J arrive pas a virer le virus ituneshelper et je suis en prison
Résolu/Fermé
riadriadriad
Messages postés
55
Date d'inscription
vendredi 16 mai 2014
Statut
Membre
Dernière intervention
15 août 2014
-
16 mai 2014 à 23:19
Utilisateur anonyme - 1 juin 2014 à 08:04
Utilisateur anonyme - 1 juin 2014 à 08:04
A voir également:
- J arrive pas a virer le virus ituneshelper et je suis en prison
- Message virus iphone site adulte - Forum iPhone
- Prison break torrent magnet - Forum Cinéma / Télé
- Prison break saison 5 ✓ - Forum Jeux vidéo
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
34 réponses
riadriadriad
Messages postés
55
Date d'inscription
vendredi 16 mai 2014
Statut
Membre
Dernière intervention
15 août 2014
2
28 mai 2014 à 23:23
28 mai 2014 à 23:23
bonsoir ,voici le nouveau rapport zhpdiag ,merci
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : 62CMK
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Windows Defender W7 (Activate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 13 ActiveX
Adobe Reader X
Java 7 Update 21
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 28 GB (9%) free of 298 GB
---\\ Mode de connexion au système
~ Computer Name: R-PC
~ User Name: R
~ All Users Names: R, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\R\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\R\AppData\Roaming\
~ %Desktop% : C:\Users\R\Desktop\
~ %Favorites% : C:\Users\R\Favorites\
~ %LocalAppData% : C:\Users\R\AppData\Local\
~ %StartMenu% : C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 28 Go of 298 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 0 Go)
G: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.62077F806BC59CBD5A404338D710D133] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.08/03/2014 - 00:02:07.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.04/03/2014 - 10:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/30
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 1/649
~ Mon Bureau (My Desktop) : 1/3935
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 02s
---\\ Processus lancés
[MD5.4CC887D405B7E9B1F6E3012A2CFCF71C] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files\iSafe\iSafeSvc.exe [118056] [PID.896] =>Trojan.Staser
[MD5.2CEE5349ED55BD4A743BA41E461802C1] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files\iSafe\iSafeSvc2.exe [118056] [PID.976] =>Trojan.Staser
[MD5.C7BB95CF9631AA401E4ADED1648F6AF7] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe [974944] [PID.1760]
[MD5.4FDA55C98C558CE72F1D5ED16FA3C173] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files\iSafe\iSafeTray.exe [802984] [PID.2780] =>Trojan.Staser
[MD5.C3ED032AF1C30F92546A698CC7173605] - (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe [3080264] [PID.2876]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.2012]
[MD5.4BD107E339C9955708FA35A96BB8A8A8] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 331.8.) -- C:\Windows\system32\nvvsvc.exe [664352] [PID.856]
[MD5.AFBC1045AC97BD6DD3ED41DF5A592C59] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [932640] [PID.3608]
[MD5.8C1BEE0EDA8D1C01D1C8C61F2C6A9F7B] - (.Microsoft Corporation - Installation de Windows Device.) -- C:\Windows\System32\dinotify.exe [8192] [PID.2544]
[MD5.803C146CCDA377023F3A4034A0F8DBD3] - (.SFR - SFR.Dashboard.Service.) -- C:\Program Files\SFR\Gestionnaire de Connexion\SFR.Dashboard.Service.exe [25008] [PID.1696]
[MD5.495171944759627ACD05BC8D794A371E] - (.SFR - Gestionnaire de connexion.) -- C:\Program Files\SFR\Gestionnaire de Connexion\SFR_Gestionnaire_connexion.exe [895920] [PID.2796]
[MD5.7116680C2C62709EE81BDDC69EF26B93] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757488] [PID.2792]
[MD5.03E9E74F6E7F905851BFAB8FD820EE7F] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Users\R\Desktop\rnb,funk,rai\vesti\Nouveau dossier\Internet Download Manager 6.15 Build 10 + Crack\Crack\IDMan.exe [3581816] [PID.2968]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Users\R\Desktop\rnb,funk,rai\vesti\Nouveau dossier\Internet Download Manager 6.15 Build 10 + Crack\Crack\IEMonitor.exe [269848] [PID.3216]
[MD5.8911702CC546B76FE8F9C61987C68C43] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files\Internet Explorer\IELowutil.exe [222720] [PID.2892]
[MD5.F68194F74350D4A2ADE98961E33F884C] - (.Microsoft Corporation - Isolation graphique de périphérique audio W.) -- C:\Windows\system32\AUDIODG.exe [100864] [PID.3984]
[MD5.638A95BF8FC7C918D6BF3FD9A128CD99] - (.Woodtale Technology Inc. - dupdate.) -- C:\Program Files\iSafe\dup.exe [243368] [PID.3116] =>Trojan.Staser
[MD5.EB9668A40C4AFFB5126319663DAC9376] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8020480] [PID.3924]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.1808]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 2 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.)
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [egui] . (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EC8CB05-1BA5-4D66-97A6-29BDD5C95C2D}: NameServer = 172.20.2.10 172.20.2.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{5EC8CB05-1BA5-4D66-97A6-29BDD5C95C2D}: NameServer = 172.20.2.10 172.20.2.39
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: iSafeService (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files\iSafe\iSafeSvc.exe =>Trojan.Staser
~ Services: 8 Legitimates Filtered in 00mn 04s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [4263] (...) -- C:\UseRs\R\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0268846C-CF5B-4FF2-AA96-79821C91358B}] (...) -- F:\R Porn.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{059FC84D-15F5-49B7-A945-4424520A1F08}] (...) -- C:\FILMS\Lil_Wayne-Tha_Carter_IV-(Deluxe_Edition)-2011-CR .scr" -d C:\FILMS -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0632E93B-B197-41FE-A547-65B7C55A1E99}] (...) -- F:\Clip rap fr .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0F2113D7-57E5-42AA-B602-1B4BC45852CC}] (...) -- F:\The.Dictator.2012.FRENCH.TS.MD.XViD-FORYOU .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{19F6DF62-5913-4536-9287-6F52829F6474}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E05.FRENCH.HDTV.XVID-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{276F9FE5-928C-463B-8179-96824366D5FB}] (...) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{27BB4469-B94F-42FA-91E0-B177961632BA}] (...) -- F:\Lunatic-Black_Album-FR-2006-E .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5499940C-5A17-4FF9-9FB4-4E7252498765}] (...) -- F:\Rohff .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5736EF8C-FEA7-4F14-870C-E3DEE48C4CA6}] (...) -- C:\albums rapér'n'béfunk\Lil Wayne - The Diary Of Dwayne Carter 2012 .scr" -d "C:\albums rapér'n'béfunk" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{577DC5E1-227D-4ACA-A029-3D29102A8525}] (...) -- F:\MEEK MILL 2012 .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5A3AD36C-7E4A-4FD0-845C-A79E1CC8BB9A}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E06.FRENCH.HDTV.XVID-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5FFAF157-8908-4F3A-A8D9-1AD8EEDE713A}] (...) -- C:\UseRs\R\Desktop\vesti\avast_fRee_antiviRus_setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{82A17408-0960-42AA-99CC-54CCD78846D5}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E01.FRENCH.HDTV.XVID-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{84F5D242-E06D-4108-A91A-2F7FFD425729}] (...) -- C:\jeux\VLC\vlc.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8A1D324E-6619-44C8-B161-C9C6CF9FED30}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E03.FRENCH.HDTV.264-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{931EB41E-32FB-4336-93E0-BDE1C2FFD74F}] (...) -- C:\albums rapér'n'béfunk\Notorious Big - Ready to Die.scr" -d "C:\albums rapér'n'béfunk" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A67AC3E5-02EF-4128-ADF0-C45B893F36D2}] (...) -- F:\[Xpadder - ME3 for XBox Pad]\TUTORIAL scrEENS .scr" -d "F:\[Xpadder - ME3 for XBox Pad]" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C9A5CA68-0021-4438-89B8-C40BF5D14F2D}] (...) -- C:\UseRs\R\Desktop\GReatest Hits .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D21F3E81-4CCE-476D-87E7-A674DA393731}] (...) -- C:\UseRs\R\Desktop\Lil Wayne - Tha CaRteR TRilogy .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F2624970-EC7A-409E-96FE-4E988D563836}] (...) -- F:\[Xpadder - ME3 for XBox Pad]\Xpadder - ME3 for XBox Pad\manette .scr" -d "F:\[Xpadder - ME3 for XBox Pad]\Xpadder - ME3 for XBox Pad" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F7DE3DDE-C39D-4C4F-84E1-C348821DF5D1}] (...) -- F:\C.N.N\Capone -N- Noreaga - Best Of CNN-Thugged Da Fuck Out Gangsta .scr" -d F:\C.N.N -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F8679223-2D76-43ED-A38D-91821F0C15D1}] (...) -- F:\MEEK MILL 2012\MEEK MILL 2012 CD2 .scr" -d "F:\MEEK MILL 2012" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FFE17394-37A9-4E33-8E57-58B4E4CEFF78}] (...) -- C:\FILMS\Foto d.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3377018707-1053510699-2633951545-1000Core [890]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3377018707-1053510699-2633951545-1000UA [912]
~ Scheduled Task: 36 Legitimates Filtered in 01mn 03s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files\iSafe\iSafeKrnlKit.sys =>Trojan.Staser
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Program Files\iSafe\iSafeNetFilter.sys =>Trojan.Staser
~ Drivers: 84 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Yet Another Cleaner! - (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM] -- iSafe =>Trojan.Staser
~ Logic: 1 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKLM\Software\SupDp] =>PUP.SupTab
~ Key Software: 145 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/05/2014 - 18:26:48 - [] ----D C:\Program Files\iSafe =>Trojan.Staser
O43 - CFD: 17/05/2014 - 22:50:22 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 28/05/2014 - 21:39:07 - [] ----D C:\Users\R\AppData\Roaming\iSafe =>Trojan.Staser
~ Program Folder: 145 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2109213500463A92048C2F43A8AC3D46] - 16/05/2014 - 03:51:04 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [38912] =>Trojan.Staser
O44 - LFC:[MD5.E9F74DFF7D498DD3040DADF28A155976] - 20/05/2014 - 03:39:23 ---A- . (...) -- C:\Windows\System32\${LOGFILE} [1406]
O44 - LFC:[MD5.718FECF22BF4BD4FC05B79AA4BEC75D0] - 25/05/2014 - 21:54:44 ---A- . (...) -- C:\Windows\Language_trs.ini [1769]
O44 - LFC:[MD5.9D8CB58B9A9E177DDD599791A58A654D] - 25/05/2014 - 21:58:12 R--A- . (...) -- C:\Windows\System32\Drivers\AsIO.sys [11296]
O44 - LFC:[MD5.B6296A1E765612688E7E9800CEBF2AC8] - 25/05/2014 - 21:58:13 R--A- . (.Pas de propriétaire - AsIO DLL.) -- C:\Windows\System32\AsIO.dll [24576]
~ Files: 65 Legitimates Filtered in 00mn 04s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.A5FEC2F4F9D688F1122E7BE26B8100B9] - 28/05/2014 - 20:40:13 ---A- - C:\Windows\Prefetch\ISAFESCAN.EXE-5704198F.pf =>Trojan.Staser
O45 - LFCP:[MD5.0566167D0012E97C7C417E0F31B4F067] - 28/05/2014 - 21:08:53 ---A- - C:\Windows\Prefetch\ISAFEUPDATE.EXE-AC49D6ED.pf =>Trojan.Staser
~ Prefetcher: 2 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:16/07/2009 - 04:36:30 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [13216]
O58 - SDL:04/08/2009 - 03:28:18 R--A- . (...) -- C:\Windows\System32\Drivers\AsIO.sys [11296]
O58 - SDL:06/07/2009 - 03:48:02 R--A- . (...) -- C:\Windows\System32\Drivers\AsUpIO.sys [11448]
O58 - SDL:02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\System32\Drivers\ASUSHWIO.SYS [10296]
O58 - SDL:14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:16/03/2012 - 16:27:44 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:28/11/2013 - 01:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [108000]
O58 - SDL:16/05/2014 - 03:51:04 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [38912] =>Trojan.Staser
O58 - SDL:16/03/2012 - 15:27:50 ---A- . (.MBB Incorporated - CDROM Filter.) -- C:\Windows\System32\Drivers\massfilter.sys [9216]
O58 - SDL:16/03/2012 - 16:27:46 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 105 Legitimates Filtered in 00mn 02s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 16/05/2014 - C:\Program Files\iSafe\iSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - LEGACY_ISAFEKRNL =>Trojan.Staser
O64 - Services: CurCS - 16/05/2014 - C:\Program Files\iSafe\iSafeKrnlKit.sys (iSafeKrnlKit) .(.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - LEGACY_ISAFEKRNLKIT =>Trojan.Staser
O64 - Services: CurCS - 16/05/2014 - C:\Program Files\iSafe\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER =>Trojan.Staser
~ Legacy: 107 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.EA1D220176FD55FD035D6350F775DE90] [SPRF][05/04/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.4B39EE8EE6500C53F9EEB2C3DDFEFF91] [SPRF][14/10/2011] (...) -- C:\Users\R\Desktop\virtual-clonedrive_virtual_clonedrive_5.4.5.0_francais_anglais_79406.exe [1587696]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\FreeHDSport TV-codedownloader_RASAPI32 =>Hijacker.FreehdsportTV
HKLM\SOFTWARE\Microsoft\Tracing\FreeHDSport TV-codedownloader_RASMANCS =>Hijacker.FreehdsportTV
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_E6C807F38EB64284_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_E6C807F38EB64284_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_3004-9b951bb3_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_3004-9b951bb3_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_0102-0d89a395_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_0102-0d89a395_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\mille-logiciels_pour_utorrent[1]_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\mille-logiciels_pour_utorrent[1]_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\privitize_1_RASAPI32 =>Hijacker.PrivitizeVPN
HKLM\SOFTWARE\Microsoft\Tracing\privitize_1_RASMANCS =>Hijacker.PrivitizeVPN
HKLM\SOFTWARE\Microsoft\Tracing\silent_pricora_deltaArgs_FR_RASAPI32 =>Adware.Pricora
HKLM\SOFTWARE\Microsoft\Tracing\silent_pricora_deltaArgs_FR_RASMANCS =>Adware.Pricora
HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1-8-19-3_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1-8-19-3_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32 =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\tiger savings-bg_RASAPI32 =>PUP.SpecialSavings
HKLM\SOFTWARE\Microsoft\Tracing\tiger savings-bg_RASMANCS =>PUP.SpecialSavings
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings-InternalInstaller_RASAPI32 =>PUP.SpecialSavings
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings-InternalInstaller_RASMANCS =>PUP.SpecialSavings
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings_RASAPI32 =>PUP.SpecialSavings
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings_RASMANCS =>PUP.SpecialSavings
HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASAPI32 =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASMANCS =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\wajam_1005-ab9801d8_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\wajam_1005-ab9801d8_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASMANCS =>PUP.WpManager
~ BTK: 452 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 16/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/12/2013 1494304 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
SS - | Auto 10/12/2013 14658848 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SS - | Auto 11/11/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Auto 19/09/2012 1699168 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
SR - | Auto 22/09/2011 974944 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
SR - | Auto 16/05/2014 118056 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files\iSafe\iSafeSvc.exe =>Trojan.Staser
SR - | Auto 11/11/2013 664352 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/03/2012 25008 | (SFR.Dashboard.Service) . (.SFR.) - C:\Program Files\SFR\Gestionnaire de Connexion\SFR.Dashboard.Service.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by R at 28/05/2014 23:21:24
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
1 ntkrnlpa!IofCallDriver[0x84C7EBBA] >> \Device\Harddisk0\DR0[0x87A43648]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by R at 28/05/2014 23:21:26
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/05/2014)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 5
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService] =>Trojan.Staser^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe] =>Trojan.Staser^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.TuneUp
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271167}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271167}] =>PUP.CrossRider
C:\Program Files\iSafe =>Trojan.Staser^
C:\Users\R\AppData\Roaming\iSafe =>Trojan.Staser^
C:\Program Files\iSafe\iSafeSvc.exe =>Trojan.Staser^
C:\Program Files\iSafe\iSafeSvc2.exe =>Trojan.Staser^
C:\Program Files\iSafe\iSafeTray.exe =>Trojan.Staser^
C:\Program Files\iSafe\dup.exe =>Trojan.Staser^
[HKLM\Software\SupDp] =>PUP.SupTab^
~ Additionnel Scan: 203849 Items scanned in 00mn 18s
---\\ Récapitulatif des détections trouvées sur votre station
https://nicolascoolman.eu =>Trojan.Staser
https://nicolascoolman.eu =>PUP.SupTab
http://nicolascoolman.fr/30583270-hijacker-freehdsporttv =>Hijacker.FreehdsportTV
https://nicolascoolman.eu =>Adware.IMBooster
https://nicolascoolman.eu =>Adware.Lollipop
http://nicolascoolman.fr/27068497-hijacker-privitizevpn =>Hijacker.PrivitizeVPN
https://nicolascoolman.eu =>Adware.Pricora
https://nicolascoolman.eu =>Toolbar.Conduit
https://nicolascoolman.eu =>PUP.SpecialSavings
https://nicolascoolman.eu =>Hijacker.TornTV
https://nicolascoolman.eu =>PUP.Wajam
https://nicolascoolman.eu =>PUP.WpManager
https://nicolascoolman.eu =>PUP.CrossRider
~ MSI: 13 link(s) detected in 00mn 00s
~ 766 Legitimates filtered by white list
End of the scan (526 lines in 02mn 24s)(0)
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : 62CMK
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Windows Defender W7 (Activate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 13 ActiveX
Adobe Reader X
Java 7 Update 21
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 28 GB (9%) free of 298 GB
---\\ Mode de connexion au système
~ Computer Name: R-PC
~ User Name: R
~ All Users Names: R, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\R\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\R\AppData\Roaming\
~ %Desktop% : C:\Users\R\Desktop\
~ %Favorites% : C:\Users\R\Favorites\
~ %LocalAppData% : C:\Users\R\AppData\Local\
~ %StartMenu% : C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 28 Go of 298 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 0 Go)
G: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.62077F806BC59CBD5A404338D710D133] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.08/03/2014 - 00:02:07.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.04/03/2014 - 10:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/30
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 1/649
~ Mon Bureau (My Desktop) : 1/3935
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 02s
---\\ Processus lancés
[MD5.4CC887D405B7E9B1F6E3012A2CFCF71C] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files\iSafe\iSafeSvc.exe [118056] [PID.896] =>Trojan.Staser
[MD5.2CEE5349ED55BD4A743BA41E461802C1] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files\iSafe\iSafeSvc2.exe [118056] [PID.976] =>Trojan.Staser
[MD5.C7BB95CF9631AA401E4ADED1648F6AF7] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe [974944] [PID.1760]
[MD5.4FDA55C98C558CE72F1D5ED16FA3C173] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files\iSafe\iSafeTray.exe [802984] [PID.2780] =>Trojan.Staser
[MD5.C3ED032AF1C30F92546A698CC7173605] - (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe [3080264] [PID.2876]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.2012]
[MD5.4BD107E339C9955708FA35A96BB8A8A8] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 331.8.) -- C:\Windows\system32\nvvsvc.exe [664352] [PID.856]
[MD5.AFBC1045AC97BD6DD3ED41DF5A592C59] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [932640] [PID.3608]
[MD5.8C1BEE0EDA8D1C01D1C8C61F2C6A9F7B] - (.Microsoft Corporation - Installation de Windows Device.) -- C:\Windows\System32\dinotify.exe [8192] [PID.2544]
[MD5.803C146CCDA377023F3A4034A0F8DBD3] - (.SFR - SFR.Dashboard.Service.) -- C:\Program Files\SFR\Gestionnaire de Connexion\SFR.Dashboard.Service.exe [25008] [PID.1696]
[MD5.495171944759627ACD05BC8D794A371E] - (.SFR - Gestionnaire de connexion.) -- C:\Program Files\SFR\Gestionnaire de Connexion\SFR_Gestionnaire_connexion.exe [895920] [PID.2796]
[MD5.7116680C2C62709EE81BDDC69EF26B93] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757488] [PID.2792]
[MD5.03E9E74F6E7F905851BFAB8FD820EE7F] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Users\R\Desktop\rnb,funk,rai\vesti\Nouveau dossier\Internet Download Manager 6.15 Build 10 + Crack\Crack\IDMan.exe [3581816] [PID.2968]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Users\R\Desktop\rnb,funk,rai\vesti\Nouveau dossier\Internet Download Manager 6.15 Build 10 + Crack\Crack\IEMonitor.exe [269848] [PID.3216]
[MD5.8911702CC546B76FE8F9C61987C68C43] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files\Internet Explorer\IELowutil.exe [222720] [PID.2892]
[MD5.F68194F74350D4A2ADE98961E33F884C] - (.Microsoft Corporation - Isolation graphique de périphérique audio W.) -- C:\Windows\system32\AUDIODG.exe [100864] [PID.3984]
[MD5.638A95BF8FC7C918D6BF3FD9A128CD99] - (.Woodtale Technology Inc. - dupdate.) -- C:\Program Files\iSafe\dup.exe [243368] [PID.3116] =>Trojan.Staser
[MD5.EB9668A40C4AFFB5126319663DAC9376] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8020480] [PID.3924]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.1808]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 2 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.)
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [egui] . (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EC8CB05-1BA5-4D66-97A6-29BDD5C95C2D}: NameServer = 172.20.2.10 172.20.2.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{5EC8CB05-1BA5-4D66-97A6-29BDD5C95C2D}: NameServer = 172.20.2.10 172.20.2.39
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: iSafeService (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files\iSafe\iSafeSvc.exe =>Trojan.Staser
~ Services: 8 Legitimates Filtered in 00mn 04s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [4263] (...) -- C:\UseRs\R\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0268846C-CF5B-4FF2-AA96-79821C91358B}] (...) -- F:\R Porn.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{059FC84D-15F5-49B7-A945-4424520A1F08}] (...) -- C:\FILMS\Lil_Wayne-Tha_Carter_IV-(Deluxe_Edition)-2011-CR .scr" -d C:\FILMS -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0632E93B-B197-41FE-A547-65B7C55A1E99}] (...) -- F:\Clip rap fr .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0F2113D7-57E5-42AA-B602-1B4BC45852CC}] (...) -- F:\The.Dictator.2012.FRENCH.TS.MD.XViD-FORYOU .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{19F6DF62-5913-4536-9287-6F52829F6474}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E05.FRENCH.HDTV.XVID-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{276F9FE5-928C-463B-8179-96824366D5FB}] (...) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{27BB4469-B94F-42FA-91E0-B177961632BA}] (...) -- F:\Lunatic-Black_Album-FR-2006-E .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5499940C-5A17-4FF9-9FB4-4E7252498765}] (...) -- F:\Rohff .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5736EF8C-FEA7-4F14-870C-E3DEE48C4CA6}] (...) -- C:\albums rapér'n'béfunk\Lil Wayne - The Diary Of Dwayne Carter 2012 .scr" -d "C:\albums rapér'n'béfunk" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{577DC5E1-227D-4ACA-A029-3D29102A8525}] (...) -- F:\MEEK MILL 2012 .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5A3AD36C-7E4A-4FD0-845C-A79E1CC8BB9A}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E06.FRENCH.HDTV.XVID-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5FFAF157-8908-4F3A-A8D9-1AD8EEDE713A}] (...) -- C:\UseRs\R\Desktop\vesti\avast_fRee_antiviRus_setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{82A17408-0960-42AA-99CC-54CCD78846D5}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E01.FRENCH.HDTV.XVID-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{84F5D242-E06D-4108-A91A-2F7FFD425729}] (...) -- C:\jeux\VLC\vlc.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8A1D324E-6619-44C8-B161-C9C6CF9FED30}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E03.FRENCH.HDTV.264-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{931EB41E-32FB-4336-93E0-BDE1C2FFD74F}] (...) -- C:\albums rapér'n'béfunk\Notorious Big - Ready to Die.scr" -d "C:\albums rapér'n'béfunk" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A67AC3E5-02EF-4128-ADF0-C45B893F36D2}] (...) -- F:\[Xpadder - ME3 for XBox Pad]\TUTORIAL scrEENS .scr" -d "F:\[Xpadder - ME3 for XBox Pad]" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C9A5CA68-0021-4438-89B8-C40BF5D14F2D}] (...) -- C:\UseRs\R\Desktop\GReatest Hits .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D21F3E81-4CCE-476D-87E7-A674DA393731}] (...) -- C:\UseRs\R\Desktop\Lil Wayne - Tha CaRteR TRilogy .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F2624970-EC7A-409E-96FE-4E988D563836}] (...) -- F:\[Xpadder - ME3 for XBox Pad]\Xpadder - ME3 for XBox Pad\manette .scr" -d "F:\[Xpadder - ME3 for XBox Pad]\Xpadder - ME3 for XBox Pad" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F7DE3DDE-C39D-4C4F-84E1-C348821DF5D1}] (...) -- F:\C.N.N\Capone -N- Noreaga - Best Of CNN-Thugged Da Fuck Out Gangsta .scr" -d F:\C.N.N -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F8679223-2D76-43ED-A38D-91821F0C15D1}] (...) -- F:\MEEK MILL 2012\MEEK MILL 2012 CD2 .scr" -d "F:\MEEK MILL 2012" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FFE17394-37A9-4E33-8E57-58B4E4CEFF78}] (...) -- C:\FILMS\Foto d.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3377018707-1053510699-2633951545-1000Core [890]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3377018707-1053510699-2633951545-1000UA [912]
~ Scheduled Task: 36 Legitimates Filtered in 01mn 03s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files\iSafe\iSafeKrnlKit.sys =>Trojan.Staser
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Program Files\iSafe\iSafeNetFilter.sys =>Trojan.Staser
~ Drivers: 84 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Yet Another Cleaner! - (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM] -- iSafe =>Trojan.Staser
~ Logic: 1 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKLM\Software\SupDp] =>PUP.SupTab
~ Key Software: 145 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/05/2014 - 18:26:48 - [] ----D C:\Program Files\iSafe =>Trojan.Staser
O43 - CFD: 17/05/2014 - 22:50:22 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 28/05/2014 - 21:39:07 - [] ----D C:\Users\R\AppData\Roaming\iSafe =>Trojan.Staser
~ Program Folder: 145 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2109213500463A92048C2F43A8AC3D46] - 16/05/2014 - 03:51:04 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [38912] =>Trojan.Staser
O44 - LFC:[MD5.E9F74DFF7D498DD3040DADF28A155976] - 20/05/2014 - 03:39:23 ---A- . (...) -- C:\Windows\System32\${LOGFILE} [1406]
O44 - LFC:[MD5.718FECF22BF4BD4FC05B79AA4BEC75D0] - 25/05/2014 - 21:54:44 ---A- . (...) -- C:\Windows\Language_trs.ini [1769]
O44 - LFC:[MD5.9D8CB58B9A9E177DDD599791A58A654D] - 25/05/2014 - 21:58:12 R--A- . (...) -- C:\Windows\System32\Drivers\AsIO.sys [11296]
O44 - LFC:[MD5.B6296A1E765612688E7E9800CEBF2AC8] - 25/05/2014 - 21:58:13 R--A- . (.Pas de propriétaire - AsIO DLL.) -- C:\Windows\System32\AsIO.dll [24576]
~ Files: 65 Legitimates Filtered in 00mn 04s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.A5FEC2F4F9D688F1122E7BE26B8100B9] - 28/05/2014 - 20:40:13 ---A- - C:\Windows\Prefetch\ISAFESCAN.EXE-5704198F.pf =>Trojan.Staser
O45 - LFCP:[MD5.0566167D0012E97C7C417E0F31B4F067] - 28/05/2014 - 21:08:53 ---A- - C:\Windows\Prefetch\ISAFEUPDATE.EXE-AC49D6ED.pf =>Trojan.Staser
~ Prefetcher: 2 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:16/07/2009 - 04:36:30 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [13216]
O58 - SDL:04/08/2009 - 03:28:18 R--A- . (...) -- C:\Windows\System32\Drivers\AsIO.sys [11296]
O58 - SDL:06/07/2009 - 03:48:02 R--A- . (...) -- C:\Windows\System32\Drivers\AsUpIO.sys [11448]
O58 - SDL:02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\System32\Drivers\ASUSHWIO.SYS [10296]
O58 - SDL:14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:16/03/2012 - 16:27:44 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:28/11/2013 - 01:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [108000]
O58 - SDL:16/05/2014 - 03:51:04 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [38912] =>Trojan.Staser
O58 - SDL:16/03/2012 - 15:27:50 ---A- . (.MBB Incorporated - CDROM Filter.) -- C:\Windows\System32\Drivers\massfilter.sys [9216]
O58 - SDL:16/03/2012 - 16:27:46 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 105 Legitimates Filtered in 00mn 02s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 16/05/2014 - C:\Program Files\iSafe\iSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - LEGACY_ISAFEKRNL =>Trojan.Staser
O64 - Services: CurCS - 16/05/2014 - C:\Program Files\iSafe\iSafeKrnlKit.sys (iSafeKrnlKit) .(.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - LEGACY_ISAFEKRNLKIT =>Trojan.Staser
O64 - Services: CurCS - 16/05/2014 - C:\Program Files\iSafe\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER =>Trojan.Staser
~ Legacy: 107 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.EA1D220176FD55FD035D6350F775DE90] [SPRF][05/04/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.4B39EE8EE6500C53F9EEB2C3DDFEFF91] [SPRF][14/10/2011] (...) -- C:\Users\R\Desktop\virtual-clonedrive_virtual_clonedrive_5.4.5.0_francais_anglais_79406.exe [1587696]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\FreeHDSport TV-codedownloader_RASAPI32 =>Hijacker.FreehdsportTV
HKLM\SOFTWARE\Microsoft\Tracing\FreeHDSport TV-codedownloader_RASMANCS =>Hijacker.FreehdsportTV
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_E6C807F38EB64284_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_E6C807F38EB64284_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_3004-9b951bb3_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_3004-9b951bb3_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_0102-0d89a395_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_0102-0d89a395_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\mille-logiciels_pour_utorrent[1]_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\mille-logiciels_pour_utorrent[1]_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\privitize_1_RASAPI32 =>Hijacker.PrivitizeVPN
HKLM\SOFTWARE\Microsoft\Tracing\privitize_1_RASMANCS =>Hijacker.PrivitizeVPN
HKLM\SOFTWARE\Microsoft\Tracing\silent_pricora_deltaArgs_FR_RASAPI32 =>Adware.Pricora
HKLM\SOFTWARE\Microsoft\Tracing\silent_pricora_deltaArgs_FR_RASMANCS =>Adware.Pricora
HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1-8-19-3_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1-8-19-3_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32 =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\tiger savings-bg_RASAPI32 =>PUP.SpecialSavings
HKLM\SOFTWARE\Microsoft\Tracing\tiger savings-bg_RASMANCS =>PUP.SpecialSavings
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings-InternalInstaller_RASAPI32 =>PUP.SpecialSavings
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings-InternalInstaller_RASMANCS =>PUP.SpecialSavings
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings_RASAPI32 =>PUP.SpecialSavings
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings_RASMANCS =>PUP.SpecialSavings
HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASAPI32 =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASMANCS =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\wajam_1005-ab9801d8_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\wajam_1005-ab9801d8_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASMANCS =>PUP.WpManager
~ BTK: 452 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 16/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/12/2013 1494304 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
SS - | Auto 10/12/2013 14658848 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SS - | Auto 11/11/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Auto 19/09/2012 1699168 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
SR - | Auto 22/09/2011 974944 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
SR - | Auto 16/05/2014 118056 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files\iSafe\iSafeSvc.exe =>Trojan.Staser
SR - | Auto 11/11/2013 664352 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 16/03/2012 25008 | (SFR.Dashboard.Service) . (.SFR.) - C:\Program Files\SFR\Gestionnaire de Connexion\SFR.Dashboard.Service.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by R at 28/05/2014 23:21:24
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
1 ntkrnlpa!IofCallDriver[0x84C7EBBA] >> \Device\Harddisk0\DR0[0x87A43648]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by R at 28/05/2014 23:21:26
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/05/2014)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 5
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService] =>Trojan.Staser^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe] =>Trojan.Staser^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.TuneUp
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271167}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271167}] =>PUP.CrossRider
C:\Program Files\iSafe =>Trojan.Staser^
C:\Users\R\AppData\Roaming\iSafe =>Trojan.Staser^
C:\Program Files\iSafe\iSafeSvc.exe =>Trojan.Staser^
C:\Program Files\iSafe\iSafeSvc2.exe =>Trojan.Staser^
C:\Program Files\iSafe\iSafeTray.exe =>Trojan.Staser^
C:\Program Files\iSafe\dup.exe =>Trojan.Staser^
[HKLM\Software\SupDp] =>PUP.SupTab^
~ Additionnel Scan: 203849 Items scanned in 00mn 18s
---\\ Récapitulatif des détections trouvées sur votre station
https://nicolascoolman.eu =>Trojan.Staser
https://nicolascoolman.eu =>PUP.SupTab
http://nicolascoolman.fr/30583270-hijacker-freehdsporttv =>Hijacker.FreehdsportTV
https://nicolascoolman.eu =>Adware.IMBooster
https://nicolascoolman.eu =>Adware.Lollipop
http://nicolascoolman.fr/27068497-hijacker-privitizevpn =>Hijacker.PrivitizeVPN
https://nicolascoolman.eu =>Adware.Pricora
https://nicolascoolman.eu =>Toolbar.Conduit
https://nicolascoolman.eu =>PUP.SpecialSavings
https://nicolascoolman.eu =>Hijacker.TornTV
https://nicolascoolman.eu =>PUP.Wajam
https://nicolascoolman.eu =>PUP.WpManager
https://nicolascoolman.eu =>PUP.CrossRider
~ MSI: 13 link(s) detected in 00mn 00s
~ 766 Legitimates filtered by white list
End of the scan (526 lines in 02mn 24s)(0)
riadriadriad
Messages postés
55
Date d'inscription
vendredi 16 mai 2014
Statut
Membre
Dernière intervention
15 août 2014
2
28 mai 2014 à 23:28
28 mai 2014 à 23:28
ah oui j avai oublié ,excuse moi jte l envoi dans la boite malekal de suite
riadriadriad
Messages postés
55
Date d'inscription
vendredi 16 mai 2014
Statut
Membre
Dernière intervention
15 août 2014
2
28 mai 2014 à 23:34
28 mai 2014 à 23:34
voici le lien ou il y a le rapport du ZHPdiag
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20140528_l7n6d13d13l5
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20140528_l7n6d13d13l5
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
29 mai 2014 à 11:50
29 mai 2014 à 11:50
Bonjour
Utilisation de l'outil ZHPFix :
* Copie tout le texte présent dans l'encadré ci-dessous (tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
Script ZHPFix
[MD5.4CC887D405B7E9B1F6E3012A2CFCF71C] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files\iSafe\iSafeSvc.exe [118056] [PID.896]
[MD5.2CEE5349ED55BD4A743BA41E461802C1] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files\iSafe\iSafeSvc2.exe [118056] [PID.976]
[MD5.4FDA55C98C558CE72F1D5ED16FA3C173] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files\iSafe\iSafeTray.exe [802984] [PID.2780]
[MD5.638A95BF8FC7C918D6BF3FD9A128CD99] - (.Woodtale Technology Inc. - dupdate.) -- C:\Program Files\iSafe\dup.exe [243368] [PID.1844]
O23 - Service: iSafeService (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files\iSafe\iSafeSvc.exe
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files\iSafe\iSafeKrnlKit.sys
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Program Files\iSafe\iSafeNetFilter.sys
O42 - Logiciel: Yet Another Cleaner! - (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM] -- iSafe
[HKLM\Software\SupDp]
O43 - CFD: 28/05/2014 - 18:26:48 - [] ----D C:\Program Files\iSafe
O43 - CFD: 28/05/2014 - 21:39:07 - [] ----D C:\Users\R\AppData\Roaming\iSafe
O44 - LFC:[MD5.2109213500463A92048C2F43A8AC3D46] - 16/05/2014 - 03:51:04 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [38912]
O45 - LFCP:[MD5.A5FEC2F4F9D688F1122E7BE26B8100B9] - 28/05/2014 - 20:40:13 ---A- - C:\Windows\Prefetch\ISAFESCAN.EXE-5704198F.pf
O45 - LFCP:[MD5.0566167D0012E97C7C417E0F31B4F067] - 28/05/2014 - 21:08:53 ---A- - C:\Windows\Prefetch\ISAFEUPDATE.EXE-AC49D6ED.pf
O58 - SDL:16/05/2014 - 03:51:04 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [38912]
O64 - Services: CurCS - 16/05/2014 - C:\Program Files\iSafe\iSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - LEGACY_ISAFEKRNL
O64 - Services: CurCS - 16/05/2014 - C:\Program Files\iSafe\iSafeKrnlKit.sys (iSafeKrnlKit) .(.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - LEGACY_ISAFEKRNLKIT
O64 - Services: CurCS - 16/05/2014 - C:\Program Files\iSafe\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER
HKLM\SOFTWARE\Microsoft\Tracing\FreeHDSport TV-codedownloader_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\FreeHDSport TV-codedownloader_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_3004-9b951bb3_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_3004-9b951bb3_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_0102-0d89a395_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_0102-0d89a395_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\privitize_1_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\privitize_1_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\silent_pricora_deltaArgs_FR_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\silent_pricora_deltaArgs_FR_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\tiger savings-bg_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\tiger savings-bg_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings-InternalInstaller_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings-InternalInstaller_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\wajam_1005-ab9801d8_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\wajam_1005-ab9801d8_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASMANCS
SR - | Auto 16/05/2014 118056 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files\iSafe\iSafeSvc.exe
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271167}]
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271167}]
C:\Program Files\iSafe
C:\Users\R\AppData\Roaming\iSafe
C:\Program Files\iSafe\iSafeSvc.exe
C:\Program Files\iSafe\iSafeSvc2.exe
C:\Program Files\iSafe\iSafeTray.exe
C:\Program Files\iSafe\dup.exe
[HKLM\Software\SupDp]
[MD5.00000000000000000000000000000000] [APT] [4263] (...) -- C:\UseRs\R\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0268846C-CF5B-4FF2-AA96-79821C91358B}] (...) -- F:\R Porn.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{059FC84D-15F5-49B7-A945-4424520A1F08}] (...) -- C:\FILMS\Lil_Wayne-Tha_Carter_IV-(Deluxe_Edition)-2011-CR .scr" -d C:\FILMS -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0632E93B-B197-41FE-A547-65B7C55A1E99}] (...) -- F:\Clip rap fr .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0F2113D7-57E5-42AA-B602-1B4BC45852CC}] (...) -- F:\The.Dictator.2012.FRENCH.TS.MD.XViD-FORYOU .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{19F6DF62-5913-4536-9287-6F52829F6474}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E05.FRENCH.HDTV.XVID-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{27BB4469-B94F-42FA-91E0-B177961632BA}] (...) -- F:\Lunatic-Black_Album-FR-2006-E .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5499940C-5A17-4FF9-9FB4-4E7252498765}] (...) -- F:\Rohff .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5736EF8C-FEA7-4F14-870C-E3DEE48C4CA6}] (...) -- C:\albums rapér'n'béfunk\Lil Wayne - The Diary Of Dwayne Carter 2012 .scr" -d "C:\albums rapér'n'béfunk" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{577DC5E1-227D-4ACA-A029-3D29102A8525}] (...) -- F:\MEEK MILL 2012 .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5A3AD36C-7E4A-4FD0-845C-A79E1CC8BB9A}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E06.FRENCH.HDTV.XVID-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5FFAF157-8908-4F3A-A8D9-1AD8EEDE713A}] (...) -- C:\UseRs\R\Desktop\vesti\avast_fRee_antiviRus_setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{82A17408-0960-42AA-99CC-54CCD78846D5}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E01.FRENCH.HDTV.XVID-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8A1D324E-6619-44C8-B161-C9C6CF9FED30}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E03.FRENCH.HDTV.264-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{931EB41E-32FB-4336-93E0-BDE1C2FFD74F}] (...) -- C:\albums rapér'n'béfunk\Notorious Big - Ready to Die.scr" -d "C:\albums rapér'n'béfunk" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A67AC3E5-02EF-4128-ADF0-C45B893F36D2}] (...) -- F:\[Xpadder - ME3 for XBox Pad]\TUTORIAL scrEENS .scr" -d "F:\[Xpadder - ME3 for XBox Pad]" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C9A5CA68-0021-4438-89B8-C40BF5D14F2D}] (...) -- C:\UseRs\R\Desktop\GReatest Hits .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D21F3E81-4CCE-476D-87E7-A674DA393731}] (...) -- C:\UseRs\R\Desktop\Lil Wayne - Tha CaRteR TRilogy .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F2624970-EC7A-409E-96FE-4E988D563836}] (...) -- F:\[Xpadder - ME3 for XBox Pad]\Xpadder - ME3 for XBox Pad\manette .scr" -d "F:\[Xpadder - ME3 for XBox Pad]\Xpadder - ME3 for XBox Pad" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F7DE3DDE-C39D-4C4F-84E1-C348821DF5D1}] (...) -- F:\C.N.N\Capone -N- Noreaga - Best Of CNN-Thugged Da Fuck Out Gangsta .scr" -d F:\C.N.N -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F8679223-2D76-43ED-A38D-91821F0C15D1}] (...) -- F:\MEEK MILL 2012\MEEK MILL 2012 CD2 .scr" -d "F:\MEEK MILL 2012" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FFE17394-37A9-4E33-8E57-58B4E4CEFF78}] (...) -- C:\FILMS\Foto d.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3377018707-1053510699-2633951545-1000Core [890]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3377018707-1053510699-2633951545-1000UA [912]
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O43 - CFD: 17/05/2014 - 22:50:22 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_E6C807F38EB64284_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_E6C807F38EB64284_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1-8-19-3_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1-8-19-3_RASMANCS
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}]
ShortcutFix
EmptyPrefetch
FirewallRAZ
Emptytemp
EmptyCLSID
--------------------------------------------------------------------------------------------
Lance ZHPFix à partir du raccourci sur ton Bureau (si tu es sous Windows Vista ou Windows 7 ou 8, fais le par un clic-droit --> Exécuter en tant qu'administrateur)
Cliquer sur le bouton Importer. Le contenu du Presse-papier vient se coller dans la zone de saisie de ZHPFix
NB (W8) : Dans certains cas le script se colle automatiquement dans la zone de script et ne nécessite pas de cliquer sur le bouton "IMPORTER".
* Clique sur le bouton GO pour lancer le nettoyage.
-> laisse travailler l'outil et ne touche à rien ...
-> S'il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !
Une fois terminé, un nouveau rapport s'affiche : poste le contenu de ce dernier dans ta prochaine réponse ...
Ce rapport est copié sur le bureau
( ce rapport est en outre sauvegardé dans ce dossier :
- Pour XP : C:\Documents and Settings\username\Local Settings\Application Data\ZHP
- Depuis Vista : C:\Users\username\AppData\Roaming\ZHP\ZHPFix [R1].txt)
@+
Utilisation de l'outil ZHPFix :
* Copie tout le texte présent dans l'encadré ci-dessous (tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
Script ZHPFix
[MD5.4CC887D405B7E9B1F6E3012A2CFCF71C] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files\iSafe\iSafeSvc.exe [118056] [PID.896]
[MD5.2CEE5349ED55BD4A743BA41E461802C1] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files\iSafe\iSafeSvc2.exe [118056] [PID.976]
[MD5.4FDA55C98C558CE72F1D5ED16FA3C173] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files\iSafe\iSafeTray.exe [802984] [PID.2780]
[MD5.638A95BF8FC7C918D6BF3FD9A128CD99] - (.Woodtale Technology Inc. - dupdate.) -- C:\Program Files\iSafe\dup.exe [243368] [PID.1844]
O23 - Service: iSafeService (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files\iSafe\iSafeSvc.exe
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files\iSafe\iSafeKrnlKit.sys
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Program Files\iSafe\iSafeNetFilter.sys
O42 - Logiciel: Yet Another Cleaner! - (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM] -- iSafe
[HKLM\Software\SupDp]
O43 - CFD: 28/05/2014 - 18:26:48 - [] ----D C:\Program Files\iSafe
O43 - CFD: 28/05/2014 - 21:39:07 - [] ----D C:\Users\R\AppData\Roaming\iSafe
O44 - LFC:[MD5.2109213500463A92048C2F43A8AC3D46] - 16/05/2014 - 03:51:04 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [38912]
O45 - LFCP:[MD5.A5FEC2F4F9D688F1122E7BE26B8100B9] - 28/05/2014 - 20:40:13 ---A- - C:\Windows\Prefetch\ISAFESCAN.EXE-5704198F.pf
O45 - LFCP:[MD5.0566167D0012E97C7C417E0F31B4F067] - 28/05/2014 - 21:08:53 ---A- - C:\Windows\Prefetch\ISAFEUPDATE.EXE-AC49D6ED.pf
O58 - SDL:16/05/2014 - 03:51:04 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [38912]
O64 - Services: CurCS - 16/05/2014 - C:\Program Files\iSafe\iSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - LEGACY_ISAFEKRNL
O64 - Services: CurCS - 16/05/2014 - C:\Program Files\iSafe\iSafeKrnlKit.sys (iSafeKrnlKit) .(.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - LEGACY_ISAFEKRNLKIT
O64 - Services: CurCS - 16/05/2014 - C:\Program Files\iSafe\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER
HKLM\SOFTWARE\Microsoft\Tracing\FreeHDSport TV-codedownloader_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\FreeHDSport TV-codedownloader_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_3004-9b951bb3_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_3004-9b951bb3_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_0102-0d89a395_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_0102-0d89a395_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\privitize_1_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\privitize_1_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\silent_pricora_deltaArgs_FR_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\silent_pricora_deltaArgs_FR_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\tiger savings-bg_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\tiger savings-bg_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings-InternalInstaller_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings-InternalInstaller_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\wajam_1005-ab9801d8_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\wajam_1005-ab9801d8_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASMANCS
SR - | Auto 16/05/2014 118056 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files\iSafe\iSafeSvc.exe
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271167}]
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271167}]
C:\Program Files\iSafe
C:\Users\R\AppData\Roaming\iSafe
C:\Program Files\iSafe\iSafeSvc.exe
C:\Program Files\iSafe\iSafeSvc2.exe
C:\Program Files\iSafe\iSafeTray.exe
C:\Program Files\iSafe\dup.exe
[HKLM\Software\SupDp]
[MD5.00000000000000000000000000000000] [APT] [4263] (...) -- C:\UseRs\R\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0268846C-CF5B-4FF2-AA96-79821C91358B}] (...) -- F:\R Porn.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{059FC84D-15F5-49B7-A945-4424520A1F08}] (...) -- C:\FILMS\Lil_Wayne-Tha_Carter_IV-(Deluxe_Edition)-2011-CR .scr" -d C:\FILMS -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0632E93B-B197-41FE-A547-65B7C55A1E99}] (...) -- F:\Clip rap fr .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0F2113D7-57E5-42AA-B602-1B4BC45852CC}] (...) -- F:\The.Dictator.2012.FRENCH.TS.MD.XViD-FORYOU .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{19F6DF62-5913-4536-9287-6F52829F6474}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E05.FRENCH.HDTV.XVID-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{27BB4469-B94F-42FA-91E0-B177961632BA}] (...) -- F:\Lunatic-Black_Album-FR-2006-E .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5499940C-5A17-4FF9-9FB4-4E7252498765}] (...) -- F:\Rohff .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5736EF8C-FEA7-4F14-870C-E3DEE48C4CA6}] (...) -- C:\albums rapér'n'béfunk\Lil Wayne - The Diary Of Dwayne Carter 2012 .scr" -d "C:\albums rapér'n'béfunk" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{577DC5E1-227D-4ACA-A029-3D29102A8525}] (...) -- F:\MEEK MILL 2012 .scr" -d F:\ -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5A3AD36C-7E4A-4FD0-845C-A79E1CC8BB9A}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E06.FRENCH.HDTV.XVID-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5FFAF157-8908-4F3A-A8D9-1AD8EEDE713A}] (...) -- C:\UseRs\R\Desktop\vesti\avast_fRee_antiviRus_setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{82A17408-0960-42AA-99CC-54CCD78846D5}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E01.FRENCH.HDTV.XVID-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8A1D324E-6619-44C8-B161-C9C6CF9FED30}] (...) -- C:\UseRs\R\Desktop\Lockdown.S01E03.FRENCH.HDTV.264-Scaph .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{931EB41E-32FB-4336-93E0-BDE1C2FFD74F}] (...) -- C:\albums rapér'n'béfunk\Notorious Big - Ready to Die.scr" -d "C:\albums rapér'n'béfunk" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A67AC3E5-02EF-4128-ADF0-C45B893F36D2}] (...) -- F:\[Xpadder - ME3 for XBox Pad]\TUTORIAL scrEENS .scr" -d "F:\[Xpadder - ME3 for XBox Pad]" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C9A5CA68-0021-4438-89B8-C40BF5D14F2D}] (...) -- C:\UseRs\R\Desktop\GReatest Hits .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D21F3E81-4CCE-476D-87E7-A674DA393731}] (...) -- C:\UseRs\R\Desktop\Lil Wayne - Tha CaRteR TRilogy .scR" -d C:\UseRs\R\Desktop -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F2624970-EC7A-409E-96FE-4E988D563836}] (...) -- F:\[Xpadder - ME3 for XBox Pad]\Xpadder - ME3 for XBox Pad\manette .scr" -d "F:\[Xpadder - ME3 for XBox Pad]\Xpadder - ME3 for XBox Pad" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F7DE3DDE-C39D-4C4F-84E1-C348821DF5D1}] (...) -- F:\C.N.N\Capone -N- Noreaga - Best Of CNN-Thugged Da Fuck Out Gangsta .scr" -d F:\C.N.N -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F8679223-2D76-43ED-A38D-91821F0C15D1}] (...) -- F:\MEEK MILL 2012\MEEK MILL 2012 CD2 .scr" -d "F:\MEEK MILL 2012" -c \S (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FFE17394-37A9-4E33-8E57-58B4E4CEFF78}] (...) -- C:\FILMS\Foto d.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3377018707-1053510699-2633951545-1000Core [890]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3377018707-1053510699-2633951545-1000UA [912]
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O43 - CFD: 17/05/2014 - 22:50:22 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_E6C807F38EB64284_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_E6C807F38EB64284_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1-8-19-3_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1-8-19-3_RASMANCS
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}]
ShortcutFix
EmptyPrefetch
FirewallRAZ
Emptytemp
EmptyCLSID
--------------------------------------------------------------------------------------------
Lance ZHPFix à partir du raccourci sur ton Bureau (si tu es sous Windows Vista ou Windows 7 ou 8, fais le par un clic-droit --> Exécuter en tant qu'administrateur)
Cliquer sur le bouton Importer. Le contenu du Presse-papier vient se coller dans la zone de saisie de ZHPFix
NB (W8) : Dans certains cas le script se colle automatiquement dans la zone de script et ne nécessite pas de cliquer sur le bouton "IMPORTER".
* Clique sur le bouton GO pour lancer le nettoyage.
-> laisse travailler l'outil et ne touche à rien ...
-> S'il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !
Une fois terminé, un nouveau rapport s'affiche : poste le contenu de ce dernier dans ta prochaine réponse ...
Ce rapport est copié sur le bureau
( ce rapport est en outre sauvegardé dans ce dossier :
- Pour XP : C:\Documents and Settings\username\Local Settings\Application Data\ZHP
- Depuis Vista : C:\Users\username\AppData\Roaming\ZHP\ZHPFix [R1].txt)
@+
riadriadriad
Messages postés
55
Date d'inscription
vendredi 16 mai 2014
Statut
Membre
Dernière intervention
15 août 2014
2
30 mai 2014 à 00:02
30 mai 2014 à 00:02
bonsoir merci voici le rapport ZHPfix
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by R at 29/05/2014 23:55:06
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Corbeille vidée (00mn 02s)
Dossier Prefetcher vidé
Réparation des raccourcis navigateur
========== Logiciels ==========
ABSENT Uninstall Process: c:\program files\isafe\uninstall.exe
========== Processus mémoire ==========
SUPPRIMÉ Redémarrage: Memory Process: C:\Program Files\iSafe\iSafeSvc.exe
SUPPRIMÉ Redémarrage: Memory Process: C:\Program Files\iSafe\iSafeSvc2.exe
SUPPRIMÉ Redémarrage: Memory Process: C:\Program Files\iSafe\iSafeTray.exe
SUPPRIMÉ Redémarrage: Memory Process: C:\Program Files\iSafe\dup.exe
========== Etat des services ==========
ISAFEKRNL Arrêté
ISAFEKRNLKIT Arrêté
ISAFENETFILTER Arrêté
========== Clés du Registre ==========
SUPPRIMÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
SUPPRIMÉ:³ Service: iSafeService
SUPPRIMÉ: HKLM\Software\SupDp
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\FreeHDSport TV-codedownloader_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\FreeHDSport TV-codedownloader_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_3004-9b951bb3_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_3004-9b951bb3_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Iminent_0102-0d89a395_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Iminent_0102-0d89a395_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\privitize_1_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\privitize_1_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\silent_pricora_deltaArgs_FR_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\silent_pricora_deltaArgs_FR_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\tiger savings-bg_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\tiger savings-bg_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings-InternalInstaller_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings-InternalInstaller_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\wajam_1005-ab9801d8_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\wajam_1005-ab9801d8_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASMANCS
SUPPRIMÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\iSafeService
SUPPRIMÉ: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271167}
SUPPRIMÉ: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271167}
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_E6C807F38EB64284_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_E6C807F38EB64284_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1-8-19-3_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1-8-19-3_RASMANCS
SUPPRIMÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
========== Valeurs du Registre ==========
SUPPRIMÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
Aucune Valeur Standard Profile: FirewallRaz :
Aucune Valeur Domain Profile: FirewallRaz :
Aucune valeur présente dans la clé d'exception du registre (FirewallRaz)
========== Dossiers ==========
Aucun dossiers CLSID Local utilisateur vide
========== Fichiers ==========
SUPPRIMÉ Redémarrage: c:\program files\isafe\isafesvc.exe
SUPPRIMÉ: c:\windows\system32\drivers\isafekrnlboot.sys
SUPPRIMÉ: c:\windows\prefetch\isafeupdate.exe-ac49d6ed.pf
SUPPRIMÉ: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-3377018707-1053510699-2633951545-1000core
SUPPRIMÉ: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-3377018707-1053510699-2633951545-1000ua
SUPPRIMÉS Temporaires Windows (23) (2 006 364 octets)
========== Tache planifiée ==========
SUPPRIMÉ: 4263
SUPPRIMÉ: {0268846C-CF5B-4FF2-AA96-79821C91358B}
SUPPRIMÉ: {059FC84D-15F5-49B7-A945-4424520A1F08}
SUPPRIMÉ: {0632E93B-B197-41FE-A547-65B7C55A1E99}
SUPPRIMÉ: {0F2113D7-57E5-42AA-B602-1B4BC45852CC}
SUPPRIMÉ: {19F6DF62-5913-4536-9287-6F52829F6474}
SUPPRIMÉ: {27BB4469-B94F-42FA-91E0-B177961632BA}
SUPPRIMÉ: {5499940C-5A17-4FF9-9FB4-4E7252498765}
SUPPRIMÉ: {5736EF8C-FEA7-4F14-870C-E3DEE48C4CA6}
SUPPRIMÉ: {577DC5E1-227D-4ACA-A029-3D29102A8525}
SUPPRIMÉ: {5A3AD36C-7E4A-4FD0-845C-A79E1CC8BB9A}
SUPPRIMÉ: {5FFAF157-8908-4F3A-A8D9-1AD8EEDE713A}
SUPPRIMÉ: {82A17408-0960-42AA-99CC-54CCD78846D5}
SUPPRIMÉ: {8A1D324E-6619-44C8-B161-C9C6CF9FED30}
SUPPRIMÉ: {931EB41E-32FB-4336-93E0-BDE1C2FFD74F}
SUPPRIMÉ: {A67AC3E5-02EF-4128-ADF0-C45B893F36D2}
SUPPRIMÉ: {C9A5CA68-0021-4438-89B8-C40BF5D14F2D}
SUPPRIMÉ: {D21F3E81-4CCE-476D-87E7-A674DA393731}
SUPPRIMÉ: {F2624970-EC7A-409E-96FE-4E988D563836}
SUPPRIMÉ: {F7DE3DDE-C39D-4C4F-84E1-C348821DF5D1}
SUPPRIMÉ: {F8679223-2D76-43ED-A38D-91821F0C15D1}
SUPPRIMÉ: {FFE17394-37A9-4E33-8E57-58B4E4CEFF78}
========== Récapitulatif ==========
4 : Processus mémoire
55 : Clés du Registre
4 : Valeurs du Registre
1 : Dossiers
6 : Fichiers
1 : Logiciels
3 : Etat des services
22 : Tache planifiée
End of clean in 04mn 15s
========== Chemin de fichier rapport ==========
C:\Users\R\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/05/2014 23:18:26 [579]
C:\Users\R\AppData\Roaming\ZHP\ZHPFix[R2].txt - 24/05/2014 23:18:59 [840]
C:\Users\R\AppData\Roaming\ZHP\ZHPFix[R3].txt - 24/05/2014 23:19:08 [894]
C:\Users\R\AppData\Roaming\ZHP\ZHPFix[R4].txt - 29/05/2014 23:55:10 [7491]
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by R at 29/05/2014 23:55:06
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Corbeille vidée (00mn 02s)
Dossier Prefetcher vidé
Réparation des raccourcis navigateur
========== Logiciels ==========
ABSENT Uninstall Process: c:\program files\isafe\uninstall.exe
========== Processus mémoire ==========
SUPPRIMÉ Redémarrage: Memory Process: C:\Program Files\iSafe\iSafeSvc.exe
SUPPRIMÉ Redémarrage: Memory Process: C:\Program Files\iSafe\iSafeSvc2.exe
SUPPRIMÉ Redémarrage: Memory Process: C:\Program Files\iSafe\iSafeTray.exe
SUPPRIMÉ Redémarrage: Memory Process: C:\Program Files\iSafe\dup.exe
========== Etat des services ==========
ISAFEKRNL Arrêté
ISAFEKRNLKIT Arrêté
ISAFENETFILTER Arrêté
========== Clés du Registre ==========
SUPPRIMÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]
SUPPRIMÉ:³ Service: iSafeService
SUPPRIMÉ: HKLM\Software\SupDp
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\FreeHDSport TV-codedownloader_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\FreeHDSport TV-codedownloader_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_3004-9b951bb3_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_3004-9b951bb3_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Iminent_0102-0d89a395_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Iminent_0102-0d89a395_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\privitize_1_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\privitize_1_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\silent_pricora_deltaArgs_FR_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\silent_pricora_deltaArgs_FR_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\tiger savings-bg_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\tiger savings-bg_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings-InternalInstaller_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings-InternalInstaller_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Tiger Savings_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\TornTV_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\wajam_1005-ab9801d8_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\wajam_1005-ab9801d8_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASMANCS
SUPPRIMÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\iSafeService
SUPPRIMÉ: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271167}
SUPPRIMÉ: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271167}
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_download_signed_6_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_E6C807F38EB64284_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_E6C807F38EB64284_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1-8-19-3_RASAPI32
SUPPRIMÉ: HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1-8-19-3_RASMANCS
SUPPRIMÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
========== Valeurs du Registre ==========
SUPPRIMÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
Aucune Valeur Standard Profile: FirewallRaz :
Aucune Valeur Domain Profile: FirewallRaz :
Aucune valeur présente dans la clé d'exception du registre (FirewallRaz)
========== Dossiers ==========
Aucun dossiers CLSID Local utilisateur vide
========== Fichiers ==========
SUPPRIMÉ Redémarrage: c:\program files\isafe\isafesvc.exe
SUPPRIMÉ: c:\windows\system32\drivers\isafekrnlboot.sys
SUPPRIMÉ: c:\windows\prefetch\isafeupdate.exe-ac49d6ed.pf
SUPPRIMÉ: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-3377018707-1053510699-2633951545-1000core
SUPPRIMÉ: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-3377018707-1053510699-2633951545-1000ua
SUPPRIMÉS Temporaires Windows (23) (2 006 364 octets)
========== Tache planifiée ==========
SUPPRIMÉ: 4263
SUPPRIMÉ: {0268846C-CF5B-4FF2-AA96-79821C91358B}
SUPPRIMÉ: {059FC84D-15F5-49B7-A945-4424520A1F08}
SUPPRIMÉ: {0632E93B-B197-41FE-A547-65B7C55A1E99}
SUPPRIMÉ: {0F2113D7-57E5-42AA-B602-1B4BC45852CC}
SUPPRIMÉ: {19F6DF62-5913-4536-9287-6F52829F6474}
SUPPRIMÉ: {27BB4469-B94F-42FA-91E0-B177961632BA}
SUPPRIMÉ: {5499940C-5A17-4FF9-9FB4-4E7252498765}
SUPPRIMÉ: {5736EF8C-FEA7-4F14-870C-E3DEE48C4CA6}
SUPPRIMÉ: {577DC5E1-227D-4ACA-A029-3D29102A8525}
SUPPRIMÉ: {5A3AD36C-7E4A-4FD0-845C-A79E1CC8BB9A}
SUPPRIMÉ: {5FFAF157-8908-4F3A-A8D9-1AD8EEDE713A}
SUPPRIMÉ: {82A17408-0960-42AA-99CC-54CCD78846D5}
SUPPRIMÉ: {8A1D324E-6619-44C8-B161-C9C6CF9FED30}
SUPPRIMÉ: {931EB41E-32FB-4336-93E0-BDE1C2FFD74F}
SUPPRIMÉ: {A67AC3E5-02EF-4128-ADF0-C45B893F36D2}
SUPPRIMÉ: {C9A5CA68-0021-4438-89B8-C40BF5D14F2D}
SUPPRIMÉ: {D21F3E81-4CCE-476D-87E7-A674DA393731}
SUPPRIMÉ: {F2624970-EC7A-409E-96FE-4E988D563836}
SUPPRIMÉ: {F7DE3DDE-C39D-4C4F-84E1-C348821DF5D1}
SUPPRIMÉ: {F8679223-2D76-43ED-A38D-91821F0C15D1}
SUPPRIMÉ: {FFE17394-37A9-4E33-8E57-58B4E4CEFF78}
========== Récapitulatif ==========
4 : Processus mémoire
55 : Clés du Registre
4 : Valeurs du Registre
1 : Dossiers
6 : Fichiers
1 : Logiciels
3 : Etat des services
22 : Tache planifiée
End of clean in 04mn 15s
========== Chemin de fichier rapport ==========
C:\Users\R\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/05/2014 23:18:26 [579]
C:\Users\R\AppData\Roaming\ZHP\ZHPFix[R2].txt - 24/05/2014 23:18:59 [840]
C:\Users\R\AppData\Roaming\ZHP\ZHPFix[R3].txt - 24/05/2014 23:19:08 [894]
C:\Users\R\AppData\Roaming\ZHP\ZHPFix[R4].txt - 29/05/2014 23:55:10 [7491]
riadriadriad
Messages postés
55
Date d'inscription
vendredi 16 mai 2014
Statut
Membre
Dernière intervention
15 août 2014
2
30 mai 2014 à 02:26
30 mai 2014 à 02:26
re
j ai eu du mal mais c est fait !
j ai eu du mal mais c est fait !
riadriadriad
Messages postés
55
Date d'inscription
vendredi 16 mai 2014
Statut
Membre
Dernière intervention
15 août 2014
2
30 mai 2014 à 02:27
30 mai 2014 à 02:27
ensuite ? bon repos , a demain j 'espère ,merci !
Utilisateur anonyme
30 mai 2014 à 02:29
30 mai 2014 à 02:29
Re
On nettoie et finalise
1) Vide la quarantaine de Malwaresbytes
2) Télécharge DelFix de Xplode
Lance le.
Tu as 5 choix :
Réactiver l'UAC
Supprimer les outils de désinfection (cocher par défaut)
Effectuer une sauvegarde du registre
Purger la restauration de système
Réinitialisation des paramètres usine
Tu coches ceux qui sont en gras
et tu exécutes
Le rapport se trouve ici généralement
C:\DelFix.txt
Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html
@+
On nettoie et finalise
1) Vide la quarantaine de Malwaresbytes
2) Télécharge DelFix de Xplode
Lance le.
Tu as 5 choix :
Réactiver l'UAC
Supprimer les outils de désinfection (cocher par défaut)
Effectuer une sauvegarde du registre
Purger la restauration de système
Réinitialisation des paramètres usine
Tu coches ceux qui sont en gras
et tu exécutes
Le rapport se trouve ici généralement
C:\DelFix.txt
Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html
@+
riadriadriad
Messages postés
55
Date d'inscription
vendredi 16 mai 2014
Statut
Membre
Dernière intervention
15 août 2014
2
30 mai 2014 à 22:10
30 mai 2014 à 22:10
re
c est fait , voila le rapport
# DelFix v10.7 - Rapport créé le 30/05/2014 à 22:08:40
# Mis à jour le 27/04/2014 par Xplode
# Nom d'utilisateur : R - R-PC
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (32 bits)
~ Suppression des outils de désinfection ...
Supprimé : C:\USBFix
Supprimé : C:\AdwCleaner
Supprimé : C:\Users\R\AppData\Roaming\ZHP
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Supprimé : C:\Program Files\ZHPDiag
Supprimé : C:\PhysicalDisk0_MBR.bin
Supprimée : HKLM\SOFTWARE\AdwCleaner
Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
########## - EOF - ##########
c est fait , voila le rapport
# DelFix v10.7 - Rapport créé le 30/05/2014 à 22:08:40
# Mis à jour le 27/04/2014 par Xplode
# Nom d'utilisateur : R - R-PC
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (32 bits)
~ Suppression des outils de désinfection ...
Supprimé : C:\USBFix
Supprimé : C:\AdwCleaner
Supprimé : C:\Users\R\AppData\Roaming\ZHP
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Supprimé : C:\Program Files\ZHPDiag
Supprimé : C:\PhysicalDisk0_MBR.bin
Supprimée : HKLM\SOFTWARE\AdwCleaner
Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
########## - EOF - ##########
riadriadriad
Messages postés
55
Date d'inscription
vendredi 16 mai 2014
Statut
Membre
Dernière intervention
15 août 2014
2
30 mai 2014 à 22:11
30 mai 2014 à 22:11
ok je vais voir dans le forum sécurité
riadriadriad
Messages postés
55
Date d'inscription
vendredi 16 mai 2014
Statut
Membre
Dernière intervention
15 août 2014
2
30 mai 2014 à 22:12
30 mai 2014 à 22:12
merci beaucoup
riadriadriad
Messages postés
55
Date d'inscription
vendredi 16 mai 2014
Statut
Membre
Dernière intervention
15 août 2014
2
31 mai 2014 à 22:05
31 mai 2014 à 22:05
re .
ok et j ai un nouveau problème c est que ma connexion lorsque je téléchrge des mises a jour se met en pause et reprend automatiquement toutes les 30 secondes et ca me déconnecte et reconnecte a origin tout seul , ca devien interminable (4heures ) pou télécherger une mise a jour de 569 Mo ,qui devrait prendre 30 minutes . cela c est depuis que j ai télécharger tous ces mini logiciels , y a t il un moyen d accélerer et retrouvr mon ancien débit ?
ok et j ai un nouveau problème c est que ma connexion lorsque je téléchrge des mises a jour se met en pause et reprend automatiquement toutes les 30 secondes et ca me déconnecte et reconnecte a origin tout seul , ca devien interminable (4heures ) pou télécherger une mise a jour de 569 Mo ,qui devrait prendre 30 minutes . cela c est depuis que j ai télécharger tous ces mini logiciels , y a t il un moyen d accélerer et retrouvr mon ancien débit ?
riadriadriad
Messages postés
55
Date d'inscription
vendredi 16 mai 2014
Statut
Membre
Dernière intervention
15 août 2014
2
31 mai 2014 à 22:11
31 mai 2014 à 22:11
la connexion a origin s interrompe tout les 20 secondes ,et pas du gestionnaire de connexion sfr
riadriadriad
Messages postés
55
Date d'inscription
vendredi 16 mai 2014
Statut
Membre
Dernière intervention
15 août 2014
2
31 mai 2014 à 22:14
31 mai 2014 à 22:14
dés je clic 2 fois de suite, windows explorer ne répond pas , ou origin origin] ne réponds pas , voulez vous fermer le programme et la fenètre devien flou blanche et le curseur cherge pendants trop de temps ,ca beug trop
Utilisateur anonyme
1 juin 2014 à 08:04
1 juin 2014 à 08:04
Bonjour
Tu ouvres un nouveau sujet dans le forum adéquat
Merci
@+
Tu ouvres un nouveau sujet dans le forum adéquat
Merci
@+