a08a817937ba599
[BSP] f8422884458fb97a72cefbafd766848e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 939635 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1924579328 | Size: 14132 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] bce847dfc1f87f28f13491e7ceb245f2
[BSP] ec04aec60bfdc9fe21e71cbc577b06a0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo
Termine : << RKreport[0]_S_03012014_150531.txt >>
RKreport[0]_D_03012014_145815.txt;RKreport[0]_S_03012014_143829.txt;RKreport[0]_S_03012014_150237.txt
Rayker
Messages postés
227
Date d'inscription
vendredi 14 février 2014
Statut
Membre
Dernière intervention
16 septembre 2017
2
1 mars 2014 à 15:07
1 mars 2014 à 15:07
j'ai tout quitté
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
1 mars 2014 à 15:10
1 mars 2014 à 15:10
Réessaie adwcleaner
Rayker
Messages postés
227
Date d'inscription
vendredi 14 février 2014
Statut
Membre
Dernière intervention
16 septembre 2017
2
1 mars 2014 à 15:14
1 mars 2014 à 15:14
Toujours le même message.... :( je suppose qu'il faut reformater le PC ?
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
1 mars 2014 à 15:16
1 mars 2014 à 15:16
Non on va faire autrement refais un zhpdiag(tu l'héberges sur pjoint)
Rayker
Messages postés
227
Date d'inscription
vendredi 14 février 2014
Statut
Membre
Dernière intervention
16 septembre 2017
2
1 mars 2014 à 15:21
1 mars 2014 à 15:21
c'est a dire l'héberger sur pjoint ?
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
1 mars 2014 à 15:22
1 mars 2014 à 15:22
cjoint étant hacké tu héberges sur pjoint
Rayker
Messages postés
227
Date d'inscription
vendredi 14 février 2014
Statut
Membre
Dernière intervention
16 septembre 2017
2
1 mars 2014 à 15:52
1 mars 2014 à 15:52
~ Rapport de ZHPDiag v2014.2.23.20 - Nicolas Coolman (23/02/2014)
~ Lancé par BEN-HASSEN (01/03/2014 15:48:54)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
MFIE: Mozilla Firefox 27.0.1 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Internet Security v9.0.2013
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v4.02 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
µTorrent v3.1.3 =>P2P.µTorrent
---\\ Surveillance de Logiciels
Adobe Flash Player 10 ActiveX 64-bit
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6126 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 478 GB (52%) free of 918 GB
---\\ Mode de connexion au système
~ Computer Name: BEN-HASSEN-HP
~ User Name: BEN-HASSEN
~ All Users Names: HomeGroupUser$, BEN-HASSEN, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\BEN-HASSEN\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\BEN-HASSEN\AppData\Roaming\
~ %Desktop% : C:\Users\BEN-HASSEN\Desktop\
~ %Favorites% : C:\Users\BEN-HASSEN\Favorites\
~ %LocalAppData% : C:\Users\BEN-HASSEN\AppData\Local\
~ %StartMenu% : C:\Users\BEN-HASSEN\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 478 Go of 918 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: CD-ROM drive (Not Inserted)
L: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 23:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/351
~ Mes musiques (My Musics) : 15/18
~ Mes Videos (My Videos) : 1/737
~ Mes Favoris (My Favorites) : 1/21
~ Mes Documents (My Documents) : 5/6642
~ Mon Bureau (My Desktop) : 3/6089
~ Menu demarrer (Programs) : 1/61
~ Hidden Files: Scanned in 00mn 02s
---\\ Processus lancés
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.4848]
[MD5.7DFCCC67990B6DE7F30F553A4E4612A4] - (...) -- C:\Program Files (x86)\RocketDock\RocketDock\RocketDock.exe [495616] [PID.4744]
[MD5.143A396C5A8A4288787AC4628D70C0AC] - (.Pas de propriétaire - MSIAfterburner.) -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [364544] [PID.5172]
[MD5.9D4A0ECBF734E2EECDD5B473A2D705FE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016] [PID.3228]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.6756]
[MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.4396]
[MD5.0642800E69522E29B93EF4C6BE00D13E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe [1863560] [PID.5296]
[MD5.091549EB1CDC5FE9CC68EE5D5AD14C6A] - (.Microsoft Corporation - LifeTray.exe.) -- C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe [95088] [PID.816]
[MD5.78366318920DE90DAC3B68A75176595A] - (.Microsoft Corporation - LifeEnC2.exe.) -- C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe [245248] [PID.2884]
[MD5.42FEDBCB3ED926F6F529E0FDDF750BE0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.3572]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1540]
[MD5.3B5DA02DEA6910A709F19180746FF0CE] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [113704] [PID.1924]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2756]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\BEN-HASSEN\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\BEN-HASSEN\AppData\Roaming\Mozilla\Firefox\Profiles\hf7xt0se.default-1393358102261\prefs.js
M3 - MFPP: Plugins - [BEN-HASSEN] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\fcmdSrch.xml =>Adware.Facemoods
M2 - MFEP: prefs.js [BEN-HASSEN - hf7xt0se.default-1393358102261\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com] [] Feven Pro 1.1 v (..) =>PUP.CrossRider
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (...) -- C:\Users\BEN-HASSEN\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (.not file.)
~ Firefox Browser: 33 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl =>PUP.SweetPage
~ IE Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL x64).) -- C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Gameforge Live.lnk . (...) -- C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Overwolf.lnk . (...) -- C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
O4 - GS\Desktop [Public]: Pipix.lnk . (...) -- C:\Program Files (x86)\Pipix\Pipix-3.exe
O4 - GS\Desktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\Program [Public]: Garantie.lnk . (...) -- C:\swsetup\HP Documentation\Warranty\Warranty.pdf
O4 - GS\Program [Public]: IDT HD Audio.lnk . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\idtcpl64.cpl
O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [BEN-HASSEN]: GameSpy Comrade.lnk . (.IGN Entertainment Inc. - Comrade.) -- C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
O4 - GS\QuickLaunch [BEN-HASSEN]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.google.com/?gws_rd=ssl =>PUP.SweetPage
O4 - GS\QuickLaunch [BEN-HASSEN]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [BEN-HASSEN]: hpDST.lnk . (.Hewlett-Packard Company - Setup Manager.) -- C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
O4 - GS\TaskBar [BEN-HASSEN]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [BEN-HASSEN]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [BEN-HASSEN]: Play IW4M (Modern Warfare 2).lnk . (...) -- C:\Users\BEN-HASSEN\AppData\Local\IW4M\LaunchIW4M.exe
O4 - GS\SystemTools [BEN-HASSEN]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [BEN-HASSEN]: Xfire Ami(e).lnk . (...) -- C:\Program Files (x86)\Xfire\Xfire.exe (.not file.)
O4 - GS\Desktop [BEN-HASSEN]: HotlineMiami - Raccourci.lnk . (...) -- C:\Users\BEN-HASSEN\Nouveau dossier\Hotline Miami - CONSPIRE + OST 320kbps\Hotline Miami - CONSPIRE\HotlineMiami.exe
O4 - GS\Desktop [BEN-HASSEN]: NosTale.lnk . (...) -- C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe
O4 - GS\Desktop [BEN-HASSEN]: VoidLauncher.lnk . (...) -- C:\VoidLauncher\Start.exe
~ Global Startup: 79 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [SmartMenu] . (.Pas de propriétaire - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [VX1000] . (.Microsoft Corporation - Microsoft LifeCam Device Application.) -- C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\BEN-HASSEN\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [Overwolf] . (.Overwolf LTD - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
O4 - HKCU\..\Run: [Speech Recognition] . (.Microsoft Corporation - Reconnaissance vocale.) -- C:\Windows\Speech\Common\sapisvr.exe
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline
O4 - HKCU\..\Run: [NVIDIA nTune] . (...) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
O4 - HKCU\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock\RocketDock.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe =>.EasyBits Software AS
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Wow6432Node\Run: [LifeCam] . (.Microsoft Corporation - LifeExp.exe.) -- C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2894785028-1612920849-2863218824-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\BEN-HASSEN\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-2894785028-1612920849-2863218824-1001\..\Run: [Overwolf] . (.Overwolf LTD - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
O4 - HKUS\S-1-5-21-2894785028-1612920849-2863218824-1001\..\Run: [Speech Recognition] . (.Microsoft Corporation - Reconnaissance vocale.) -- C:\Windows\Speech\Common\sapisvr.exe
O4 - HKUS\S-1-5-21-2894785028-1612920849-2863218824-1001\..\Run: [AdobeBridge] Clé orpheline
O4 - HKUS\S-1-5-21-2894785028-1612920849-2863218824-1001\..\Run: [NVIDIA nTune] . (...) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
O4 - HKUS\S-1-5-21-2894785028-1612920849-2863218824-1001\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock\RocketDock.exe
~ Application: Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com
O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com
O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC604267-1222-4911-9ED6-9870352945EB}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC604267-1222-4911-9ED6-9870352945EB}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC604267-1222-4911-9ED6-9870352945EB}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{01627200-9BC6-4351-A890-CF42E531F36F}] (...) -- C:\Users\BEN-HASSEN\AppData\Local\Temp\{83E258B2-0013-4414-B073-3E1847F59BD9}\adobeshockwavextrabundle.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{12309EF0-3EC2-4474-9AEF-8F07643498E3}] (...) -- C:\Users\BEN-HASSEN\Sony Online Entertainment\Installed Games\Uninstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{16AAD7FB-5A9A-4EAD-B96F-4B91E0BA3DD9}] (...) -- C:\Users\BEN-HASSEN\Downloads\mp240svst64100ea24.exe (.not file.) [0]
[MD5.A84E9B43CE0428942153D5D49CE78D52] [APT] [{2AADD10F-AF56-44A8-B059-5AE3726DEB22}] (...) -- C:\Users\BEN-HASSEN\AppData\Local\Sony Online Entertainment\ApplicationUpdater\Uninstaller.exe [602568]
[MD5.00000000000000000000000000000000] [APT] [{2E772EED-279D-4B1E-8FB6-79313D4537EA}] (...) -- C:\Users\BEN-HASSEN\Desktop\PactifyLauncher.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{30427BFA-C330-4778-9315-63EB3B4A832B}] (...) -- C:\Users\BEN-HASSEN\Downloads\Minecraft DayZ MOD BETA 1.4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{415E15BA-E5D9-4821-BB23-4440B21638F9}] (...) -- C:\Program Files (x86)\FTdownloader V4.0\Uninstall.exe (.not file.) [0] =>Adware.Downware
[MD5.13B5AC21FBB034F727841143CB904F15] [APT] [{42AD3D88-C73C-4E6E-8EE6-2EFA9D790901}] (...) -- C:\VoidLauncher\Start.exe [1813298]
[MD5.00000000000000000000000000000000] [APT] [{44ECE8E1-5DC8-458D-A10C-DBB45D449B6A}] (...) -- C:\Users\BEN-HASSEN\AppData\Local\Temp\ubi7AFA.tmp.exe (.not file.) [0]
[MD5.13B5AC21FBB034F727841143CB904F15] [APT] [{46548499-B6A9-4EE5-B609-52F5186CC8A2}] (...) -- C:\VoidLauncher\Start.exe [1813298]
[MD5.00000000000000000000000000000000] [APT] [{6FB2027C-ABEC-41DC-BC17-7FD098D8DEC0}] (...) -- C:\Users\BEN-HASSEN\Downloads\call_of_duty_4_modern_warfare_mise_a_jour_depuis_v1.6_multi-langues_247528.exe (.not file.) [0]
[MD5.13B5AC21FBB034F727841143CB904F15] [APT] [{849B734D-F084-4074-B53A-1023F43566FD}] (...) -- C:\VoidLauncher\Start.exe [1813298]
[MD5.00000000000000000000000000000000] [APT] [{8A9F595C-0D23-42DA-AC52-69FC73A46082}] (...) -- C:\Users\BEN-HASSEN\Downloads\MPSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C06FDDCA-4830-42E9-A0BF-C02BB527E972}] (...) -- J:\instmsiw.exe (.not file.) [0]
[MD5.13B5AC21FBB034F727841143CB904F15] [APT] [{C491C0D5-E837-4490-B83B-A0005FEA4E99}] (...) -- C:\VoidLauncher\Start.exe [1813298]
[MD5.00000000000000000000000000000000] [APT] [{CE8ED6B1-57CA-48B5-9C26-762212067BFC}] (...) -- L:\setup.exe (.not file.) [0]
[MD5.13B5AC21FBB034F727841143CB904F15] [APT] [{DB26F8DC-D53B-4EFF-856C-3BF14B4E8ECE}] (...) -- C:\VoidLauncher\Start.exe [1813298]
[MD5.00000000000000000000000000000000] [APT] [{DCC0E273-CDFE-4719-9832-33A87F364DE1}] (...) -- C:\Program Files (x86)\Steam\steam.exe (.not file.) [0]
~ Scheduled Task: 42 Legitimates Filtered in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: Akamai NetSession Interface - (...) [HKLM][64Bits] -- Akamai
O42 - Logiciel: CFX Sphere Utilities-64 for After Effects - (...) [HKLM][64Bits] -- CFX Sphere Utilities-64 for After Effects
O42 - Logiciel: FTdownloader V4.0 - (.installdaddy.) [HKLM][64Bits] -- FTdownloader V4.0 =>Adware.Downware
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM][64Bits] -- PokerStars.fr
~ Logic: 33 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Badguys]
[HKCU\Software\Cr_Installer] =>PUP.CrossRider
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\MX Simulator Demo]
[HKCU\Software\Pando Networks]
[HKCU\Software\WEDLMNGR] =>PUP.weDownloadManager
[HKCU\Software\WM Converter]
[HKCU\Software\Wif2]
[HKCU\Software\incredibar.com] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\Incredibar.com] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\NetmarbleSteam]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.Mocaflix
[HKLM\Software\Wow6432Node\Shortcut_Module]
~ Key Software: 600 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/08/2013 - 17:20:01 - [0] ----D C:\Program Files (x86)\ContinueToSave =>PUP.OfferWare
O43 - CFD: 16/08/2013 - 16:49:52 - [73,709] ----D C:\Program Files (x86)\PokerStars.FR
O43 - CFD: 30/08/2013 - 17:20:01 - [0] ----D C:\Program Files (x86)\WebSearch
O43 - CFD: 31/03/2012 - 20:37:33 - [0,235] ----D C:\Program Files (x86)\WMR11
O43 - CFD: 16/11/2013 - 10:30:16 - [0] ----D C:\ProgramData\APN
O43 - CFD: 16/02/2013 - 13:52:09 - [0] ----D C:\ProgramData\Ask
O43 - CFD: 26/02/2014 - 12:26:41 - [0] ----D C:\ProgramData\BoxUpdChk =>Adware.Boxore
O43 - CFD: 26/02/2014 - 12:26:41 - [0,018] ----D C:\ProgramData\conotiNuetosave =>PUP.OfferWare
O43 - CFD: 28/03/2012 - 19:21:23 - [0] ----D C:\ProgramData\Premium
O43 - CFD: 13/11/2012 - 08:41:50 - [34,961] ----D C:\ProgramData\~Browser Manager
O43 - CFD: 09/02/2014 - 18:08:08 - [277,841] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.aethericcrusade
O43 - CFD: 09/02/2014 - 18:08:06 - [0,093] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.beta-jurassiccraft
O43 - CFD: 09/02/2014 - 18:08:07 - [325,186] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.beta-pokepack
O43 - CFD: 23/05/2013 - 12:09:47 - [0] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.craft-your-kingdom
O43 - CFD: 09/02/2014 - 18:08:11 - [200,727] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.crazycraft
O43 - CFD: 09/02/2014 - 18:08:08 - [0,019] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.electriciansjourney
O43 - CFD: 09/02/2014 - 18:08:06 - [356,933] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.fellowship
O43 - CFD: 12/01/2013 - 12:50:49 - [60,501] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.hankacraft
O43 - CFD: 19/05/2013 - 18:47:18 - [0] ----D C:\Users\BEN-HASSEN\AppData\Roaming\RWBYTE
O43 - CFD: 16/02/2013 - 18:25:59 - [0,001] --H-D C:\Users\BEN-HASSEN\AppData\Local\azkY5ox04XObm6n
O43 - CFD: 16/02/2013 - 18:26:00 - [0] --HAD C:\Users\BEN-HASSEN\AppData\Local\KpxiyoHQjnOiBRA
O43 - CFD: 25/06/2011 - 19:26:56 - [0,840] ----D C:\Users\BEN-HASSEN\AppData\Local\MX Simulator Demo
O43 - CFD: 21/08/2013 - 15:18:32 - [0,940] ----D C:\Users\BEN-HASSEN\AppData\Local\PokerStars.FR
O43 - CFD: 13/07/2013 - 17:44:55 - [0,001] ----D C:\Users\BEN-HASSEN\AppData\Local\PutLockerDownloader =>Spyware.PutLocker
O43 - CFD: 16/02/2013 - 18:26:00 - [0] --HAD C:\Users\BEN-HASSEN\AppData\Local\WzcYtAttQwVXi
O43 - CFD: 16/08/2013 - 15:28:19 - [0,003] ----D C:\Users\BEN-HASSEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.FR
~ 242 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 629 Legitimates Filtered in 00mn 05s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.B84D24E02B84762A1BDD4019F600CB7A] - 01/03/2014 - 11:32:58 ---A- . (...) -- C:\Shortcut_Module.txt [57185]
O44 - LFC:[MD5.694AA9EB9313C17BCB51728A7C10C28F] - 01/03/2014 - 14:01:53 ---A- . (...) -- C:\Windows\IE11_main.log [33977]
O44 - LFC:[MD5.6ADD912DEB640795FC70A3B506A0D639] - 21/02/2014 - 18:26:06 ---A- . (...) -- C:\img2-001.raw [921624]
O44 - LFC:[MD5.119E6FAE1E76910627924BE9C5445ED8] - 26/02/2014 - 09:11:58 ---A- . (...) -- C:\Windows\ntbtlog.txt [240484]
~ Files: 19 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.F0AC8D132C39CBFACCB0AD05A32AC046] - 01/03/2014 - 10:41:22 ---A- - C:\Windows\Prefetch\OVERWOLF.EXE-6DBA8B01.pf
O45 - LFCP:[MD5.57420B12B70FCDA476DFE655777DD09E] - 01/03/2014 - 10:42:12 ---A- - C:\Windows\Prefetch\OVERWOLFHELPER64.EXE-51E79EC3.pf
O45 - LFCP:[MD5.7C90EA79A7B16620568B8D1D3193B44F] - 01/03/2014 - 15:14:56 ---A- - C:\Windows\Prefetch\INSTUP.EXE-7E543EAF.pf
O45 - LFCP:[MD5.6E364F6492F33CFCA5E844A28177969B] - 01/03/2014 - 15:43:13 ---A- - C:\Windows\Prefetch\LIFETRAY.EXE-150E350C.pf
O45 - LFCP:[MD5.FE10139250958A84443508D5918C9194] - 01/03/2014 - 15:43:15 ---A- - C:\Windows\Prefetch\LIFEENC2.EXE-563D1C0C.pf
O45 - LFCP:[MD5.4A96E9F5932D277802F3FB787700EA34] - 12/02/2014 - 21:28:19 ---A- - C:\Windows\Prefetch\NVNETWORKSERVICE.EXE-00F8A2B7.pf
O45 - LFCP:[MD5.3448FF785D8ABD753ADD462F2B8F4F2F] - 28/02/2014 - 16:17:27 ---A- - C:\Windows\Prefetch\DAO.17931561.EXE-E4514DB9.pf
O45 - LFCP:[MD5.A38B2A712D0B58AF47ECB3133E22C861] - 28/02/2014 - 19:22:54 ---A- - C:\Windows\Prefetch\NVTMRU.EXE-231A7003.pf
O45 - LFCP:[MD5.A39A5D2AD64166485E46FCD9643D92CB] - 28/02/2014 - 23:26:55 ---A- - C:\Windows\Prefetch\NVBACKEND.EXE-00368064.pf
~ Prefetcher: 139 Legitimates Filtered in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{41f30083-d71d-11e2-acda-e069958c8553}\AutoRun\command. (...) -- F:\Launch.exe (.not file.)
O51 - MPSK:{5f08d70c-7be4-11e1-92c6-e069958c8553}\AutoRun\command. (...) -- J:\Launch.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\EA Core [Key] . (...) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (.not file.)
~ SMSR Keys: 18 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 15/01/2014 - 18:25:55 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 15/01/2014 - 18:25:57 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.FC0E8778C000291CAF60EB88C011E931] - 23/12/2012 - 21:51:44 ---A- . (...) -- C:\Windows\System32\Drivers\atksgt.sys [314016]
O58 - SDL:[MD5.A398ED024F739E7BE74ECFFA8A713A89] - 01/03/2010 - 23:59:50 ---A- . (...) -- C:\Windows\System32\Drivers\cpqdfw.sys [24376]
O58 - SDL:[MD5.10FB0FF62AF6262BF88E3607E2AE2A69] - 01/03/2010 - 23:59:50 ---A- . (...) -- C:\Windows\System32\Drivers\cqcpu.sys [24376]
O58 - SDL:[MD5.DEF365F0F6E017888C4B869D3BA4B8E0] - 30/07/2010 - 06:51:52 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x64).) -- C:\Windows\System32\Drivers\dgderdrv.sys [20552]
O58 - SDL:[MD5.46571ED73AE84469DCA53081D33CF3C8] - 01/04/2012 - 11:24:54 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.156AB2E56DC3CA0B582E3362E07CDED7] - 23/12/2012 - 21:51:44 ---A- . (...) -- C:\Windows\System32\Drivers\lirsgt.sys [43680]
O58 - SDL:[MD5.734C5DD3E851BBA6B024BEFCAD02844A] - 18/09/2013 - 02:47:32 ---A- . (.Windows (R) Win 7 DDK provider - Maelstrom VAD Audio driver.) -- C:\Windows\System32\Drivers\RzMaelstromVAD.sys [40696]
O58 - SDL:[MD5.DFC4E2081324E505CA479E473A78D893] - 01/04/2012 - 11:20:01 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564792]
O58 - SDL:[MD5.955FFE2B1D74A9E0E3E0E558E6A17F3B] - 28/10/2013 - 01:12:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [107288]
O58 - SDL:[MD5.C692C94FE55CAD0633440236022C27B3] - 19/09/2012 - 10:02:06 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203104]
O58 - SDL:[MD5.58C89A89D4AF0288DCF432EC0B358438] - 19/09/2012 - 10:02:08 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [203104]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.DCC8845692DEA3477BCF6CE9D06C711F] - 09/06/2011 - 18:35:04 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [528384]
O58 - SDL:[MD5.CE4B6956E4E12492715A53076E58761F] - 24/06/2010 - 14:00:14 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16392]
O58 - SDL:[MD5.CE4B6956E4E12492715A53076E58761F] - 24/06/2010 - 14:00:14 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16392]
~ Drivers: 21 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 01/03/2014 - 15:49:25 ---A- . (...) -- C:\Users\BEN-HASSEN\AppData\Roaming\ZHP\Log.txt [219018] =>.Nicolas Coolman
O61 - LFC: 01/03/2014 - 15:49:25 ---A- . (...) -- C:\Users\BEN-HASSEN\AppData\Roaming\ZHP\TestsZHPDiag.txt [2982] =>.Nicolas Coolman
O61 - LFC: 01/03/2014 - 15:49:25 ---A- . (...) -- C:\Users\BEN-HASSEN\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 01/03/2014 - 15:49:27 ---A- . (...) -- C:\Users\BEN-HASSEN\Downloads\RogueKiller.exe [3819008]
O61 - LFC: 01/03/2014 - 15:49:27 ---A- . (...) -- C:\Users\BEN-HASSEN\Downloads\adwcleaner.exe [1244192]
O61 - LFC: 28/02/2014 - 15:49:25 ---A- . (...) -- C:\Users\BEN-HASSEN\AppData\Roaming\ZHP\ZHPDiag.txt [84422] =>.Nicolas Coolman
~ 14 Fichiers temporaires (Temporary files)
~ Files: 358 Legitimates Filtered in 00mn 09s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 27/05/2010 - C:\Program Files (x86)\MSI Afterburner\RTCore64.sys (RTCore64) .(...) - LEGACY_RTCORE64
~ Legacy: 118 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Beamrise.XZO2W3ZJ7C4GRBWPB2J4EW7IBU> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\BEN-HASSEN\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [BEN-HASSEN - hf7xt0se.default-1393358102261] user_pref("extensions.crossrider.bic", "1446d3ce8945fd3dd0bcd26902829a4c"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com =>PUP.Babylon
O69 - SBI: SearchScopes [HKCU] {2fa28606-de77-4029-af96-b231e3b8f827} - (Ask.com) - https://uk.ask.com
O69 - SBI: SearchScopes [HKCU] {b7fca997-d0fb-4fe0-8afd-255e89cf9671} - (Yahoo) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - https://mystart.incredibar.com/ =>Adware.IncrediBar
O69 - SBI: SearchScopes [HKCU] {d944bb61-2e34-4dbf-a683-47e505c587dc} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
O69 - SBI: SearchScopes [HKCU] {EEE6C360-6118-11DC-9C72-001320C79847} - (SweetIM Search) - https://search.sweetim.com/ =>PUP.SweetIM
~ Keys: Scanned in 00mn 00s
---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\BEN-HASSEN\AppData\Roaming\uTorrent\Minecraft_Cracked_1.7.3.rar.torrent =>P2P.µTorrent
C:\Users\BEN-HASSEN\AppData\Roaming\uTorrent\The Elder Scrolls V Skyrim Dawnguard - FULL CRACKED - DLC - UPDATED.rar.torrent =>P2P.µTorrent
C:\Users\BEN-HASSEN\Nouveau dossier\Pack_Cracker_toute_PSP_pour_les_Nuls.rar
C:\Users\BEN-HASSEN\AppData\Roaming\uTorrent\Minecraft_Cracked_1.7.3.rar.torrent =>P2P.µTorrent
C:\Users\BEN-HASSEN\AppData\Roaming\uTorrent\The Elder Scrolls V Skyrim Dawnguard - FULL CRACKED - DLC - UPDATED.rar.torrent =>P2P.µTorrent
C:\Users\BEN-HASSEN\Nouveau dossier\Pack_Cracker_toute_PSP_pour_les_Nuls.rar
~ Files: Scanned in 00mn 20s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.494FCD1061795018107893DF77385E1A] [SPRF][16/12/2013] (...) -- C:\Users\BEN-HASSEN\Desktop\AscentiaLauncher-3.0.exe [833424]
[MD5.3C166BAE84553D4CB27AF8ABDC61712D] [SPRF][09/02/2014] (...) -- C:\Users\BEN-HASSEN\Desktop\Minecraft.exe [675988]
[MD5.09B08F44AAB25528E04FBC36F5D5577F] [SPRF][10/08/2012] (...) -- C:\Users\BEN-HASSEN\Desktop\Survivers_Beta_3.exe [9152000]
[MD5.58FC2ACC1BD6D856D261CFDFE97A78BD] [SPRF][04/03/2013] (.RichDigits - VoidLauncher Setup.) -- C:\Users\BEN-HASSEN\Desktop\VoidLauncherInstaller.exe [1493570]
~ Files: 7 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{CF28F2F8-6135-41D5-AF02-EEE41F63E654}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\eFusion\BlackShot\system\blackshot.exe (.not file.)
O87 - FAEL: "{2F360FB6-7B65-48BB-9554-08B7EAF94D64}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\eFusion\BlackShot\system\blackshot.exe (.not file.)
O87 - FAEL: "{D91D4C6A-4010-4D71-94A3-64F587F00942}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\eFusion\BlackShot\system\blackshot.exe (.not file.)
O87 - FAEL: "{3FA1F4DC-405C-4F85-B8AA-31831367ED5F}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\eFusion\BlackShot\system\blackshot.exe (.not file.)
O87 - FAEL: "TCP Query User{C71D36C5-EF8C-43CD-8BA0-DEE785BB597C}C:\windows\kmsemulator.exe" |In - Public - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
O87 - FAEL: "UDP Query User{C21F22B5-3E61-4FED-A858-C9AA9AFB156B}C:\windows\kmsemulator.exe" |In - Public - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
O87 - FAEL: "TCP Query User{09B76EE8-CA2B-4596-8E85-2ACA42619786}C:\program files (x86)\turbine\le seigneur des anneaux online\lotroclient.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\turbine\le seigneur des anneaux online\lotroclient.exe (.not file.)
O87 - FAEL: "UDP Query User{8F0B2E9A-406D-4B8B-ACD0-B2B93A1462ED}C:\program files (x86)\turbine\le seigneur des anneaux online\lotroclient.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\turbine\le seigneur des anneaux online\lotroclient.exe (.not file.)
O87 - FAEL: "TCP Query User{A4D049D7-D378-49DD-991D-258CF424CB0F}C:\program files (x86)\reactor\reactor.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\reactor\reactor.exe (.not file.)
O87 - FAEL: "UDP Query User{43B198CA-9C5F-4FC1-A4DF-EA8790AB38BF}C:\program files (x86)\reactor\reactor.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\reactor\reactor.exe (.not file.)
O87 - FAEL: "{820E6CEE-BE10-41D2-9AD1-BC359D81DEFF}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\REACTOR\ijjiOptimizer.exe (.not file.)
O87 - FAEL: "{E14BE98C-9ED2-4E69-BEFC-A237A5F2F5F4}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\REACTOR\ijjiOptimizer.exe (.not file.)
O87 - FAEL: "TCP Query User{33B84863-CFB9-4861-A103-A4FDD76170E2}C:\ijji\english\ava\binaries\ava.exe" |In - Public - P6 - TRUE | .(...) -- C:\ijji\english\ava\binaries\ava.exe (.not file.)
O87 - FAEL: "UDP Query User{35EE12B8-4F69-4D0B-9AAC-CF03629DB5F8}C:\ijji\english\ava\binaries\ava.exe" |In - Public - P17 - TRUE | .(...) -- C:\ijji\english\ava\binaries\ava.exe (.not file.)
O87 - FAEL: "{C41F6AE6-75DC-4156-9614-597F80D37BB5}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\REACTOR\ijjiOptimizer.exe (.not file.)
O87 - FAEL: "{EF0A8277-3F37-4363-AC0A-4CBC13F343BC}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\REACTOR\ijjiOptimizer.exe (.not file.)
O87 - FAEL: "{934427D6-3774-44D6-8E6A-5080BE0B7412}" |In - Private - P6 - TRUE | .(...) -- C:\SG Interactive\Project Blackout\PBlackout.exe (.not file.)
O87 - FAEL: "{3EA96060-7747-4AE4-96B1-EF3C18B1C8AF}" |In - Private - P17 - TRUE | .(...) -- C:\SG Interactive\Project Blackout\PBlackout.exe (.not file.)
O87 - FAEL: "TCP Query User{27872B89-0175-4D48-B8B1-0771AEDCA22A}C:\users\ben-hassen\appdata\local\temp\gw2.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\temp\gw2.exe (.not file.)
O87 - FAEL: "UDP Query User{F447DDCD-14EC-4295-A339-6CDD70D3C256}C:\users\ben-hassen\appdata\local\temp\gw2.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\temp\gw2.exe (.not file.)
O87 - FAEL: "TCP Query User{DB5B0332-91BD-4036-BE74-4177DA55D0D4}C:\program files (x86)\the creative assembly\total war shogun 2\shogun2.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\the creative assembly\total war shogun 2\shogun2.exe (.not file.)
O87 - FAEL: "UDP Query User{32461732-0E91-4D8B-8C84-2FD6A1026628}C:\program files (x86)\the creative assembly\total war shogun 2\shogun2.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\the creative assembly\total war shogun 2\shogun2.exe (.not file.)
O87 - FAEL: "{D883EE5A-25F6-4105-95A6-74F6A5B96AAC}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Origin Games\Mass Effect 2\MassEffect2Launcher.exe (.not file.)
O87 - FAEL: "{2EFF92DA-B4ED-49EF-8B39-C8854BD9FB19}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Origin Games\Mass Effect 2\MassEffect2Launcher.exe (.not file.)
O87 - FAEL: "TCP Query User{4AC38A8A-A086-450D-B3F9-1B01B8AD9CA8}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe (.not file.)
O87 - FAEL: "UDP Query User{96466E71-D801-4E9C-9E6A-AFBD6C6F64E0}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe (.not file.)
O87 - FAEL: "TCP Query User{102962F6-41EC-4862-9D7F-4487AAD892BB}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_366d3edf94a00510\launcher.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_366d3edf94a00510\launcher.exe (.not file.)
O87 - FAEL: "UDP Query User{B838631B-F98D-42B5-8830-6E0731791AD6}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_366d3edf94a00510\launcher.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_366d3edf94a00510\launcher.exe (.not file.)
O87 - FAEL: "TCP Query User{D2445ED3-9D03-4409-AEBB-D84F2B172D37}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_77533cf46d050dd0\launcher.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_77533cf46d050dd0\launcher.exe (.not file.)
O87 - FAEL: "UDP Query User{41581EC6-4B21-4388-BAB1-67687707B237}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_77533cf46d050dd0\launcher.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_77533cf46d050dd0\launcher.exe (.not file.)
O87 - FAEL: "{01AD98D6-4387-4867-86B6-CBD8734A1EF8}" |In - Public - P17 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_77533cf46d050dd0\launcher.exe (.not file.)
O87 - FAEL: "{E024A3A0-3446-465C-956E-8DFC99DA147F}" |In - Public - P6 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_77533cf46d050dd0\launcher.exe (.not file.)
O87 - FAEL: "TCP Query User{B7512E05-E65D-4CB2-BAF6-9E571587CF00}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe (.not file.)
O87 - FAEL: "UDP Query User{25E472A7-B610-4A17-B615-F5D0FF524BC4}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe (.not file.)
O87 - FAEL: "{634A721A-C9C0-4966-B885-1D5DE0EE2679}" |In - Public - P17 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe (.not file.)
O87 - FAEL: "{D2D4E2E9-7DA6-4F43-BABE-E2C675606FB6}" |In - Public - P6 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe (.not file.)
O87 - FAEL: "TCP Query User{7FB4E5A0-A578-4193-95F6-6ED3F17C6F6B}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe (.not file.)
O87 - FAEL: "UDP Query User{022A5D52-FDE4-4F4D-B1EE-3D84387EBBED}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe (.not file.)
O87 - FAEL: "TCP Query User{37023B49-46B3-45D9-AAFD-6EEFF86EEA8F}C:\users\ben-hassen\desktop\mw2\iw4m.dat" | In - Public - P6 - TRUE | .(...) -- C:\users\ben-hassen\desktop\mw2\iw4m.dat
O87 - FAEL: "UDP Query User{EC0A36DF-F61C-4B1E-B5C2-5CAA46A7F889}C:\users\ben-hassen\desktop\mw2\iw4m.dat" | In - Public - P17 - TRUE | .(...) -- C:\users\ben-hassen\desktop\mw2\iw4m.dat
O87 - FAEL: "{4FF9BAB2-0668-4577-B732-D0E79E0F6E29}" |In - Public - P17 - TRUE | .(...) -- C:\Users\BEN-HASSEN\AppData\Local\Warframe\Downloaded\Public\Warframe.exe (.not file.)
O87 - FAEL: "{F4F43547-D1AA-4955-B11A-A94ACD9CA4C7}" |In - Public - P17 - TRUE | .(...) -- C:\Users\BEN-HASSEN\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe (.not file.)
O87 - FAEL: "{C8E1CB30-1AF0-46E6-A860-27D6DD61CE40}" |Out - Public - P17 - TRUE | .(...) -- C:\Users\BEN-HASSEN\AppData\Local\Warframe\Downloaded\Public\Warframe.exe (.not file.)
O87 - FAEL: "{D1C5A3CC-D37D-4EF3-B523-395EAAD2BFFD}" |Out - Public - P17 - TRUE | .(...) -- C:\Users\BEN-HASSEN\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe (.not file.)
O87 - FAEL: "{9D4523D9-2771-4DAF-BBC8-4E2316838909}" |Out - Public - P6 - TRUE | .(...) -- C:\Users\BEN-HASSEN\AppData\Local\Warframe\Downloaded\Public\Warframe.exe (.not file.)
O87 - FAEL: "{703FECA4-8700-44E1-B5A3-CAB6165AB117}" |Out - Public - P6 - TRUE | .(...) -- C:\Users\BEN-HASSEN\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe (.not file.)
O87 - FAEL: "{EDAA60F9-7670-4A71-827D-D063B81F3146}" |Out - Public - P6 - TRUE | .(...) -- C:\Users\BEN-HASSEN\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe (.not file.)
~ Firewall: 566 Legitimates Filtered in 00mn 01s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.D2C56F914D1559718C6E5F5D409F2394] [WIS][01/09/2006] (.Apple Computer, Inc. - QuickTime Installer.) -- C:\Windows\Installer\131330.msi [24508416]
[MD5.8A06528153DAB4A25CBBEF58B95FF76D] [WIS][09/08/2013] (.Husdawg, LLC - System Requirements Lab CYRI.) -- C:\Windows\Installer\2082837.msi [274432]
[MD5.1E1E0D988157DDB6C0630BE5BC202E28] [WIS][27/02/2014] (.LogMeIn, Inc. - LogMeIn Hamachi Installer.) -- C:\Windows\Installer\2fc13.msi [8216576]
[MD5.601EE1F9B1049A604FD6212947ECBAC6] [WIS][06/09/2007] (.Google - Installs the Google Toolbar for Firefox.) -- C:\Windows\Installer\5c7be9.msi [981504] =>Toolbar.Google
~ WIS: 151 Legitimates Filtered in 00mn 29s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 21/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe
SS - | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
SS - | Auto 07/07/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07/07/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 26/02/2014 2224976 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SS - | Auto 30/08/2012 8704 | (HiPatchService) . (.Hi-Rez Studios.) - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
SS - | Auto 06/08/2010 291896 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SS - | Demand 10/07/1658 0 | (hpqwmiex) . (...) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 22/11/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Auto 26/02/2014 377616 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SS - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Demand 13/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SS - | Auto 04/09/2007 180224 | (nTuneService) . (.NVIDIA.) - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
SS - | Auto 10/12/2013 1494304 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SS - | Auto 10/12/2013 15129376 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SS - | Auto 11/11/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Demand 16/02/2014 98560 | (OverwolfUpdaterService) . (.Overwolf LTD.) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
SS - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 24/06/2011 302592 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SS - | Demand 09/10/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Auto 11/11/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | c:\program files (x86)\common files\akamai\netsession_win_8fa3539.dll (Akamai) . (.Akamai Technologies, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 14/02/2014 113704 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 31s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by BEN-HASSEN at 01/03/2014 15:50:24
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by BEN-HASSEN at 01/03/2014 15:50:26
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:[MD5.DFC4E2081324E505CA479E473A78D893] - 01/04/2012 - 11:20:01 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564792]
~ Emulateurs: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (23/02/2014)
Clés trouvées (Keys found) : 87
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 8
Fichiers trouvés (Files found) : 3
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FTdownloader V4.0] =>Adware.Downware^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}] =>Adware.IncrediBar
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>PUP.Babylon
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}] =>Adware.IncrediBar
[HKLM\Software\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}] =>Adware.IncrediBar
[HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Microsoft\Int
~ Lancé par BEN-HASSEN (01/03/2014 15:48:54)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
MFIE: Mozilla Firefox 27.0.1 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Internet Security v9.0.2013
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v4.02 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
µTorrent v3.1.3 =>P2P.µTorrent
---\\ Surveillance de Logiciels
Adobe Flash Player 10 ActiveX 64-bit
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6126 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 478 GB (52%) free of 918 GB
---\\ Mode de connexion au système
~ Computer Name: BEN-HASSEN-HP
~ User Name: BEN-HASSEN
~ All Users Names: HomeGroupUser$, BEN-HASSEN, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\BEN-HASSEN\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\BEN-HASSEN\AppData\Roaming\
~ %Desktop% : C:\Users\BEN-HASSEN\Desktop\
~ %Favorites% : C:\Users\BEN-HASSEN\Favorites\
~ %LocalAppData% : C:\Users\BEN-HASSEN\AppData\Local\
~ %StartMenu% : C:\Users\BEN-HASSEN\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 478 Go of 918 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: CD-ROM drive (Not Inserted)
L: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 23:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/351
~ Mes musiques (My Musics) : 15/18
~ Mes Videos (My Videos) : 1/737
~ Mes Favoris (My Favorites) : 1/21
~ Mes Documents (My Documents) : 5/6642
~ Mon Bureau (My Desktop) : 3/6089
~ Menu demarrer (Programs) : 1/61
~ Hidden Files: Scanned in 00mn 02s
---\\ Processus lancés
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.4848]
[MD5.7DFCCC67990B6DE7F30F553A4E4612A4] - (...) -- C:\Program Files (x86)\RocketDock\RocketDock\RocketDock.exe [495616] [PID.4744]
[MD5.143A396C5A8A4288787AC4628D70C0AC] - (.Pas de propriétaire - MSIAfterburner.) -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [364544] [PID.5172]
[MD5.9D4A0ECBF734E2EECDD5B473A2D705FE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016] [PID.3228]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.6756]
[MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.4396]
[MD5.0642800E69522E29B93EF4C6BE00D13E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe [1863560] [PID.5296]
[MD5.091549EB1CDC5FE9CC68EE5D5AD14C6A] - (.Microsoft Corporation - LifeTray.exe.) -- C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe [95088] [PID.816]
[MD5.78366318920DE90DAC3B68A75176595A] - (.Microsoft Corporation - LifeEnC2.exe.) -- C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe [245248] [PID.2884]
[MD5.42FEDBCB3ED926F6F529E0FDDF750BE0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.3572]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1540]
[MD5.3B5DA02DEA6910A709F19180746FF0CE] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [113704] [PID.1924]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2756]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\BEN-HASSEN\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\BEN-HASSEN\AppData\Roaming\Mozilla\Firefox\Profiles\hf7xt0se.default-1393358102261\prefs.js
M3 - MFPP: Plugins - [BEN-HASSEN] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\fcmdSrch.xml =>Adware.Facemoods
M2 - MFEP: prefs.js [BEN-HASSEN - hf7xt0se.default-1393358102261\d43e4d33-1c9f-4167-9600-b4929087f116@3cc778fb-659e-4988-abd4-592fc6b8806a.com] [] Feven Pro 1.1 v (..) =>PUP.CrossRider
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (...) -- C:\Users\BEN-HASSEN\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (.not file.)
~ Firefox Browser: 33 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl =>PUP.SweetPage
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl =>PUP.SweetPage
~ IE Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL x64).) -- C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Gameforge Live.lnk . (...) -- C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Overwolf.lnk . (...) -- C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
O4 - GS\Desktop [Public]: Pipix.lnk . (...) -- C:\Program Files (x86)\Pipix\Pipix-3.exe
O4 - GS\Desktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\Program [Public]: Garantie.lnk . (...) -- C:\swsetup\HP Documentation\Warranty\Warranty.pdf
O4 - GS\Program [Public]: IDT HD Audio.lnk . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\idtcpl64.cpl
O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [BEN-HASSEN]: GameSpy Comrade.lnk . (.IGN Entertainment Inc. - Comrade.) -- C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
O4 - GS\QuickLaunch [BEN-HASSEN]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe https://www.google.com/?gws_rd=ssl =>PUP.SweetPage
O4 - GS\QuickLaunch [BEN-HASSEN]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [BEN-HASSEN]: hpDST.lnk . (.Hewlett-Packard Company - Setup Manager.) -- C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
O4 - GS\TaskBar [BEN-HASSEN]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [BEN-HASSEN]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [BEN-HASSEN]: Play IW4M (Modern Warfare 2).lnk . (...) -- C:\Users\BEN-HASSEN\AppData\Local\IW4M\LaunchIW4M.exe
O4 - GS\SystemTools [BEN-HASSEN]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [BEN-HASSEN]: Xfire Ami(e).lnk . (...) -- C:\Program Files (x86)\Xfire\Xfire.exe (.not file.)
O4 - GS\Desktop [BEN-HASSEN]: HotlineMiami - Raccourci.lnk . (...) -- C:\Users\BEN-HASSEN\Nouveau dossier\Hotline Miami - CONSPIRE + OST 320kbps\Hotline Miami - CONSPIRE\HotlineMiami.exe
O4 - GS\Desktop [BEN-HASSEN]: NosTale.lnk . (...) -- C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe
O4 - GS\Desktop [BEN-HASSEN]: VoidLauncher.lnk . (...) -- C:\VoidLauncher\Start.exe
~ Global Startup: 79 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [SmartMenu] . (.Pas de propriétaire - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [VX1000] . (.Microsoft Corporation - Microsoft LifeCam Device Application.) -- C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\BEN-HASSEN\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [Overwolf] . (.Overwolf LTD - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
O4 - HKCU\..\Run: [Speech Recognition] . (.Microsoft Corporation - Reconnaissance vocale.) -- C:\Windows\Speech\Common\sapisvr.exe
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline
O4 - HKCU\..\Run: [NVIDIA nTune] . (...) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
O4 - HKCU\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock\RocketDock.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe =>.EasyBits Software AS
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Wow6432Node\Run: [LifeCam] . (.Microsoft Corporation - LifeExp.exe.) -- C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2894785028-1612920849-2863218824-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\BEN-HASSEN\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-2894785028-1612920849-2863218824-1001\..\Run: [Overwolf] . (.Overwolf LTD - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
O4 - HKUS\S-1-5-21-2894785028-1612920849-2863218824-1001\..\Run: [Speech Recognition] . (.Microsoft Corporation - Reconnaissance vocale.) -- C:\Windows\Speech\Common\sapisvr.exe
O4 - HKUS\S-1-5-21-2894785028-1612920849-2863218824-1001\..\Run: [AdobeBridge] Clé orpheline
O4 - HKUS\S-1-5-21-2894785028-1612920849-2863218824-1001\..\Run: [NVIDIA nTune] . (...) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
O4 - HKUS\S-1-5-21-2894785028-1612920849-2863218824-1001\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock\RocketDock.exe
~ Application: Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com
O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com
O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC604267-1222-4911-9ED6-9870352945EB}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{FC604267-1222-4911-9ED6-9870352945EB}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{FC604267-1222-4911-9ED6-9870352945EB}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{01627200-9BC6-4351-A890-CF42E531F36F}] (...) -- C:\Users\BEN-HASSEN\AppData\Local\Temp\{83E258B2-0013-4414-B073-3E1847F59BD9}\adobeshockwavextrabundle.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{12309EF0-3EC2-4474-9AEF-8F07643498E3}] (...) -- C:\Users\BEN-HASSEN\Sony Online Entertainment\Installed Games\Uninstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{16AAD7FB-5A9A-4EAD-B96F-4B91E0BA3DD9}] (...) -- C:\Users\BEN-HASSEN\Downloads\mp240svst64100ea24.exe (.not file.) [0]
[MD5.A84E9B43CE0428942153D5D49CE78D52] [APT] [{2AADD10F-AF56-44A8-B059-5AE3726DEB22}] (...) -- C:\Users\BEN-HASSEN\AppData\Local\Sony Online Entertainment\ApplicationUpdater\Uninstaller.exe [602568]
[MD5.00000000000000000000000000000000] [APT] [{2E772EED-279D-4B1E-8FB6-79313D4537EA}] (...) -- C:\Users\BEN-HASSEN\Desktop\PactifyLauncher.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{30427BFA-C330-4778-9315-63EB3B4A832B}] (...) -- C:\Users\BEN-HASSEN\Downloads\Minecraft DayZ MOD BETA 1.4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{415E15BA-E5D9-4821-BB23-4440B21638F9}] (...) -- C:\Program Files (x86)\FTdownloader V4.0\Uninstall.exe (.not file.) [0] =>Adware.Downware
[MD5.13B5AC21FBB034F727841143CB904F15] [APT] [{42AD3D88-C73C-4E6E-8EE6-2EFA9D790901}] (...) -- C:\VoidLauncher\Start.exe [1813298]
[MD5.00000000000000000000000000000000] [APT] [{44ECE8E1-5DC8-458D-A10C-DBB45D449B6A}] (...) -- C:\Users\BEN-HASSEN\AppData\Local\Temp\ubi7AFA.tmp.exe (.not file.) [0]
[MD5.13B5AC21FBB034F727841143CB904F15] [APT] [{46548499-B6A9-4EE5-B609-52F5186CC8A2}] (...) -- C:\VoidLauncher\Start.exe [1813298]
[MD5.00000000000000000000000000000000] [APT] [{6FB2027C-ABEC-41DC-BC17-7FD098D8DEC0}] (...) -- C:\Users\BEN-HASSEN\Downloads\call_of_duty_4_modern_warfare_mise_a_jour_depuis_v1.6_multi-langues_247528.exe (.not file.) [0]
[MD5.13B5AC21FBB034F727841143CB904F15] [APT] [{849B734D-F084-4074-B53A-1023F43566FD}] (...) -- C:\VoidLauncher\Start.exe [1813298]
[MD5.00000000000000000000000000000000] [APT] [{8A9F595C-0D23-42DA-AC52-69FC73A46082}] (...) -- C:\Users\BEN-HASSEN\Downloads\MPSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C06FDDCA-4830-42E9-A0BF-C02BB527E972}] (...) -- J:\instmsiw.exe (.not file.) [0]
[MD5.13B5AC21FBB034F727841143CB904F15] [APT] [{C491C0D5-E837-4490-B83B-A0005FEA4E99}] (...) -- C:\VoidLauncher\Start.exe [1813298]
[MD5.00000000000000000000000000000000] [APT] [{CE8ED6B1-57CA-48B5-9C26-762212067BFC}] (...) -- L:\setup.exe (.not file.) [0]
[MD5.13B5AC21FBB034F727841143CB904F15] [APT] [{DB26F8DC-D53B-4EFF-856C-3BF14B4E8ECE}] (...) -- C:\VoidLauncher\Start.exe [1813298]
[MD5.00000000000000000000000000000000] [APT] [{DCC0E273-CDFE-4719-9832-33A87F364DE1}] (...) -- C:\Program Files (x86)\Steam\steam.exe (.not file.) [0]
~ Scheduled Task: 42 Legitimates Filtered in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: Akamai NetSession Interface - (...) [HKLM][64Bits] -- Akamai
O42 - Logiciel: CFX Sphere Utilities-64 for After Effects - (...) [HKLM][64Bits] -- CFX Sphere Utilities-64 for After Effects
O42 - Logiciel: FTdownloader V4.0 - (.installdaddy.) [HKLM][64Bits] -- FTdownloader V4.0 =>Adware.Downware
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM][64Bits] -- PokerStars.fr
~ Logic: 33 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Badguys]
[HKCU\Software\Cr_Installer] =>PUP.CrossRider
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\MX Simulator Demo]
[HKCU\Software\Pando Networks]
[HKCU\Software\WEDLMNGR] =>PUP.weDownloadManager
[HKCU\Software\WM Converter]
[HKCU\Software\Wif2]
[HKCU\Software\incredibar.com] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\Incredibar.com] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\NetmarbleSteam]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.Mocaflix
[HKLM\Software\Wow6432Node\Shortcut_Module]
~ Key Software: 600 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/08/2013 - 17:20:01 - [0] ----D C:\Program Files (x86)\ContinueToSave =>PUP.OfferWare
O43 - CFD: 16/08/2013 - 16:49:52 - [73,709] ----D C:\Program Files (x86)\PokerStars.FR
O43 - CFD: 30/08/2013 - 17:20:01 - [0] ----D C:\Program Files (x86)\WebSearch
O43 - CFD: 31/03/2012 - 20:37:33 - [0,235] ----D C:\Program Files (x86)\WMR11
O43 - CFD: 16/11/2013 - 10:30:16 - [0] ----D C:\ProgramData\APN
O43 - CFD: 16/02/2013 - 13:52:09 - [0] ----D C:\ProgramData\Ask
O43 - CFD: 26/02/2014 - 12:26:41 - [0] ----D C:\ProgramData\BoxUpdChk =>Adware.Boxore
O43 - CFD: 26/02/2014 - 12:26:41 - [0,018] ----D C:\ProgramData\conotiNuetosave =>PUP.OfferWare
O43 - CFD: 28/03/2012 - 19:21:23 - [0] ----D C:\ProgramData\Premium
O43 - CFD: 13/11/2012 - 08:41:50 - [34,961] ----D C:\ProgramData\~Browser Manager
O43 - CFD: 09/02/2014 - 18:08:08 - [277,841] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.aethericcrusade
O43 - CFD: 09/02/2014 - 18:08:06 - [0,093] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.beta-jurassiccraft
O43 - CFD: 09/02/2014 - 18:08:07 - [325,186] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.beta-pokepack
O43 - CFD: 23/05/2013 - 12:09:47 - [0] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.craft-your-kingdom
O43 - CFD: 09/02/2014 - 18:08:11 - [200,727] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.crazycraft
O43 - CFD: 09/02/2014 - 18:08:08 - [0,019] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.electriciansjourney
O43 - CFD: 09/02/2014 - 18:08:06 - [356,933] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.fellowship
O43 - CFD: 12/01/2013 - 12:50:49 - [60,501] ----D C:\Users\BEN-HASSEN\AppData\Roaming\.hankacraft
O43 - CFD: 19/05/2013 - 18:47:18 - [0] ----D C:\Users\BEN-HASSEN\AppData\Roaming\RWBYTE
O43 - CFD: 16/02/2013 - 18:25:59 - [0,001] --H-D C:\Users\BEN-HASSEN\AppData\Local\azkY5ox04XObm6n
O43 - CFD: 16/02/2013 - 18:26:00 - [0] --HAD C:\Users\BEN-HASSEN\AppData\Local\KpxiyoHQjnOiBRA
O43 - CFD: 25/06/2011 - 19:26:56 - [0,840] ----D C:\Users\BEN-HASSEN\AppData\Local\MX Simulator Demo
O43 - CFD: 21/08/2013 - 15:18:32 - [0,940] ----D C:\Users\BEN-HASSEN\AppData\Local\PokerStars.FR
O43 - CFD: 13/07/2013 - 17:44:55 - [0,001] ----D C:\Users\BEN-HASSEN\AppData\Local\PutLockerDownloader =>Spyware.PutLocker
O43 - CFD: 16/02/2013 - 18:26:00 - [0] --HAD C:\Users\BEN-HASSEN\AppData\Local\WzcYtAttQwVXi
O43 - CFD: 16/08/2013 - 15:28:19 - [0,003] ----D C:\Users\BEN-HASSEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.FR
~ 242 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 629 Legitimates Filtered in 00mn 05s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.B84D24E02B84762A1BDD4019F600CB7A] - 01/03/2014 - 11:32:58 ---A- . (...) -- C:\Shortcut_Module.txt [57185]
O44 - LFC:[MD5.694AA9EB9313C17BCB51728A7C10C28F] - 01/03/2014 - 14:01:53 ---A- . (...) -- C:\Windows\IE11_main.log [33977]
O44 - LFC:[MD5.6ADD912DEB640795FC70A3B506A0D639] - 21/02/2014 - 18:26:06 ---A- . (...) -- C:\img2-001.raw [921624]
O44 - LFC:[MD5.119E6FAE1E76910627924BE9C5445ED8] - 26/02/2014 - 09:11:58 ---A- . (...) -- C:\Windows\ntbtlog.txt [240484]
~ Files: 19 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.F0AC8D132C39CBFACCB0AD05A32AC046] - 01/03/2014 - 10:41:22 ---A- - C:\Windows\Prefetch\OVERWOLF.EXE-6DBA8B01.pf
O45 - LFCP:[MD5.57420B12B70FCDA476DFE655777DD09E] - 01/03/2014 - 10:42:12 ---A- - C:\Windows\Prefetch\OVERWOLFHELPER64.EXE-51E79EC3.pf
O45 - LFCP:[MD5.7C90EA79A7B16620568B8D1D3193B44F] - 01/03/2014 - 15:14:56 ---A- - C:\Windows\Prefetch\INSTUP.EXE-7E543EAF.pf
O45 - LFCP:[MD5.6E364F6492F33CFCA5E844A28177969B] - 01/03/2014 - 15:43:13 ---A- - C:\Windows\Prefetch\LIFETRAY.EXE-150E350C.pf
O45 - LFCP:[MD5.FE10139250958A84443508D5918C9194] - 01/03/2014 - 15:43:15 ---A- - C:\Windows\Prefetch\LIFEENC2.EXE-563D1C0C.pf
O45 - LFCP:[MD5.4A96E9F5932D277802F3FB787700EA34] - 12/02/2014 - 21:28:19 ---A- - C:\Windows\Prefetch\NVNETWORKSERVICE.EXE-00F8A2B7.pf
O45 - LFCP:[MD5.3448FF785D8ABD753ADD462F2B8F4F2F] - 28/02/2014 - 16:17:27 ---A- - C:\Windows\Prefetch\DAO.17931561.EXE-E4514DB9.pf
O45 - LFCP:[MD5.A38B2A712D0B58AF47ECB3133E22C861] - 28/02/2014 - 19:22:54 ---A- - C:\Windows\Prefetch\NVTMRU.EXE-231A7003.pf
O45 - LFCP:[MD5.A39A5D2AD64166485E46FCD9643D92CB] - 28/02/2014 - 23:26:55 ---A- - C:\Windows\Prefetch\NVBACKEND.EXE-00368064.pf
~ Prefetcher: 139 Legitimates Filtered in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{41f30083-d71d-11e2-acda-e069958c8553}\AutoRun\command. (...) -- F:\Launch.exe (.not file.)
O51 - MPSK:{5f08d70c-7be4-11e1-92c6-e069958c8553}\AutoRun\command. (...) -- J:\Launch.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\EA Core [Key] . (...) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (.not file.)
~ SMSR Keys: 18 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 15/01/2014 - 18:25:55 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 15/01/2014 - 18:25:57 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.FC0E8778C000291CAF60EB88C011E931] - 23/12/2012 - 21:51:44 ---A- . (...) -- C:\Windows\System32\Drivers\atksgt.sys [314016]
O58 - SDL:[MD5.A398ED024F739E7BE74ECFFA8A713A89] - 01/03/2010 - 23:59:50 ---A- . (...) -- C:\Windows\System32\Drivers\cpqdfw.sys [24376]
O58 - SDL:[MD5.10FB0FF62AF6262BF88E3607E2AE2A69] - 01/03/2010 - 23:59:50 ---A- . (...) -- C:\Windows\System32\Drivers\cqcpu.sys [24376]
O58 - SDL:[MD5.DEF365F0F6E017888C4B869D3BA4B8E0] - 30/07/2010 - 06:51:52 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x64).) -- C:\Windows\System32\Drivers\dgderdrv.sys [20552]
O58 - SDL:[MD5.46571ED73AE84469DCA53081D33CF3C8] - 01/04/2012 - 11:24:54 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.156AB2E56DC3CA0B582E3362E07CDED7] - 23/12/2012 - 21:51:44 ---A- . (...) -- C:\Windows\System32\Drivers\lirsgt.sys [43680]
O58 - SDL:[MD5.734C5DD3E851BBA6B024BEFCAD02844A] - 18/09/2013 - 02:47:32 ---A- . (.Windows (R) Win 7 DDK provider - Maelstrom VAD Audio driver.) -- C:\Windows\System32\Drivers\RzMaelstromVAD.sys [40696]
O58 - SDL:[MD5.DFC4E2081324E505CA479E473A78D893] - 01/04/2012 - 11:20:01 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564792]
O58 - SDL:[MD5.955FFE2B1D74A9E0E3E0E558E6A17F3B] - 28/10/2013 - 01:12:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [107288]
O58 - SDL:[MD5.C692C94FE55CAD0633440236022C27B3] - 19/09/2012 - 10:02:06 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203104]
O58 - SDL:[MD5.58C89A89D4AF0288DCF432EC0B358438] - 19/09/2012 - 10:02:08 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [203104]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.DCC8845692DEA3477BCF6CE9D06C711F] - 09/06/2011 - 18:35:04 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [528384]
O58 - SDL:[MD5.CE4B6956E4E12492715A53076E58761F] - 24/06/2010 - 14:00:14 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16392]
O58 - SDL:[MD5.CE4B6956E4E12492715A53076E58761F] - 24/06/2010 - 14:00:14 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16392]
~ Drivers: 21 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 01/03/2014 - 15:49:25 ---A- . (...) -- C:\Users\BEN-HASSEN\AppData\Roaming\ZHP\Log.txt [219018] =>.Nicolas Coolman
O61 - LFC: 01/03/2014 - 15:49:25 ---A- . (...) -- C:\Users\BEN-HASSEN\AppData\Roaming\ZHP\TestsZHPDiag.txt [2982] =>.Nicolas Coolman
O61 - LFC: 01/03/2014 - 15:49:25 ---A- . (...) -- C:\Users\BEN-HASSEN\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 01/03/2014 - 15:49:27 ---A- . (...) -- C:\Users\BEN-HASSEN\Downloads\RogueKiller.exe [3819008]
O61 - LFC: 01/03/2014 - 15:49:27 ---A- . (...) -- C:\Users\BEN-HASSEN\Downloads\adwcleaner.exe [1244192]
O61 - LFC: 28/02/2014 - 15:49:25 ---A- . (...) -- C:\Users\BEN-HASSEN\AppData\Roaming\ZHP\ZHPDiag.txt [84422] =>.Nicolas Coolman
~ 14 Fichiers temporaires (Temporary files)
~ Files: 358 Legitimates Filtered in 00mn 09s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 27/05/2010 - C:\Program Files (x86)\MSI Afterburner\RTCore64.sys (RTCore64) .(...) - LEGACY_RTCORE64
~ Legacy: 118 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Beamrise.XZO2W3ZJ7C4GRBWPB2J4EW7IBU> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\BEN-HASSEN\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [BEN-HASSEN - hf7xt0se.default-1393358102261] user_pref("extensions.crossrider.bic", "1446d3ce8945fd3dd0bcd26902829a4c"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com =>PUP.Babylon
O69 - SBI: SearchScopes [HKCU] {2fa28606-de77-4029-af96-b231e3b8f827} - (Ask.com) - https://uk.ask.com
O69 - SBI: SearchScopes [HKCU] {b7fca997-d0fb-4fe0-8afd-255e89cf9671} - (Yahoo) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - https://mystart.incredibar.com/ =>Adware.IncrediBar
O69 - SBI: SearchScopes [HKCU] {d944bb61-2e34-4dbf-a683-47e505c587dc} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
O69 - SBI: SearchScopes [HKCU] {EEE6C360-6118-11DC-9C72-001320C79847} - (SweetIM Search) - https://search.sweetim.com/ =>PUP.SweetIM
~ Keys: Scanned in 00mn 00s
---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\BEN-HASSEN\AppData\Roaming\uTorrent\Minecraft_Cracked_1.7.3.rar.torrent =>P2P.µTorrent
C:\Users\BEN-HASSEN\AppData\Roaming\uTorrent\The Elder Scrolls V Skyrim Dawnguard - FULL CRACKED - DLC - UPDATED.rar.torrent =>P2P.µTorrent
C:\Users\BEN-HASSEN\Nouveau dossier\Pack_Cracker_toute_PSP_pour_les_Nuls.rar
C:\Users\BEN-HASSEN\AppData\Roaming\uTorrent\Minecraft_Cracked_1.7.3.rar.torrent =>P2P.µTorrent
C:\Users\BEN-HASSEN\AppData\Roaming\uTorrent\The Elder Scrolls V Skyrim Dawnguard - FULL CRACKED - DLC - UPDATED.rar.torrent =>P2P.µTorrent
C:\Users\BEN-HASSEN\Nouveau dossier\Pack_Cracker_toute_PSP_pour_les_Nuls.rar
~ Files: Scanned in 00mn 20s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.494FCD1061795018107893DF77385E1A] [SPRF][16/12/2013] (...) -- C:\Users\BEN-HASSEN\Desktop\AscentiaLauncher-3.0.exe [833424]
[MD5.3C166BAE84553D4CB27AF8ABDC61712D] [SPRF][09/02/2014] (...) -- C:\Users\BEN-HASSEN\Desktop\Minecraft.exe [675988]
[MD5.09B08F44AAB25528E04FBC36F5D5577F] [SPRF][10/08/2012] (...) -- C:\Users\BEN-HASSEN\Desktop\Survivers_Beta_3.exe [9152000]
[MD5.58FC2ACC1BD6D856D261CFDFE97A78BD] [SPRF][04/03/2013] (.RichDigits - VoidLauncher Setup.) -- C:\Users\BEN-HASSEN\Desktop\VoidLauncherInstaller.exe [1493570]
~ Files: 7 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{CF28F2F8-6135-41D5-AF02-EEE41F63E654}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\eFusion\BlackShot\system\blackshot.exe (.not file.)
O87 - FAEL: "{2F360FB6-7B65-48BB-9554-08B7EAF94D64}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\eFusion\BlackShot\system\blackshot.exe (.not file.)
O87 - FAEL: "{D91D4C6A-4010-4D71-94A3-64F587F00942}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\eFusion\BlackShot\system\blackshot.exe (.not file.)
O87 - FAEL: "{3FA1F4DC-405C-4F85-B8AA-31831367ED5F}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\eFusion\BlackShot\system\blackshot.exe (.not file.)
O87 - FAEL: "TCP Query User{C71D36C5-EF8C-43CD-8BA0-DEE785BB597C}C:\windows\kmsemulator.exe" |In - Public - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
O87 - FAEL: "UDP Query User{C21F22B5-3E61-4FED-A858-C9AA9AFB156B}C:\windows\kmsemulator.exe" |In - Public - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
O87 - FAEL: "TCP Query User{09B76EE8-CA2B-4596-8E85-2ACA42619786}C:\program files (x86)\turbine\le seigneur des anneaux online\lotroclient.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\turbine\le seigneur des anneaux online\lotroclient.exe (.not file.)
O87 - FAEL: "UDP Query User{8F0B2E9A-406D-4B8B-ACD0-B2B93A1462ED}C:\program files (x86)\turbine\le seigneur des anneaux online\lotroclient.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\turbine\le seigneur des anneaux online\lotroclient.exe (.not file.)
O87 - FAEL: "TCP Query User{A4D049D7-D378-49DD-991D-258CF424CB0F}C:\program files (x86)\reactor\reactor.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\reactor\reactor.exe (.not file.)
O87 - FAEL: "UDP Query User{43B198CA-9C5F-4FC1-A4DF-EA8790AB38BF}C:\program files (x86)\reactor\reactor.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\reactor\reactor.exe (.not file.)
O87 - FAEL: "{820E6CEE-BE10-41D2-9AD1-BC359D81DEFF}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\REACTOR\ijjiOptimizer.exe (.not file.)
O87 - FAEL: "{E14BE98C-9ED2-4E69-BEFC-A237A5F2F5F4}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\REACTOR\ijjiOptimizer.exe (.not file.)
O87 - FAEL: "TCP Query User{33B84863-CFB9-4861-A103-A4FDD76170E2}C:\ijji\english\ava\binaries\ava.exe" |In - Public - P6 - TRUE | .(...) -- C:\ijji\english\ava\binaries\ava.exe (.not file.)
O87 - FAEL: "UDP Query User{35EE12B8-4F69-4D0B-9AAC-CF03629DB5F8}C:\ijji\english\ava\binaries\ava.exe" |In - Public - P17 - TRUE | .(...) -- C:\ijji\english\ava\binaries\ava.exe (.not file.)
O87 - FAEL: "{C41F6AE6-75DC-4156-9614-597F80D37BB5}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\REACTOR\ijjiOptimizer.exe (.not file.)
O87 - FAEL: "{EF0A8277-3F37-4363-AC0A-4CBC13F343BC}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\REACTOR\ijjiOptimizer.exe (.not file.)
O87 - FAEL: "{934427D6-3774-44D6-8E6A-5080BE0B7412}" |In - Private - P6 - TRUE | .(...) -- C:\SG Interactive\Project Blackout\PBlackout.exe (.not file.)
O87 - FAEL: "{3EA96060-7747-4AE4-96B1-EF3C18B1C8AF}" |In - Private - P17 - TRUE | .(...) -- C:\SG Interactive\Project Blackout\PBlackout.exe (.not file.)
O87 - FAEL: "TCP Query User{27872B89-0175-4D48-B8B1-0771AEDCA22A}C:\users\ben-hassen\appdata\local\temp\gw2.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\temp\gw2.exe (.not file.)
O87 - FAEL: "UDP Query User{F447DDCD-14EC-4295-A339-6CDD70D3C256}C:\users\ben-hassen\appdata\local\temp\gw2.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\temp\gw2.exe (.not file.)
O87 - FAEL: "TCP Query User{DB5B0332-91BD-4036-BE74-4177DA55D0D4}C:\program files (x86)\the creative assembly\total war shogun 2\shogun2.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\the creative assembly\total war shogun 2\shogun2.exe (.not file.)
O87 - FAEL: "UDP Query User{32461732-0E91-4D8B-8C84-2FD6A1026628}C:\program files (x86)\the creative assembly\total war shogun 2\shogun2.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\the creative assembly\total war shogun 2\shogun2.exe (.not file.)
O87 - FAEL: "{D883EE5A-25F6-4105-95A6-74F6A5B96AAC}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Origin Games\Mass Effect 2\MassEffect2Launcher.exe (.not file.)
O87 - FAEL: "{2EFF92DA-B4ED-49EF-8B39-C8854BD9FB19}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Origin Games\Mass Effect 2\MassEffect2Launcher.exe (.not file.)
O87 - FAEL: "TCP Query User{4AC38A8A-A086-450D-B3F9-1B01B8AD9CA8}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe (.not file.)
O87 - FAEL: "UDP Query User{96466E71-D801-4E9C-9E6A-AFBD6C6F64E0}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe (.not file.)
O87 - FAEL: "TCP Query User{102962F6-41EC-4862-9D7F-4487AAD892BB}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_366d3edf94a00510\launcher.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_366d3edf94a00510\launcher.exe (.not file.)
O87 - FAEL: "UDP Query User{B838631B-F98D-42B5-8830-6E0731791AD6}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_366d3edf94a00510\launcher.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_366d3edf94a00510\launcher.exe (.not file.)
O87 - FAEL: "TCP Query User{D2445ED3-9D03-4409-AEBB-D84F2B172D37}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_77533cf46d050dd0\launcher.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_77533cf46d050dd0\launcher.exe (.not file.)
O87 - FAEL: "UDP Query User{41581EC6-4B21-4388-BAB1-67687707B237}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_77533cf46d050dd0\launcher.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_77533cf46d050dd0\launcher.exe (.not file.)
O87 - FAEL: "{01AD98D6-4387-4867-86B6-CBD8734A1EF8}" |In - Public - P17 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_77533cf46d050dd0\launcher.exe (.not file.)
O87 - FAEL: "{E024A3A0-3446-465C-956E-8DFC99DA147F}" |In - Public - P6 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001c_77533cf46d050dd0\launcher.exe (.not file.)
O87 - FAEL: "TCP Query User{B7512E05-E65D-4CB2-BAF6-9E571587CF00}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe (.not file.)
O87 - FAEL: "UDP Query User{25E472A7-B610-4A17-B615-F5D0FF524BC4}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe (.not file.)
O87 - FAEL: "{634A721A-C9C0-4966-B885-1D5DE0EE2679}" |In - Public - P17 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe (.not file.)
O87 - FAEL: "{D2D4E2E9-7DA6-4F43-BABE-E2C675606FB6}" |In - Public - P6 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe (.not file.)
O87 - FAEL: "TCP Query User{7FB4E5A0-A578-4193-95F6-6ED3F17C6F6B}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe (.not file.)
O87 - FAEL: "UDP Query User{022A5D52-FDE4-4F4D-B1EE-3D84387EBBED}C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\ben-hassen\appdata\local\apps\2.0\epytdvge.mdv\k8gh2nh9.ld7\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe (.not file.)
O87 - FAEL: "TCP Query User{37023B49-46B3-45D9-AAFD-6EEFF86EEA8F}C:\users\ben-hassen\desktop\mw2\iw4m.dat" | In - Public - P6 - TRUE | .(...) -- C:\users\ben-hassen\desktop\mw2\iw4m.dat
O87 - FAEL: "UDP Query User{EC0A36DF-F61C-4B1E-B5C2-5CAA46A7F889}C:\users\ben-hassen\desktop\mw2\iw4m.dat" | In - Public - P17 - TRUE | .(...) -- C:\users\ben-hassen\desktop\mw2\iw4m.dat
O87 - FAEL: "{4FF9BAB2-0668-4577-B732-D0E79E0F6E29}" |In - Public - P17 - TRUE | .(...) -- C:\Users\BEN-HASSEN\AppData\Local\Warframe\Downloaded\Public\Warframe.exe (.not file.)
O87 - FAEL: "{F4F43547-D1AA-4955-B11A-A94ACD9CA4C7}" |In - Public - P17 - TRUE | .(...) -- C:\Users\BEN-HASSEN\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe (.not file.)
O87 - FAEL: "{C8E1CB30-1AF0-46E6-A860-27D6DD61CE40}" |Out - Public - P17 - TRUE | .(...) -- C:\Users\BEN-HASSEN\AppData\Local\Warframe\Downloaded\Public\Warframe.exe (.not file.)
O87 - FAEL: "{D1C5A3CC-D37D-4EF3-B523-395EAAD2BFFD}" |Out - Public - P17 - TRUE | .(...) -- C:\Users\BEN-HASSEN\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe (.not file.)
O87 - FAEL: "{9D4523D9-2771-4DAF-BBC8-4E2316838909}" |Out - Public - P6 - TRUE | .(...) -- C:\Users\BEN-HASSEN\AppData\Local\Warframe\Downloaded\Public\Warframe.exe (.not file.)
O87 - FAEL: "{703FECA4-8700-44E1-B5A3-CAB6165AB117}" |Out - Public - P6 - TRUE | .(...) -- C:\Users\BEN-HASSEN\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe (.not file.)
O87 - FAEL: "{EDAA60F9-7670-4A71-827D-D063B81F3146}" |Out - Public - P6 - TRUE | .(...) -- C:\Users\BEN-HASSEN\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe (.not file.)
~ Firewall: 566 Legitimates Filtered in 00mn 01s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.D2C56F914D1559718C6E5F5D409F2394] [WIS][01/09/2006] (.Apple Computer, Inc. - QuickTime Installer.) -- C:\Windows\Installer\131330.msi [24508416]
[MD5.8A06528153DAB4A25CBBEF58B95FF76D] [WIS][09/08/2013] (.Husdawg, LLC - System Requirements Lab CYRI.) -- C:\Windows\Installer\2082837.msi [274432]
[MD5.1E1E0D988157DDB6C0630BE5BC202E28] [WIS][27/02/2014] (.LogMeIn, Inc. - LogMeIn Hamachi Installer.) -- C:\Windows\Installer\2fc13.msi [8216576]
[MD5.601EE1F9B1049A604FD6212947ECBAC6] [WIS][06/09/2007] (.Google - Installs the Google Toolbar for Firefox.) -- C:\Windows\Installer\5c7be9.msi [981504] =>Toolbar.Google
~ WIS: 151 Legitimates Filtered in 00mn 29s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 21/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe
SS - | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
SS - | Auto 07/07/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07/07/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 26/02/2014 2224976 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SS - | Auto 30/08/2012 8704 | (HiPatchService) . (.Hi-Rez Studios.) - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
SS - | Auto 06/08/2010 291896 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SS - | Demand 10/07/1658 0 | (hpqwmiex) . (...) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 22/11/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Auto 26/02/2014 377616 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SS - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Demand 13/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SS - | Auto 04/09/2007 180224 | (nTuneService) . (.NVIDIA.) - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
SS - | Auto 10/12/2013 1494304 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SS - | Auto 10/12/2013 15129376 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SS - | Auto 11/11/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Demand 16/02/2014 98560 | (OverwolfUpdaterService) . (.Overwolf LTD.) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
SS - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 24/06/2011 302592 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SS - | Demand 09/10/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Auto 11/11/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | c:\program files (x86)\common files\akamai\netsession_win_8fa3539.dll (Akamai) . (.Akamai Technologies, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 14/02/2014 113704 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 31s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by BEN-HASSEN at 01/03/2014 15:50:24
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by BEN-HASSEN at 01/03/2014 15:50:26
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:[MD5.DFC4E2081324E505CA479E473A78D893] - 01/04/2012 - 11:20:01 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564792]
~ Emulateurs: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (23/02/2014)
Clés trouvées (Keys found) : 87
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 8
Fichiers trouvés (Files found) : 3
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FTdownloader V4.0] =>Adware.Downware^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}] =>Adware.IncrediBar
[HKLM\Software\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}] =>Adware.IncrediBar
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>PUP.Babylon
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}] =>Adware.IncrediBar
[HKLM\Software\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}] =>Adware.IncrediBar
[HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Microsoft\Int
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
1 mars 2014 à 15:56
1 mars 2014 à 15:56
Héberges le rapport
Rayker
Messages postés
227
Date d'inscription
vendredi 14 février 2014
Statut
Membre
Dernière intervention
16 septembre 2017
2
1 mars 2014 à 16:04
1 mars 2014 à 16:04
sa marche pas pjoint
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
1 mars 2014 à 16:05
1 mars 2014 à 16:05
Essaie cjoint ;)
Rayker
Messages postés
227
Date d'inscription
vendredi 14 février 2014
Statut
Membre
Dernière intervention
16 septembre 2017
2
1 mars 2014 à 16:16
1 mars 2014 à 16:16
j'ai deux rapport j'arrive pas a les différencier ....
Rayker
Messages postés
227
Date d'inscription
vendredi 14 février 2014
Statut
Membre
Dernière intervention
16 septembre 2017
2
1 mars 2014 à 18:41
1 mars 2014 à 18:41
https://www.cjoint.com/?3CbsOIj5qKE
https://www.cjoint.com/?3CbsOody56N
C'est les deux rapport...
PS:j'ai pas réussi a les différencier
https://www.cjoint.com/?3CbsOody56N
C'est les deux rapport...
PS:j'ai pas réussi a les différencier
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
1 mars 2014 à 19:06
1 mars 2014 à 19:06
Vire tes cr@cks