Le serveur proxy ne répond pas sous windows 8
zumba33
Messages postés
18
Statut
Membre
-
lilidurhone Messages postés 48926 Date d'inscription Statut Contributeur sécurité Dernière intervention -
lilidurhone Messages postés 48926 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour...?!!
a chaque fois que je veux me connecter sur internet j' ai un message me disant que le serveur proxy ne répond pas. Je décoche la case et quand je retourne sur internet la case est recoché. Comment résoudre le problème? Merci
A voir également:
- Le serveur proxy ne répond pas sous windows 8
- Clé windows 8 - Guide
- Windows ne démarre pas - Guide
- Changer serveur dns - Guide
- Montage video gratuit windows - Guide
- Windows movie maker - Télécharger - Montage & Édition
19 réponses
* Télécharge sur le bureau RogueKiller
* Quitte tous tes programmes en cours.
* Sous Vista/Seven et windows 8 , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, puis clique sur le bouton Scan
* Un rapport RKreport.txt a du se créer sur le bureau, poste-le en l'hébergeant sur cjoint
* Pour t'aider https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
Note : Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.
* Quitte tous tes programmes en cours.
* Sous Vista/Seven et windows 8 , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, puis clique sur le bouton Scan
* Un rapport RKreport.txt a du se créer sur le bureau, poste-le en l'hébergeant sur cjoint
* Pour t'aider https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
Note : Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.
je ne peux pas aller sur internet pour télécharger donc comment je fais pour télécharger roguekiller
Avec un autre ordinateur?
Sinon il faut supprimer le proxy
Tu as installé un programme dernièrement?
Sinon il faut supprimer le proxy
Tu as installé un programme dernièrement?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
j'ai le rapport RKrepport.txt sur l'ordi malade, est ce que je peut le poster sur cjoint avec l'autre ordi?
...
Tu héberges le rapport sur cjoint et tu postes le lien donné par cjoint
Tu héberges le rapport sur cjoint et tu postes le lien donné par cjoint
RogueKiller V9.2.4.0 [Jul 11 2014] par Adlice Software
Mail : https://www.adlice.com/contact/
Remontées : https://forum.adlice.com/
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : https://www.adlice.com/
Système d'exploitation : Windows 8 (6.2.9200 ) 64 bits version
Démarrage : Mode normal
Utilisateur : karine [Droits d'admin]
Mode : Suppression -- Date : 07/29/2014 10:40:57
¤¤¤ Processus malicieux : 2 ¤¤¤
[Suspicious.Path] (SVC) BHDrvx64 -- \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140121.001\BHDrvx64.sys[7] -> ERROR [41c]
[Suspicious.Path] (SVC) IDSVia64 -- \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140207.001\IDSvia64.sys[7] -> ERROR [41c]
¤¤¤ Entrées de registre : 28 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BHDrvx64 -> NON SELECTIONNÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IDSVia64 -> NON SELECTIONNÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVENG -> NON SELECTIONNÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVEX15 -> NON SELECTIONNÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BHDrvx64 -> NON SELECTIONNÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDSVia64 -> NON SELECTIONNÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVENG -> NON SELECTIONNÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVEX15 -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-12059798-445784377-1546886579-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-12059798-445784377-1546886579-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:52401;https=127.0.0.1:52401 -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:52401;https=127.0.0.1:52401 -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-12059798-445784377-1546886579-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:52401;https=127.0.0.1:52401 -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-12059798-445784377-1546886579-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:52401;https=127.0.0.1:52401 -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:52401;https=127.0.0.1:52401 -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:52401;https=127.0.0.1:52401 -> NON SELECTIONNÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NON SELECTIONNÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NON SELECTIONNÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NON SELECTIONNÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NON SELECTIONNÉ
¤¤¤ Tâches planifiées : 1 ¤¤¤
[Suspicious.Path] \\EPUpdater -- C:\Users\karine\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe -> SUPPRIMÉ
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: NON CHARGE [0xc000036b]) ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVT-60A1YT0 +++++
--- User ---
[MBR] b6a5b19c9119be7850116df19286ac72
[BSP] 52bd98af05b34ef3fe2da1318cb9b3b9 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 953869 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: USB Flash Drive USB Device +++++
--- User ---
[MBR] 06f7752e1c2f82b620fa822b571eece7
[BSP] 24bd36b8e24ec6cc73130a6de0b28848 : Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 63 | Size: 3943 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
============================================
RKreport_SCN_07292014_104007.log
Mail : https://www.adlice.com/contact/
Remontées : https://forum.adlice.com/
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : https://www.adlice.com/
Système d'exploitation : Windows 8 (6.2.9200 ) 64 bits version
Démarrage : Mode normal
Utilisateur : karine [Droits d'admin]
Mode : Suppression -- Date : 07/29/2014 10:40:57
¤¤¤ Processus malicieux : 2 ¤¤¤
[Suspicious.Path] (SVC) BHDrvx64 -- \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140121.001\BHDrvx64.sys[7] -> ERROR [41c]
[Suspicious.Path] (SVC) IDSVia64 -- \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140207.001\IDSvia64.sys[7] -> ERROR [41c]
¤¤¤ Entrées de registre : 28 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BHDrvx64 -> NON SELECTIONNÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IDSVia64 -> NON SELECTIONNÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVENG -> NON SELECTIONNÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NAVEX15 -> NON SELECTIONNÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BHDrvx64 -> NON SELECTIONNÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDSVia64 -> NON SELECTIONNÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVENG -> NON SELECTIONNÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVEX15 -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-12059798-445784377-1546886579-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-12059798-445784377-1546886579-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:52401;https=127.0.0.1:52401 -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:52401;https=127.0.0.1:52401 -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-12059798-445784377-1546886579-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:52401;https=127.0.0.1:52401 -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-12059798-445784377-1546886579-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:52401;https=127.0.0.1:52401 -> NON SELECTIONNÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:52401;https=127.0.0.1:52401 -> NON SELECTIONNÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:52401;https=127.0.0.1:52401 -> NON SELECTIONNÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NON SELECTIONNÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NON SELECTIONNÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NON SELECTIONNÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NON SELECTIONNÉ
¤¤¤ Tâches planifiées : 1 ¤¤¤
[Suspicious.Path] \\EPUpdater -- C:\Users\karine\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe -> SUPPRIMÉ
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: NON CHARGE [0xc000036b]) ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVT-60A1YT0 +++++
--- User ---
[MBR] b6a5b19c9119be7850116df19286ac72
[BSP] 52bd98af05b34ef3fe2da1318cb9b3b9 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 953869 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: USB Flash Drive USB Device +++++
--- User ---
[MBR] 06f7752e1c2f82b620fa822b571eece7
[BSP] 24bd36b8e24ec6cc73130a6de0b28848 : Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 63 | Size: 3943 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
============================================
RKreport_SCN_07292014_104007.log
je l'ai fait plusieurs fois j'ai supprimé ce qu'il a détecté et j'ai toujours le même message que le serveur proxy ne répond donc pas de connexion
* Télécharge ZHPDiag (de Nicolas Coolman)
https://nicolascoolman.eu ou https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
* Au cas où le premier lien ne marcherai pas, clique sur celui de dessous
ftp://zebulon.fr/ZHPDiag2.exe
* Double clic si tu es sous windows xp(sinon clic droit afin de l'exécuter en tant qu'admin à partir de Vista)
* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
* Surtout, n'oublie pas d'installer son icône sur le bureau l'icône est en forme de parchemin
https://www.cjoint.com/13sp/CIvuQfap3YY_zhpdiag.png
* A l'ouverture du logiciel il te sera proposé 3 options "rechercher", "configurer" et complet
* Cliques sur "complet"
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Pour héberger le rapport, rends toi sur cjoint.com
* Clique sur choisissez un fichier va chercher le rapport dans ton PC.
* Le rapport est hébergé:
- Pour XP : C:\Documents and Settings\username\Local Settings\Application Data\ZHP
- Depuis Vista : C:\Users\username\AppData\Roaming\ZHP
* Une fois le rapport trouvé, sélectionne le, et clique sur Ouvrir
* Choisis le type de diffusion (illimitée ou 21 jours)
* Puis cliques sur créer le lien cjoint
* Une fois que tu auras obtenu le lien copies colle dans ta prochaine réponse
* Pour t'aider https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
https://nicolascoolman.eu ou https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
* Au cas où le premier lien ne marcherai pas, clique sur celui de dessous
ftp://zebulon.fr/ZHPDiag2.exe
* Double clic si tu es sous windows xp(sinon clic droit afin de l'exécuter en tant qu'admin à partir de Vista)
* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
* Surtout, n'oublie pas d'installer son icône sur le bureau l'icône est en forme de parchemin
https://www.cjoint.com/13sp/CIvuQfap3YY_zhpdiag.png
* A l'ouverture du logiciel il te sera proposé 3 options "rechercher", "configurer" et complet
* Cliques sur "complet"
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Pour héberger le rapport, rends toi sur cjoint.com
* Clique sur choisissez un fichier va chercher le rapport dans ton PC.
* Le rapport est hébergé:
- Pour XP : C:\Documents and Settings\username\Local Settings\Application Data\ZHP
- Depuis Vista : C:\Users\username\AppData\Roaming\ZHP
* Une fois le rapport trouvé, sélectionne le, et clique sur Ouvrir
* Choisis le type de diffusion (illimitée ou 21 jours)
* Puis cliques sur créer le lien cjoint
* Une fois que tu auras obtenu le lien copies colle dans ta prochaine réponse
* Pour t'aider https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
~ Rapport de ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014)
~ Lancé par karine (29/07/2014 17:53:36)
~ Adresse du Site Web https://nicolascoolman.eu
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Désactivée par l'utilisateur
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.17028 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : D667T
Windows License : OK
~ Windows Remaining Initializations Number : 998
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2021
Windows Defender W8 (Deactivate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3988 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 862 GB (95%) free of 907 GB
---\\ Mode de connexion au système
~ Computer Name: KILLIAN
~ User Name: karine
~ All Users Names: pouna_000, karine, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\karine\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\karine\AppData\Roaming\
~ %Desktop% : C:\Users\karine\Desktop\
~ %Favorites% : C:\Users\karine\Favorites\
~ %LocalAppData% : C:\Users\karine\AppData\Local\
~ %StartMenu% : C:\Users\karine\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 862 Go of 907 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 24 Go)
E: CD-ROM drive (Free 0 Go of 2 Go)
F: Floppy drive, Flash card reader, USB Key (Free 0 Go of 4 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: 41 Scanned in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.27E552632E6394DE0FA555EFDBA29A49] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.19/06/2014 - 03:12:11.) -- C:\Windows\System32\wininet.dll [2239488]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.12/04/2014 - 10:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.FE7FB9612D354EB41DF4F0FF5D6FB259] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.29/05/2014 - 23:24:46.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.16/01/2014 - 00:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.58CC013EFA9893057160EDA018D8ADCE] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.15/07/2014 - 23:51:05.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.27/02/2014 - 00:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/01/2014 - 04:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/788
~ Mes musiques (My Musics) : 1/73
Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 1/33
~ Mes Documents (My Documents) : 2/1429
~ Mon Bureau (My Desktop) : 1/5
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 03s
---\\ Processus lancés
[MD5.6E0A993681A809FB61B2BF0D1959AAA4] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416] [PID.4668]
[MD5.A4C34F9AAE33EC99D8ED5299F856C9D8] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224] [PID.4848]
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.4900]
[MD5.0E33C03867675B923DCAF0A36DD646CA] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304] [PID.4912]
[MD5.4E9AF25BA5E8219310E384AEA5B0EED8] - (.CyberLink - CyberLink MediaLibrary Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576] [PID.508]
[MD5.434FEE6FF661DCABADB69E55E0747494] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312] [PID.2944]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8071680] [PID.6924]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.30514.0.) -- c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\karine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
~ Firefox Browser: 2 Scanned in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (10.00.9200.16384 (win8_rtm.120725-1247)) -- C:\Windows\SysWOW64\ieframe.dll
R3 - URLSearchHook: (no name) [64Bits] - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
~ IE Browser: 18 Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:52401;https=127.0.0.1:52401 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) [64Bits] - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} Clé orpheline
O2 - BHO: avast! Online Security [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: HP Network Check Helper [64Bits] - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} . (.Hewlett-Packard - HP Network Check IE Plug-in.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: buenosearch Helper Object [64Bits] - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} . (.Montiera Technologies LTD - Pas de description.) -- C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll =>PUP.BuenoSearch
~ BHO: 6 Scanned in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\karine\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Service] . (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
O4 - HKLM\..\Wow6432Node\Run: [AccelerometerSysTrayApplet] . (.Hewlett-Packard Company - Hp Accelerometer System Tray.) -- C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_200] Clé orpheline =>Adware.FreeSoftToday
O4 - HKUS\S-1-5-21-12059798-445784377-1546886579-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\karine\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-12059798-445784377-1546886579-1001\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
~ Application: Scanned in 00mn 00s
---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll =>.Microsoft Corporation
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll
~ Winsock: 7 Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1EDE93F-8AA4-4758-8EEF-DB2FBB2ADF77}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D1EDE93F-8AA4-4758-8EEF-DB2FBB2ADF77}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SW-Booster\Assistant_x64.dll (.not file.) =>PUP.SafeWeb
~ AppInit DLL: Scanned in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Andrea RT Filters Service (AERTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service (CyberLink PowerDVD 12 Media Server Monitor Service) . (.CyberLink - CyberLink Media Server Monitor Service.) - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service (CyberLink PowerDVD 12 Media Server Service) . (.CyberLink - CyberLink Media Server Service.) - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: HP Support Assistant Service (HP Support Assistant Service) . (.Hewlett-Packard Company - HP Support Assistant Service.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
O23 - Service: oem16.inf (hpsrv) . (.Hewlett-Packard Company - HpService.) - C:\Windows\System32\Hpservice.exe
O23 - Service: HPWMISVC (HPWMISVC) . (.Hewlett-Packard Development Company, L.P. - HP WMI Service.) - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation - Intel(R) Capability Licensing Service Inter.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service (Intel(R) ME Service) . (.Intel Corporation - Intel(R) ME Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Realtek Audio Service (RtkAudioService) . (.Realtek Semiconductor - Realtek Audio Service.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: Software Update Service (supdate) (supdate) . (.Boxore OU. - Programme d'installation de Software.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
O23 - Service: Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Wajam Internet Enhancer Service (Wajam Internet Enhancer Service) . (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer Service.) - C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.Wajam
~ Services: 18 Scanned in 00mn 17s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Advanced System Protector] (...) -- C:\Program Files (x86)\RegClean Pro\SystweakASP.exe (.not file.) [0] =>PUP.AdvancedSystemProtector
[MD5.1AD8512A5C40AD1A0558498D8E0AC2AA] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [808448]
[MD5.4E9AF25BA5E8219310E384AEA5B0EED8] [APT] [CLMLSvc_P2G8] (.CyberLink.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576]
[MD5.227E138E4A6D8D3A1CC9C3EA0D1874A5] [APT] [CLVDLauncher] (.CyberLink Corp..) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [339008]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001Core] (.Facebook Inc..) -- C:\Users\karine\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001UA] (.Facebook Inc..) -- C:\Users\karine\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.AF51D4FE088A3EFA5303B36FFFD0581B] [APT] [HPCeeScheduleForkarine] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [91704]
[MD5.251A1AED2D4A26A47C0A4A3058AAE4A8] [APT] [SoftwareUpdateTaskMachineCore] (.Boxore OU..) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [139576] =>Adware.Boxore
[MD5.251A1AED2D4A26A47C0A4A3058AAE4A8] [APT] [SoftwareUpdateTaskMachineUA] (.Boxore OU..) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [139576] =>Adware.Boxore
[MD5.98384182AC896D4F660B60F9D69412AF] [APT] [Synaptics TouchPad Enhancements] (.Synaptics Incorporated.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808]
[MD5.434FEE6FF661DCABADB69E55E0747494] [APT] [HP CoolSense Start at Logon] (.Hewlett-Packard Development Company, L.P..) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312]
[MD5.A0677631EEBDC81B2C30025C1133D7C5] [APT] [HP Support Assistant Quick Start] (.Hewlett-Packard Company.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [541496]
[MD5.A0677631EEBDC81B2C30025C1133D7C5] [APT] [PC Health Analysis] (.Hewlett-Packard Company.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [541496]
[MD5.16F1F09240540D9409DA192839C9D786] [APT] [Update Check] (.Hewlett-Packard Company.) -- C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [630584]
[MD5.701C65A8DF4B7663FFA4A1032598DFE9] [APT] [WarrantyChecker] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1586392]
[MD5.701C65A8DF4B7663FFA4A1032598DFE9] [APT] [WarrantyChecker_DeviceScan] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1586392]
O39 - APT: - (..) -- C:\Windows\Tasks\AutoKMS.job [282] =>Trojan.Keygen
O39 - APT: FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001Core.job [926]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001Core [926]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001UA.job [948]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001UA [948]
O39 - APT: HPCeeScheduleForkarine - (.Hewlett-Packard.) -- C:\Windows\Tasks\HPCeeScheduleForkarine.job [352]
O39 - APT: HPCeeScheduleForkarine - (.Hewlett-Packard.) -- C:\Windows\System32\Tasks\HPCeeScheduleForkarine [352]
O39 - APT: SoftwareUpdateTaskMachineCore - (.Boxore OU..) -- C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [1098] =>Adware.Boxore
O39 - APT: SoftwareUpdateTaskMachineCore - (.Boxore OU..) -- C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore [1098] =>Adware.Boxore
O39 - APT: SoftwareUpdateTaskMachineUA - (.Boxore OU..) -- C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [1102] =>Adware.Boxore
O39 - APT: SoftwareUpdateTaskMachineUA - (.Boxore OU..) -- C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA [1102] =>Adware.Boxore
~ Scheduled Task: 25 Scanned in 00mn 03s
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\System32\mscories.dll
~ Active Setup: 9 Scanned in 00mn 00s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (aswRdr) . (.AVAST Software - avast! WFP Redirect Driver.) - C:\Windows\system32\drivers\aswRdr2.sys
O41 - Driver: (aswSnx) . (.AVAST Software - avast! Virtualization Driver.) - C:\Windows\system32\drivers\aswSnx.sys
O41 - Driver: (aswSP) . (.AVAST Software - avast! self protection module.) - C:\Windows\system32\drivers\aswSP.sys
O41 - Driver: (BasicDisplay) . (.Microsoft Corporation - Microsoft Basic Display Driver.) - C:\Windows\system32\drivers\BasicDisplay.sys
O41 - Driver: (BasicRender) . (.Microsoft Corporation - Microsoft Basic Render Driver.) - C:\Windows\system32\drivers\BasicRender.sys
O41 - Driver: cdrom.inf (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: (CLVirtualDrive) . (.CyberLink - It is a virtual device driver which could c.) - C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
O41 - Driver: C:\Windows\System32\drivers\dam.sys (dam) . (.Microsoft Corporation - DAM Kernel Driver.) - C:\Windows\System32\drivers\dam.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (Dfsc) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: mssmbios.inf (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: netnb.inf (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: npsvctrig.inf (npsvctrig) . (.Microsoft Corporation - Named pipe service triggers.) - C:\Windows\system32\drivers\npsvctrig.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: C:\Windows\System32\drivers\vwififlt.sys (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\system32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
~ Drivers: 42 Scanned in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: 7-Zip 9.20 (x64 edition) - (.Igor Pavlov.) [HKLM][64Bits] -- {23170F69-40C1-2702-0920-000001000000}
O42 - Logiciel: Adobe Shockwave Player 12.0 - (.Adobe Systems, Inc..) [HKLM][64Bits] -- Adobe Shockwave Player
O42 - Logiciel: Aloha TriPeaks - (.WildTangent.) [HKLM][64Bits] -- WTA-2117b5c8-3ece-4412-9662-b970a3373621
O42 - Logiciel: Bejeweled 3 - (.WildTangent.) [HKLM][64Bits] -- WTA-1a2b6c36-ef16-448a-817f-c07d02079bfa
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM][64Bits] -- {6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {F847B70A-FC29-4B82-872E-58F2CE9DEE09} =>Adware.Boxore
O42 - Logiciel: Build-a-lot - (.WildTangent.) [HKLM][64Bits] -- WTA-1c0463bb-f819-402f-bd3d-3eb2f91a5c79
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {AF312B06-5C5C-468E-89B3-BE6DE2645722}
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}
O42 - Logiciel: Cradle of Rome 2 - (.WildTangent.) [HKLM][64Bits] -- WTA-0c6e07ec-6f4d-498f-a087-b7d4c1794be4
O42 - Logiciel: Crazy Chicken Soccer - (.WildTangent.) [HKLM][64Bits] -- WTA-9ba8d5f0-b99b-487e-b019-7a34c180af35
O42 - Logiciel: CyberLink LabelPrint - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
O42 - Logiciel: CyberLink LabelPrint - (.CyberLink Corp..) [HKLM][64Bits] -- {C59C179C-668D-49A9-B6EA-0121CCFC1243}
O42 - Logiciel: CyberLink Media Suite 10 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: CyberLink Media Suite 10 - (.CyberLink Corp..) [HKLM][64Bits] -- {1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: CyberLink Power2Go 8 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
O42 - Logiciel: CyberLink Power2Go 8 - (.CyberLink Corp..) [HKLM][64Bits] -- {2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
O42 - Logiciel: CyberLink PowerDVD 12 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
O42 - Logiciel: CyberLink PowerDVD 12 - (.CyberLink Corp..) [HKLM][64Bits] -- {B46BEA36-0B71-4A4E-AE41-87241643FA0A}
O42 - Logiciel: CyberLink PowerDirector 10 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}
O42 - Logiciel: CyberLink PowerDirector 10 - (.CyberLink Corp..) [HKLM][64Bits] -- {B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM][64Bits] -- {01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: Cyberlink PhotoDirector - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}
O42 - Logiciel: Cyberlink PhotoDirector - (.CyberLink Corp..) [HKLM][64Bits] -- {39337565-330E-4ab6-A9AE-AC81E0720B10}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: DisableMSDefender - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}
O42 - Logiciel: EZDownloader - (.EZDownloader.) [HKLM][64Bits] -- {0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
O42 - Logiciel: Energy Star - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}
O42 - Logiciel: Facebook Video Calling 2.0.0.447 - (.Skype Limited.) [HKLM][64Bits] -- {8DF41A9F-FE13-43E8-A003-5F9B55A011EE}
O42 - Logiciel: Farm Frenzy - (.WildTangent.) [HKLM][64Bits] -- WTA-9d5b9fad-c289-475d-8dc0-c68b47609a2f
O42 - Logiciel: Farming Simulator 2013 - (.GIANTS Software.) [HKLM][64Bits] -- FarmingSimulator2013INT_is1
O42 - Logiciel: Galerie de photos - (.Microsoft Corporation.) [HKLM][64Bits] -- {446CC8CE-0E90-44F7-ADD0-774B243EF090}
O42 - Logiciel: Governor of Poker 2 Premium Edition - (.WildTangent.) [HKLM][64Bits] -- WTA-4a353857-d8ff-417a-8a1a-3fcf172824fb
O42 - Logiciel: HP 3D DriveGuard - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {07F6DC37-0857-4B68-A675-4E35989E85E3}
O42 - Logiciel: HP Connected Music (Meridian - installer) - (.Meridian Audio Ltd.) [HKLM][64Bits] -- StartHPConnectedMusic
O42 - Logiciel: HP Connected Music (Meridian - player) - (.Meridian Audio Ltd.) [HKCU][64Bits] -- HPConnectedMusic
O42 - Logiciel: HP CoolSense - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {394B14EA-B072-4440-9510-87797CB12371}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM][64Bits] -- {07FA4960-B038-49EB-891B-9F95930AA544}
O42 - Logiciel: HP Documentation - (.Hewlett-Packard.) [HKLM][64Bits] -- {61245005-66F1-4001-AEE8-2E2D36F65C28}
O42 - Logiciel: HP Postscript Converter - (.Hewlett-Packard.) [HKLM][64Bits] -- {6E14E6D6-3175-4E1A-B934-CAB5A86367CD}
O42 - Logiciel: HP Quick Start - (.Hewlett-Packard.) [HKLM][64Bits] -- {B9494F9E-5EA9-4C70-9F38-659F5E6C0BF3}
O42 - Logiciel: HP Recovery Manager - (.Hewlett-Packard.) [HKLM][64Bits] -- {E849965E-4771-440C-936F-AF5BFD144416}
O42 - Logiciel: HP Registration Service - (.Hewlett-Packard.) [HKLM][64Bits] -- {D1E8F2D7-7794-4245-B286-87ED86C1893C}
O42 - Logiciel: HP Support Assistant - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {C88F84E5-AE23-44BD-922C-2ABEACACAF7A} =>.Hewlett-Packard Co
O42 - Logiciel: HP System Event Utility - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {F35EE4BC-95E1-4417-BA36-7C32FF24A59A}
O42 - Logiciel: HP Utility Center - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {A48BD764-CFDF-40A5-A07A-710908044F5D}
O42 - Logiciel: HP Wireless Button Driver - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {30B2D1D8-0A07-4B71-9553-0710C5D31E35}
O42 - Logiciel: Hewlett-Packard ACLM.NET v1.2.2.1 - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {6F340107-F9AA-47C6-B54C-C3A19F11553F}
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A}
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {409CB30E-E457-4008-9B1A-ED1B9EA21140}
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {E83FDB2A-C81C-403D-8FD3-A816A89AF80C}
O42 - Logiciel: Intel(R) SDK for OpenCL - CPU Only Runtime Package - (.Intel Corporation.) [HKLM][64Bits] -- {FCB3772C-B7D0-4933-B1A9-3707EBACC573}
O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM][64Bits] -- {FA00A3CC-7440-4938-A271-F186F50DD40D}
O42 - Logiciel: Jeux WildTangent - (.WildTangent.) [HKLM][64Bits] -- WildTangent wildgames Master Uninstall
O42 - Logiciel: Jewel Match 3 - (.WildTangent.) [HKLM][64Bits] -- WTA-5f6c5326-4a1b-40c9-9379-76dca831dbca
O42 - Logiciel: Jewel Quest II - (.WildTangent.) [HKLM][64Bits] -- WTA-472cffa8-c39f-41ed-a65a-081a1f381d94
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM][64Bits] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
O42 - Logiciel: MSVCRT110_amd64 - (.Microsoft.) [HKLM][64Bits] -- {E9FA781F-3E80-4399-825A-AD3E11C28C77}
O42 - Logiciel: Mahjongg Artifacts - (.WildTangent.) [HKLM][64Bits] -- WTA-c3415b63-bc95-42c5-bf79-623a46c610ac
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft SkyDrive - (.Microsoft Corporation.) [HKCU][64Bits] -- SkyDriveSetup.exe =>.Microsoft Corporation
O42 - Logiciel: Plants vs. Zombies - Game of the Year - (.WildTangent.) [HKLM][64Bits] -- WTA-4eac5f9e-33cb-48f5-bf50-7082a2214ff3
O42 - Logiciel: Polar Bowler - (.WildTangent.) [HKLM][64Bits] -- WTA-0d35afb2-fd0b-48e6-91f3-1421859673ac
O42 - Logiciel: REALTEK Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] -- {A5107464-AA9B-4177-8129-5FF2F42DD322}
O42 - Logiciel: Ranch Rush 2 - Premium Edition - (.WildTangent.) [HKLM][64Bits] -- WTA-3b956706-414a-427a-b545-4ac94ad99a1c
O42 - Logiciel: Realtek Card Reader - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F0A8BF4A-972F-41E0-9800-1EFE3BF28266}
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: SW-Sustainer 1.80 - (.Certified Publisher.) [HKLM][64Bits] -- {5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27} =>PUP.SafeWeb
O42 - Logiciel: Software Update Helper - (.Boxore OU..) [HKLM][64Bits] -- {006E6A46-8D55-4F10-BBA8-2C9653B4278B} =>Adware.Boxore
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM][64Bits] -- SynTPDeinstKey
O42 - Logiciel: Trinklit Supreme - (.WildTangent.) [HKLM][64Bits] -- WTA-9cd91b6b-19ac-4723-a1c9-0c8dec0e1c0e
O42 - Logiciel: Update Installer for WildTangent Games App - (.WildTangent.) [HKLM][64Bits] -- {2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
O42 - Logiciel: Vacation Quest(TM) - Australia - (.WildTangent.) [HKLM][64Bits] -- WTA-9b1b639f-3762-47cc-9c36-5d2e35040d4d
O42 - Logiciel: Virtual Families - (.WildTangent.) [HKLM][64Bits] -- WTA-d86f6409-6926-4cb1-a6f7-6cf823fd6790
O42 - Logiciel: Wajam - (.Wajam.) [HKLM][64Bits] -- Wajam =>PUP.Wajam
O42 - Logiciel: Wedding Dash - (.WildTangent.) [HKLM][64Bits] -- WTA-ec94ce70-d22f-41dc-a0c1-f667c0881864
O42 - Logiciel: WildTangent Games App (HP Games) - (.WildTangent.) [HKLM][64Bits] -- {70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp
O42 - Logiciel: Youda Jewel Shop - (.WildTangent.) [HKLM][64Bits] -- WTA-428c9521-9fd9-49ae-a121-f2ddd2a16d8e
O42 - Logiciel: Zuma's Revenge - (.WildTangent.) [HKLM][64Bits] -- WTA-99026cfc-1268-4b13-a543-e8d9f434036c
O42 - Logiciel: avast! Free Antivirus v9.0.2021 - (.AVAST Software.) [HKLM][64Bits] -- Avast
O42 - Logiciel: buenosearch toolbar - (.Montiera technologies LTD.) [HKLM][64Bits] -- buenosearch =>PUP.BuenoSearch
O42 - Logiciel: swMSM - (.Adobe Systems, Inc.) [HKLM][64Bits] -- {612C34C7-5E90-47D8-9B5C-0F717DD82726}
O42 - Logiciel: sysTPL - (.Tlapia.) [HKLM][64Bits] -- {4B74BC31-B353-4B8F-8CBE-DAB4FF326FF1}
~ Logic: 64 Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\7-Zip]
[HKCU\Software\AI_RecycleBin]
[HKCU\Software\AVAST Software]
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}]
[HKCU\Software\AppDataLow]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\Classes]
[HKCU\Software\CyberLink]
[HKCU\Software\Facebook]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\Intel]
[HKCU\Software\Lake]
[HKCU\Software\Licenses]
[HKCU\Software\Macromedia]
[HKCU\Software\Mine]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Norton]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\SkypeRS]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Symantec]
[HKCU\Software\Synaptics]
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Wajam] =>PUP.Wajam
[HKCU\Software\Wow6432Node]
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\buenosearch LTD] =>PUP.BuenoSearch
[HKCU\Software\globalUpdate]
[HKCU\Software\skype]
[HKCU\Software\sysTPL]
[HKCU\Software\systweak]
[HKLM\Software\7-Zip]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CyberLink]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Norton]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Synaptics]
[HKLM\Software\Wow6432Node\AVAST Software]
[HKLM\Software\Wow6432Node\Adobe]
[HKLM\Software\Wow6432Node\AppDataLow]
[HKLM\Software\Wow6432Node\Apple Inc.]
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Caphyon]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\CyberLink]
[HKLM\Software\Wow6432Node\GlobalUpdate]
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\Hewlett-Packard]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Insyde]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\Khronos]
[HKLM\Software\Wow6432Node\Lake]
[HKLM\Software\Wow6432Node\Licenses]
[HKLM\Software\Wow6432Node\LogMeInRescueCallingCard]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\Nuance]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\Wow6432Node\Realtek]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\RtWLan]
[HKLM\Software\Wow6432Node\Software]
[HKLM\Software\Wow6432Node\Symantec]
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\WildTangent]
[HKLM\Software\Wow6432Node\buenosearch LTD] =>PUP.BuenoSearch
[HKLM\Software\Wow6432Node\fst]
[HKLM\Software\Wow6432Node\systweak]
[HKLM\Software\Wow6432Node]
~ Key Software: 249 Scanned in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/10/2013 - 21:27:39 - [] ----D C:\Program Files (x86)\Bonjour
O43 - CFD: 21/06/2014 - 17:23:35 - [] ----D C:\Program Files (x86)\Boxore =>Adware.Boxore
O43 - CFD: 04/06/2014 - 13:15:35 - [] ----D C:\Program Files (x86)\buenosearch LTD =>PUP.BuenoSearch
O43 - CFD: 24/04/2014 - 20:07:32 - [] ----D C:\Program Files (x86)\Cisco
O43 - CFD: 04/06/2014 - 17:02:29 - [] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 13/02/2014 - 14:45:12 - [] ----D C:\Program Files (x86)\CyberLink
O43 - CFD: 26/06/2014 - 13:58:39 - [] ----D C:\Program Files (x86)\EZDownloader
O43 - CFD: 18/04/2014 - 18:52:30 - [] ----D C:\Program Files (x86)\Farming Simulator 2013
O43 - CFD: 05/06/2014 - 13:18:07 - [] ----D C:\Program Files (x86)\globalUpdate
O43 - CFD: 24/04/2014 - 18:56:59 - [] ----D C:\Program Files (x86)\Hewlett-Packard
O43 - CFD: 23/07/2013 - 21:51:41 - [] ----D C:\Program Files (x86)\HPConnectedMusic
O43 - CFD: 04/06/2014 - 16:49:21 - [0] ----D C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster
O43 - CFD: 08/10/2013 - 21:54:35 - [] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 08/10/2013 - 21:25:55 - [] ----D C:\Program Files (x86)\Intel
O43 - CFD: 10/07/2014 - 21:32:59 - [] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 23/07/2013 - 21:43:17 - [] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 26/07/2014 - 12:42:36 - [] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 23/07/2013 - 21:47:38 - [] ----D C:\Program Files (x86)\Microsoft SkyDrive =>.Microsoft Corporation
O43 - CFD: 23/07/2013 - 21:48:29 - [] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 27/04/2014 - 21:04:17 - [] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 04/06/2014 - 13:13:28 - [] ----D C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 04/08/2012 - 00:37:58 - [] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 10/12/2013 - 12:11:33 - [] R---D C:\Program Files (x86)\Online Services
O43 - CFD: 04/06/2014 - 16:50:05 - [0] ----D C:\Program Files (x86)\predm
O43 - CFD: 24/04/2014 - 20:06:50 - [] ----D C:\Program Files (x86)\Realtek
O43 - CFD: 04/08/2012 - 00:37:58 - [] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 04/06/2014 - 13:12:38 - [] ----D C:\Program Files (x86)\Software
O43 - CFD: 25/07/2014 - 13:04:12 - [0] ----D C:\Program Files (x86)\SW-Booster =>PUP.SafeWeb
O43 - CFD: 08/10/2013 - 21:58:04 - [] ----D C:\Program Files (x86)\SymSilent
O43 - CFD: 29/04/2014 - 20:44:55 - [] ----D C:\Program Files (x86)\sysTPL
O43 - CFD: 08/10/2013 - 21:23:09 - [0] --H-D C:\Program Files (x86)\Temp
O43 - CFD: 04/06/2014 - 13:16:28 - [] ----D C:\Program Files (x86)\Wajam =>PUP.Wajam
O43 - CFD: 23/07/2013 - 22:01:30 - [] ----D C:\Program Files (x86)\WildGames
O43 - CFD: 23/07/2013 - 22:02:05 - [] ----D C:\Program Files (x86)\WildTangent Games
O43 - CFD: 01/06/2014 - 22:07:24 - [] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 23/07/2013 - 21:48:27 - [] ----D C:\Program Files (x86)\Windows Live
O43 - CFD: 06/02/2014 - 14:55:47 - [] ----D C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 06/02/2014 - 14:55:47 - [] ----D C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 26/07/2012 - 10:13:01 - [] ----D C:\Program Files (x86)\Windows Multimedia Platform
O43 - CFD: 26/07/2012 - 10:12:59 - [] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 06/02/2014 - 14:55:46 - [] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 26/07/2012 - 10:13:01 - [] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 26/07/2012 - 10:12:59 - [] -SH-D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 29/07/2014 - 17:43:48 - [] ----D C:\Program Files (x86)\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 13/02/2014 - 14:46:42 - [] ----D C:\Program Files (x86)\Common Files\CyberLink
O43 - CFD: 08/10/2013 - 21:20:27 - [] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 08/10/2013 - 21:26:33 - [] ----D C:\Program Files (x86)\Common Files\Intel Corporation
O43 - CFD: 27/04/2014 - 21:03:01 - [] ----D C:\Program Files (x86)\Common Files\Microsoft Shared
O43 - CFD: 08/10/2013 - 21:55:28 - [] ----D C:\Program Files (x86)\Common Files\Nikon
O43 - CFD: 08/10/2013 - 21:17:59 - [] ----D C:\Program Files (x86)\Common Files\postureAgent
O43 - CFD: 26/07/2012 - 10:13:01 - [] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 25/12/2013 - 18:46:55 - [0] ----D C:\Program Files (x86)\Common Files\Symantec Shared
O43 - CFD: 06/02/2014 - 14:55:45 - [] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 23/07/2013 - 21:47:17 - [] ----D C:\Program Files (x86)\Common Files\Windows Live
O43 - CFD: 08/10/2013 - 21:27:36 - [] ----D C:\ProgramData\Apple
O43 - CFD: 26/07/2012 - 09:22:08 - [] -SH-D C:\ProgramData\Application Data
O43 - CFD: 02/02/2014 - 13:09:47 - [] ----D C:\ProgramData\AVAST Software
O43 - CFD: 26/06/2014 - 13:58:45 - [] ----D C:\ProgramData\BlueOcean
O43 - CFD: 10/12/2013 - 09:57:50 - [] -SH-D C:\ProgramData\Bureau
O43 - CFD: 07/01/2014 - 10:34:14 - [] ----D C:\ProgramData\CyberLink
O43 - CFD: 26/07/2012 - 09:22:08 - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 26/07/2012 - 09:22:08 - [] -SH-D C:\ProgramData\Documents
O43 - CFD: 26/12/2013 - 12:31:18 - [] ----D C:\ProgramData\Hewlett-Packard
O43 - CFD: 26/06/2014 - 13:58:45 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 08/10/2013 - 21:54:35 - [] ----D C:\ProgramData\install_clap
O43 - CFD: 08/10/2013 - 21:26:14 - [] ----D C:\ProgramData\Intel
O43 - CFD: 10/12/2013 - 09:57:50 - [] -SH-D C:\ProgramData\Menu Démarrer
O43 - CFD: 26/07/2014 - 12:43:59 - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 27/04/2014 - 21:04:38 - [] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 23/07/2013 - 21:47:27 - [] ----D C:\ProgramData\Microsoft SkyDrive =>.Microsoft Corporation
O43 - CFD: 10/12/2013 - 09:57:50 - [] -SH-D C:\ProgramData\Modèles
O43 - CFD: 29/07/2014 - 15:56:38 - [] ----D C:\ProgramData\Norton
O43 - CFD: 08/10/2013 - 21:56:19 - [] ----D C:\ProgramData\NortonInstaller
O43 - CFD: 08/10/2013 - 21:28:52 - [] ----D C:\ProgramData\Package Cache
O43 - CFD: 26/12/2013 - 14:15:00 - [] ----D C:\ProgramData\PRICache
O43 - CFD: 27/04/2014 - 21:02:54 - [] ----D C:\ProgramData\regid.1991-06.com.microsoft
O43 - CFD: 29/07/2014 - 10:34:03 - [] ----D C:\ProgramData\RogueKiller
O43 - CFD: 26/07/2012 - 09:22:08 - [] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 08/10/2013 - 21:32:49 - [] ----D C:\ProgramData\Synaptics
O43 - CFD: 08/10/2013 - 21:54:37 - [] ----D C:\ProgramData\Temp
O43 - CFD: 26/07/2012 - 09:22:08 - [] -SH-D C:\ProgramData\Templates
O43 - CFD: 23/07/2013 - 22:02:04 - [] ----D C:\ProgramData\WildTangent
O43 - CFD: 23/07/2013 - 21:52:57 - [] ----D C:\ProgramData\{4A268D42-77A5-4E91-AE73-470ED3BD9CA8}
O43 - CFD: 10/12/2013 - 12:11:35 - [] ----D C:\Users\karine\AppData\Roaming\Adobe
O43 - CFD: 04/06/2014 - 13:16:08 - [0] ----D C:\Users\karine\AppData\Roaming\Advanced System Protector =>PUP.AdvancedSystemProtector
O43 - CFD: 02/02/2014 - 13:12:17 - [] ----D C:\Users\karine\AppData\Roaming\AVAST Software
O43 - CFD: 04/06/2014 - 13:15:43 - [] ----D C:\Users\karine\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 13/02/2014 - 20:30:35 - [] ----D C:\Users\karine\AppData\Roaming\CyberLink
O43 - CFD: 26/06/2014 - 13:58:55 - [] ----D C:\Users\karine\AppData\Roaming\EZDownloader
O43 - CFD: 10/12/2013 - 12:30:34 - [] ----D C:\Users\karine\AppData\Roaming\Hewlett-Packard
O43 - CFD: 25/12/2013 - 01:29:39 - [] ----D C:\Users\karine\AppData\Roaming\hpqlog
O43 - CFD: 10/12/2013 - 12:16:20 - [] ----D C:\Users\karine\AppData\Roaming\Macromedia
O43 - CFD: 25/07/2014 - 11:54:03 - [] -S--D C:\Users\karine\AppData\Roaming\Microsoft
O43 - CFD: 10/12/2013 - 12:10:23 - [] ----D C:\Users\karine\AppData\Roaming\Synaptics
O43 - CFD: 04/06/2014 - 16:50:38 - [] ----D C:\Users\karine\AppData\Roaming\systweak
O43 - CFD: 29/07/2014 - 15:52:45 - [0] ----D C:\Users\karine\AppData\Roaming\uTorrent =>P2P.µTorrent
O43 - CFD: 10/12/2013 - 12:25:50 - [] ----D C:\Users\karine\AppData\Roaming\WildTangent
O43 - CFD: 29/07/2014 - 17:54:10 - [] ----D C:\Users\karine\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 06/03/2014 - 09:29:20 - [0] ----D C:\Users\karine\AppData\Local\Adobe
O43 - CFD: 10/12/2013 - 12:08:47 - [] -SH-D C:\Users\karine\AppData\Local\Application Data
O43 - CFD: 06/04/2014 - 12:43:50 - [] ----D C:\Users\karine\AppData\Local\Apps
O43 - CFD: 10/12/2013 - 12:13:29 - [] ----D C:\Users\karine\AppData\Local\CyberLink
O43 - CFD: 11/07/2014 - 18:44:30 - [0] ----D C:\Users\karine\AppData\Local\Deployment
O43 - CFD: 28/07/2014 - 21:42:47 - [] ----D C:\Users\karine\AppData\Local\Diagnostics
O43 - CFD: 26/12/2013 - 13:45:57 - [] ----D C:\Users\karine\AppData\Local\Downloaded Installations
O43 - CFD: 27/12/2013 - 16:43:51 - [] ----D C:\Users\karine\AppData\Local\Facebook
O43 - CFD: 04/06/2014 - 13:13:12 - [] ----D C:\Users\karine\AppData\Local\globalUpdate
O43 - CFD: 25/12/2013 - 01:29:35 - [] ----D C:\Users\karine\AppData\Local\Hewlett-Packard
O43 - CFD: 10/12/2013 - 12:08:47 - [] -SH-D C:\Users\karine\AppData\Local\Historique
O43 - CFD: 10/12/2013 - 12:31:03 - [0] ----D C:\Users\karine\AppData\Local\HP Quick Start
O43 - CFD: 23/07/2014 - 10:01:09 - [] ----D C:\Users\karine\AppData\Local\HPConnectedMusic
O43 - CFD: 26/12/2013 - 13:38:49 - [] ----D C:\Users\karine\AppData\Local\MediaServer
O43 - CFD: 07/01/2014 - 10:35:20 - [0] ----D C:\Users\karine\AppData\Local\MediaShow
O43 - CFD: 19/04/2014 - 22:44:38 - [] ----D C:\Users\karine\AppData\Local\Microsoft
O43 - CFD: 27/04/2014 - 18:46:50 - [0] ----D C:\Users\karine\AppData\Local\Microsoft Help
O43 - CFD: 26/12/2013 - 14:15:06 - [] ----D C:\Users\karine\AppData\Local\Packages
O43 - CFD: 10/12/2013 - 12:10:34 - [] ----D C:\Users\karine\AppData\Local\Power2Go8
O43 - CFD: 30/01/2014 - 19:24:18 - [] ----D C:\Users\karine\AppData\Local\Programs
O43 - CFD: 04/06/2014 - 13:12:38 - [] ----D C:\Users\karine\AppData\Local\Software
O43 - CFD: 29/07/2014 - 17:52:43 - [] ----D C:\Users\karine\AppData\Local\Temp
O43 - CFD: 10/12/2013 - 12:08:47 - [] -SH-D C:\Users\karine\AppData\Local\Temporary Internet Files
O43 - CFD: 10/12/2013 - 12:09:19 - [0] ----D C:\Users\karine\AppData\Local\VirtualStore
O43 - CFD: 26/07/2012 - 10:13:00 - [] R---D C:\Users\karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 26/07/2012 - 10:13:00 - [] R---D C:\Users\karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 02/06/2014 - 08:10:19 - [] R---D C:\Users\karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 26/07/2012 - 10:13:00 - [] ----D C:\Users\karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 02/06/2014 - 08:10:19 - [] R---D C:\Users\karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 24/07/2013 - 06:40:21 - [] R---D C:\Users\karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
~ Program Folder: 128 Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.58CC013EFA9893057160EDA018D8ADCE] - 15/07/2014 - 23:51:05 ---A- . (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\Drivers\hdaudbus.sys [71168]
O44 - LFC:[MD5.6F297C3AD5E0F188E9539D0F0F385941] - 19/07/2014 - 13:01:04 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [428688]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/07/2014 - 13:47:42 ---A- . (...) -- C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt [0]
O44 - LFC:[MD5.357CEBBCD99C8928A2D1A61A6CACC168] - 25/07/2014 - 11:27:23 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\Windows\avastSS.scr [43152]
O44 - LFC:[MD5.A5757DE5F9C83AB40667A53D5126EA40] - 25/07/2014 - 11:27:24 ---A- . (.AVAST Software - avast! WFP Redirect Driver.) -- C:\Windows\System32\Drivers\aswRdr2.sys [93568]
O44 - LFC:[MD5.D95E64416A4A3ED6986E0F474DA934BD] - 25/07/2014 - 11:27:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.645D97385F3F284FB5604F9B970F4D24] - 25/07/2014 - 11:27:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O44 - LFC:[MD5.471A311745848B80339436688A8286E6] - 25/07/2014 - 11:27:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896]
O44 - LFC:[MD5.48DED912CDE54FC0923B9858512366E1] - 25/07/2014 - 11:27:25 ---A- . (.AVAST Software - Stream Filter.) -- C:\Windows\System32\Drivers\aswStm.sys [92008]
O44 - LFC:[MD5.FF1E537A3632CBB9A0BF72B9FD0878D5] - 25/07/2014 - 11:27:25 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2.) -- C:\Windows\System32\Drivers\aswMonFlt.sys [79184]
O44 - LFC:[MD5.B8FDEDE963B82CFD23B3A53A3084666D] - 25/07/2014 - 11:27:25 ---A- . (.AVAST Softw
~ Lancé par karine (29/07/2014 17:53:36)
~ Adresse du Site Web https://nicolascoolman.eu
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Désactivée par l'utilisateur
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.17028 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : D667T
Windows License : OK
~ Windows Remaining Initializations Number : 998
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2021
Windows Defender W8 (Deactivate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3988 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 862 GB (95%) free of 907 GB
---\\ Mode de connexion au système
~ Computer Name: KILLIAN
~ User Name: karine
~ All Users Names: pouna_000, karine, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\karine\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\karine\AppData\Roaming\
~ %Desktop% : C:\Users\karine\Desktop\
~ %Favorites% : C:\Users\karine\Favorites\
~ %LocalAppData% : C:\Users\karine\AppData\Local\
~ %StartMenu% : C:\Users\karine\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 862 Go of 907 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 24 Go)
E: CD-ROM drive (Free 0 Go of 2 Go)
F: Floppy drive, Flash card reader, USB Key (Free 0 Go of 4 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: 41 Scanned in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.27E552632E6394DE0FA555EFDBA29A49] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.19/06/2014 - 03:12:11.) -- C:\Windows\System32\wininet.dll [2239488]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.12/04/2014 - 10:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.FE7FB9612D354EB41DF4F0FF5D6FB259] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.29/05/2014 - 23:24:46.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.16/01/2014 - 00:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.58CC013EFA9893057160EDA018D8ADCE] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.15/07/2014 - 23:51:05.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.27/02/2014 - 00:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/01/2014 - 04:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/788
~ Mes musiques (My Musics) : 1/73
Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 1/33
~ Mes Documents (My Documents) : 2/1429
~ Mon Bureau (My Desktop) : 1/5
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 03s
---\\ Processus lancés
[MD5.6E0A993681A809FB61B2BF0D1959AAA4] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416] [PID.4668]
[MD5.A4C34F9AAE33EC99D8ED5299F856C9D8] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224] [PID.4848]
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.4900]
[MD5.0E33C03867675B923DCAF0A36DD646CA] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304] [PID.4912]
[MD5.4E9AF25BA5E8219310E384AEA5B0EED8] - (.CyberLink - CyberLink MediaLibrary Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576] [PID.508]
[MD5.434FEE6FF661DCABADB69E55E0747494] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312] [PID.2944]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8071680] [PID.6924]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.30514.0.) -- c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\karine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
~ Firefox Browser: 2 Scanned in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (10.00.9200.16384 (win8_rtm.120725-1247)) -- C:\Windows\SysWOW64\ieframe.dll
R3 - URLSearchHook: (no name) [64Bits] - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
~ IE Browser: 18 Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:52401;https=127.0.0.1:52401 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) [64Bits] - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} Clé orpheline
O2 - BHO: avast! Online Security [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: HP Network Check Helper [64Bits] - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} . (.Hewlett-Packard - HP Network Check IE Plug-in.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: buenosearch Helper Object [64Bits] - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} . (.Montiera Technologies LTD - Pas de description.) -- C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll =>PUP.BuenoSearch
~ BHO: 6 Scanned in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\karine\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Service] . (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
O4 - HKLM\..\Wow6432Node\Run: [AccelerometerSysTrayApplet] . (.Hewlett-Packard Company - Hp Accelerometer System Tray.) -- C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_200] Clé orpheline =>Adware.FreeSoftToday
O4 - HKUS\S-1-5-21-12059798-445784377-1546886579-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\karine\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-12059798-445784377-1546886579-1001\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
~ Application: Scanned in 00mn 00s
---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll =>.Microsoft Corporation
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll
~ Winsock: 7 Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1EDE93F-8AA4-4758-8EEF-DB2FBB2ADF77}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D1EDE93F-8AA4-4758-8EEF-DB2FBB2ADF77}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SW-Booster\Assistant_x64.dll (.not file.) =>PUP.SafeWeb
~ AppInit DLL: Scanned in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Andrea RT Filters Service (AERTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service (CyberLink PowerDVD 12 Media Server Monitor Service) . (.CyberLink - CyberLink Media Server Monitor Service.) - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service (CyberLink PowerDVD 12 Media Server Service) . (.CyberLink - CyberLink Media Server Service.) - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: HP Support Assistant Service (HP Support Assistant Service) . (.Hewlett-Packard Company - HP Support Assistant Service.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
O23 - Service: oem16.inf (hpsrv) . (.Hewlett-Packard Company - HpService.) - C:\Windows\System32\Hpservice.exe
O23 - Service: HPWMISVC (HPWMISVC) . (.Hewlett-Packard Development Company, L.P. - HP WMI Service.) - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation - Intel(R) Capability Licensing Service Inter.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service (Intel(R) ME Service) . (.Intel Corporation - Intel(R) ME Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Realtek Audio Service (RtkAudioService) . (.Realtek Semiconductor - Realtek Audio Service.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: Software Update Service (supdate) (supdate) . (.Boxore OU. - Programme d'installation de Software.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
O23 - Service: Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Wajam Internet Enhancer Service (Wajam Internet Enhancer Service) . (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer Service.) - C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.Wajam
~ Services: 18 Scanned in 00mn 17s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Advanced System Protector] (...) -- C:\Program Files (x86)\RegClean Pro\SystweakASP.exe (.not file.) [0] =>PUP.AdvancedSystemProtector
[MD5.1AD8512A5C40AD1A0558498D8E0AC2AA] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [808448]
[MD5.4E9AF25BA5E8219310E384AEA5B0EED8] [APT] [CLMLSvc_P2G8] (.CyberLink.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576]
[MD5.227E138E4A6D8D3A1CC9C3EA0D1874A5] [APT] [CLVDLauncher] (.CyberLink Corp..) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [339008]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001Core] (.Facebook Inc..) -- C:\Users\karine\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001UA] (.Facebook Inc..) -- C:\Users\karine\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.AF51D4FE088A3EFA5303B36FFFD0581B] [APT] [HPCeeScheduleForkarine] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [91704]
[MD5.251A1AED2D4A26A47C0A4A3058AAE4A8] [APT] [SoftwareUpdateTaskMachineCore] (.Boxore OU..) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [139576] =>Adware.Boxore
[MD5.251A1AED2D4A26A47C0A4A3058AAE4A8] [APT] [SoftwareUpdateTaskMachineUA] (.Boxore OU..) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [139576] =>Adware.Boxore
[MD5.98384182AC896D4F660B60F9D69412AF] [APT] [Synaptics TouchPad Enhancements] (.Synaptics Incorporated.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808]
[MD5.434FEE6FF661DCABADB69E55E0747494] [APT] [HP CoolSense Start at Logon] (.Hewlett-Packard Development Company, L.P..) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312]
[MD5.A0677631EEBDC81B2C30025C1133D7C5] [APT] [HP Support Assistant Quick Start] (.Hewlett-Packard Company.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [541496]
[MD5.A0677631EEBDC81B2C30025C1133D7C5] [APT] [PC Health Analysis] (.Hewlett-Packard Company.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [541496]
[MD5.16F1F09240540D9409DA192839C9D786] [APT] [Update Check] (.Hewlett-Packard Company.) -- C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [630584]
[MD5.701C65A8DF4B7663FFA4A1032598DFE9] [APT] [WarrantyChecker] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1586392]
[MD5.701C65A8DF4B7663FFA4A1032598DFE9] [APT] [WarrantyChecker_DeviceScan] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1586392]
O39 - APT: - (..) -- C:\Windows\Tasks\AutoKMS.job [282] =>Trojan.Keygen
O39 - APT: FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001Core.job [926]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001Core [926]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001UA.job [948]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-12059798-445784377-1546886579-1001UA [948]
O39 - APT: HPCeeScheduleForkarine - (.Hewlett-Packard.) -- C:\Windows\Tasks\HPCeeScheduleForkarine.job [352]
O39 - APT: HPCeeScheduleForkarine - (.Hewlett-Packard.) -- C:\Windows\System32\Tasks\HPCeeScheduleForkarine [352]
O39 - APT: SoftwareUpdateTaskMachineCore - (.Boxore OU..) -- C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [1098] =>Adware.Boxore
O39 - APT: SoftwareUpdateTaskMachineCore - (.Boxore OU..) -- C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore [1098] =>Adware.Boxore
O39 - APT: SoftwareUpdateTaskMachineUA - (.Boxore OU..) -- C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [1102] =>Adware.Boxore
O39 - APT: SoftwareUpdateTaskMachineUA - (.Boxore OU..) -- C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA [1102] =>Adware.Boxore
~ Scheduled Task: 25 Scanned in 00mn 03s
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\System32\mscories.dll
~ Active Setup: 9 Scanned in 00mn 00s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (aswRdr) . (.AVAST Software - avast! WFP Redirect Driver.) - C:\Windows\system32\drivers\aswRdr2.sys
O41 - Driver: (aswSnx) . (.AVAST Software - avast! Virtualization Driver.) - C:\Windows\system32\drivers\aswSnx.sys
O41 - Driver: (aswSP) . (.AVAST Software - avast! self protection module.) - C:\Windows\system32\drivers\aswSP.sys
O41 - Driver: (BasicDisplay) . (.Microsoft Corporation - Microsoft Basic Display Driver.) - C:\Windows\system32\drivers\BasicDisplay.sys
O41 - Driver: (BasicRender) . (.Microsoft Corporation - Microsoft Basic Render Driver.) - C:\Windows\system32\drivers\BasicRender.sys
O41 - Driver: cdrom.inf (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: (CLVirtualDrive) . (.CyberLink - It is a virtual device driver which could c.) - C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
O41 - Driver: C:\Windows\System32\drivers\dam.sys (dam) . (.Microsoft Corporation - DAM Kernel Driver.) - C:\Windows\System32\drivers\dam.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (Dfsc) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: mssmbios.inf (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: netnb.inf (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: npsvctrig.inf (npsvctrig) . (.Microsoft Corporation - Named pipe service triggers.) - C:\Windows\system32\drivers\npsvctrig.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: C:\Windows\System32\drivers\vwififlt.sys (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\system32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
~ Drivers: 42 Scanned in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: 7-Zip 9.20 (x64 edition) - (.Igor Pavlov.) [HKLM][64Bits] -- {23170F69-40C1-2702-0920-000001000000}
O42 - Logiciel: Adobe Shockwave Player 12.0 - (.Adobe Systems, Inc..) [HKLM][64Bits] -- Adobe Shockwave Player
O42 - Logiciel: Aloha TriPeaks - (.WildTangent.) [HKLM][64Bits] -- WTA-2117b5c8-3ece-4412-9662-b970a3373621
O42 - Logiciel: Bejeweled 3 - (.WildTangent.) [HKLM][64Bits] -- WTA-1a2b6c36-ef16-448a-817f-c07d02079bfa
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM][64Bits] -- {6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {F847B70A-FC29-4B82-872E-58F2CE9DEE09} =>Adware.Boxore
O42 - Logiciel: Build-a-lot - (.WildTangent.) [HKLM][64Bits] -- WTA-1c0463bb-f819-402f-bd3d-3eb2f91a5c79
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {AF312B06-5C5C-468E-89B3-BE6DE2645722}
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] -- {0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}
O42 - Logiciel: Cradle of Rome 2 - (.WildTangent.) [HKLM][64Bits] -- WTA-0c6e07ec-6f4d-498f-a087-b7d4c1794be4
O42 - Logiciel: Crazy Chicken Soccer - (.WildTangent.) [HKLM][64Bits] -- WTA-9ba8d5f0-b99b-487e-b019-7a34c180af35
O42 - Logiciel: CyberLink LabelPrint - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
O42 - Logiciel: CyberLink LabelPrint - (.CyberLink Corp..) [HKLM][64Bits] -- {C59C179C-668D-49A9-B6EA-0121CCFC1243}
O42 - Logiciel: CyberLink Media Suite 10 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: CyberLink Media Suite 10 - (.CyberLink Corp..) [HKLM][64Bits] -- {1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: CyberLink Power2Go 8 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
O42 - Logiciel: CyberLink Power2Go 8 - (.CyberLink Corp..) [HKLM][64Bits] -- {2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
O42 - Logiciel: CyberLink PowerDVD 12 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
O42 - Logiciel: CyberLink PowerDVD 12 - (.CyberLink Corp..) [HKLM][64Bits] -- {B46BEA36-0B71-4A4E-AE41-87241643FA0A}
O42 - Logiciel: CyberLink PowerDirector 10 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}
O42 - Logiciel: CyberLink PowerDirector 10 - (.CyberLink Corp..) [HKLM][64Bits] -- {B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM][64Bits] -- {01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: Cyberlink PhotoDirector - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}
O42 - Logiciel: Cyberlink PhotoDirector - (.CyberLink Corp..) [HKLM][64Bits] -- {39337565-330E-4ab6-A9AE-AC81E0720B10}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: DisableMSDefender - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}
O42 - Logiciel: EZDownloader - (.EZDownloader.) [HKLM][64Bits] -- {0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
O42 - Logiciel: Energy Star - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}
O42 - Logiciel: Facebook Video Calling 2.0.0.447 - (.Skype Limited.) [HKLM][64Bits] -- {8DF41A9F-FE13-43E8-A003-5F9B55A011EE}
O42 - Logiciel: Farm Frenzy - (.WildTangent.) [HKLM][64Bits] -- WTA-9d5b9fad-c289-475d-8dc0-c68b47609a2f
O42 - Logiciel: Farming Simulator 2013 - (.GIANTS Software.) [HKLM][64Bits] -- FarmingSimulator2013INT_is1
O42 - Logiciel: Galerie de photos - (.Microsoft Corporation.) [HKLM][64Bits] -- {446CC8CE-0E90-44F7-ADD0-774B243EF090}
O42 - Logiciel: Governor of Poker 2 Premium Edition - (.WildTangent.) [HKLM][64Bits] -- WTA-4a353857-d8ff-417a-8a1a-3fcf172824fb
O42 - Logiciel: HP 3D DriveGuard - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {07F6DC37-0857-4B68-A675-4E35989E85E3}
O42 - Logiciel: HP Connected Music (Meridian - installer) - (.Meridian Audio Ltd.) [HKLM][64Bits] -- StartHPConnectedMusic
O42 - Logiciel: HP Connected Music (Meridian - player) - (.Meridian Audio Ltd.) [HKCU][64Bits] -- HPConnectedMusic
O42 - Logiciel: HP CoolSense - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {394B14EA-B072-4440-9510-87797CB12371}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM][64Bits] -- {07FA4960-B038-49EB-891B-9F95930AA544}
O42 - Logiciel: HP Documentation - (.Hewlett-Packard.) [HKLM][64Bits] -- {61245005-66F1-4001-AEE8-2E2D36F65C28}
O42 - Logiciel: HP Postscript Converter - (.Hewlett-Packard.) [HKLM][64Bits] -- {6E14E6D6-3175-4E1A-B934-CAB5A86367CD}
O42 - Logiciel: HP Quick Start - (.Hewlett-Packard.) [HKLM][64Bits] -- {B9494F9E-5EA9-4C70-9F38-659F5E6C0BF3}
O42 - Logiciel: HP Recovery Manager - (.Hewlett-Packard.) [HKLM][64Bits] -- {E849965E-4771-440C-936F-AF5BFD144416}
O42 - Logiciel: HP Registration Service - (.Hewlett-Packard.) [HKLM][64Bits] -- {D1E8F2D7-7794-4245-B286-87ED86C1893C}
O42 - Logiciel: HP Support Assistant - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {C88F84E5-AE23-44BD-922C-2ABEACACAF7A} =>.Hewlett-Packard Co
O42 - Logiciel: HP System Event Utility - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {F35EE4BC-95E1-4417-BA36-7C32FF24A59A}
O42 - Logiciel: HP Utility Center - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {A48BD764-CFDF-40A5-A07A-710908044F5D}
O42 - Logiciel: HP Wireless Button Driver - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {30B2D1D8-0A07-4B71-9553-0710C5D31E35}
O42 - Logiciel: Hewlett-Packard ACLM.NET v1.2.2.1 - (.Hewlett-Packard Company.) [HKLM][64Bits] -- {6F340107-F9AA-47C6-B54C-C3A19F11553F}
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A}
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {409CB30E-E457-4008-9B1A-ED1B9EA21140}
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {E83FDB2A-C81C-403D-8FD3-A816A89AF80C}
O42 - Logiciel: Intel(R) SDK for OpenCL - CPU Only Runtime Package - (.Intel Corporation.) [HKLM][64Bits] -- {FCB3772C-B7D0-4933-B1A9-3707EBACC573}
O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM][64Bits] -- {FA00A3CC-7440-4938-A271-F186F50DD40D}
O42 - Logiciel: Jeux WildTangent - (.WildTangent.) [HKLM][64Bits] -- WildTangent wildgames Master Uninstall
O42 - Logiciel: Jewel Match 3 - (.WildTangent.) [HKLM][64Bits] -- WTA-5f6c5326-4a1b-40c9-9379-76dca831dbca
O42 - Logiciel: Jewel Quest II - (.WildTangent.) [HKLM][64Bits] -- WTA-472cffa8-c39f-41ed-a65a-081a1f381d94
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM][64Bits] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
O42 - Logiciel: MSVCRT110_amd64 - (.Microsoft.) [HKLM][64Bits] -- {E9FA781F-3E80-4399-825A-AD3E11C28C77}
O42 - Logiciel: Mahjongg Artifacts - (.WildTangent.) [HKLM][64Bits] -- WTA-c3415b63-bc95-42c5-bf79-623a46c610ac
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft SkyDrive - (.Microsoft Corporation.) [HKCU][64Bits] -- SkyDriveSetup.exe =>.Microsoft Corporation
O42 - Logiciel: Plants vs. Zombies - Game of the Year - (.WildTangent.) [HKLM][64Bits] -- WTA-4eac5f9e-33cb-48f5-bf50-7082a2214ff3
O42 - Logiciel: Polar Bowler - (.WildTangent.) [HKLM][64Bits] -- WTA-0d35afb2-fd0b-48e6-91f3-1421859673ac
O42 - Logiciel: REALTEK Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] -- {A5107464-AA9B-4177-8129-5FF2F42DD322}
O42 - Logiciel: Ranch Rush 2 - Premium Edition - (.WildTangent.) [HKLM][64Bits] -- WTA-3b956706-414a-427a-b545-4ac94ad99a1c
O42 - Logiciel: Realtek Card Reader - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F0A8BF4A-972F-41E0-9800-1EFE3BF28266}
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: SW-Sustainer 1.80 - (.Certified Publisher.) [HKLM][64Bits] -- {5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27} =>PUP.SafeWeb
O42 - Logiciel: Software Update Helper - (.Boxore OU..) [HKLM][64Bits] -- {006E6A46-8D55-4F10-BBA8-2C9653B4278B} =>Adware.Boxore
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM][64Bits] -- SynTPDeinstKey
O42 - Logiciel: Trinklit Supreme - (.WildTangent.) [HKLM][64Bits] -- WTA-9cd91b6b-19ac-4723-a1c9-0c8dec0e1c0e
O42 - Logiciel: Update Installer for WildTangent Games App - (.WildTangent.) [HKLM][64Bits] -- {2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
O42 - Logiciel: Vacation Quest(TM) - Australia - (.WildTangent.) [HKLM][64Bits] -- WTA-9b1b639f-3762-47cc-9c36-5d2e35040d4d
O42 - Logiciel: Virtual Families - (.WildTangent.) [HKLM][64Bits] -- WTA-d86f6409-6926-4cb1-a6f7-6cf823fd6790
O42 - Logiciel: Wajam - (.Wajam.) [HKLM][64Bits] -- Wajam =>PUP.Wajam
O42 - Logiciel: Wedding Dash - (.WildTangent.) [HKLM][64Bits] -- WTA-ec94ce70-d22f-41dc-a0c1-f667c0881864
O42 - Logiciel: WildTangent Games App (HP Games) - (.WildTangent.) [HKLM][64Bits] -- {70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp
O42 - Logiciel: Youda Jewel Shop - (.WildTangent.) [HKLM][64Bits] -- WTA-428c9521-9fd9-49ae-a121-f2ddd2a16d8e
O42 - Logiciel: Zuma's Revenge - (.WildTangent.) [HKLM][64Bits] -- WTA-99026cfc-1268-4b13-a543-e8d9f434036c
O42 - Logiciel: avast! Free Antivirus v9.0.2021 - (.AVAST Software.) [HKLM][64Bits] -- Avast
O42 - Logiciel: buenosearch toolbar - (.Montiera technologies LTD.) [HKLM][64Bits] -- buenosearch =>PUP.BuenoSearch
O42 - Logiciel: swMSM - (.Adobe Systems, Inc.) [HKLM][64Bits] -- {612C34C7-5E90-47D8-9B5C-0F717DD82726}
O42 - Logiciel: sysTPL - (.Tlapia.) [HKLM][64Bits] -- {4B74BC31-B353-4B8F-8CBE-DAB4FF326FF1}
~ Logic: 64 Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\7-Zip]
[HKCU\Software\AI_RecycleBin]
[HKCU\Software\AVAST Software]
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}]
[HKCU\Software\AppDataLow]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\Classes]
[HKCU\Software\CyberLink]
[HKCU\Software\Facebook]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\Intel]
[HKCU\Software\Lake]
[HKCU\Software\Licenses]
[HKCU\Software\Macromedia]
[HKCU\Software\Mine]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Norton]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\SkypeRS]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Symantec]
[HKCU\Software\Synaptics]
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Wajam] =>PUP.Wajam
[HKCU\Software\Wow6432Node]
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\buenosearch LTD] =>PUP.BuenoSearch
[HKCU\Software\globalUpdate]
[HKCU\Software\skype]
[HKCU\Software\sysTPL]
[HKCU\Software\systweak]
[HKLM\Software\7-Zip]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CyberLink]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Norton]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Synaptics]
[HKLM\Software\Wow6432Node\AVAST Software]
[HKLM\Software\Wow6432Node\Adobe]
[HKLM\Software\Wow6432Node\AppDataLow]
[HKLM\Software\Wow6432Node\Apple Inc.]
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Caphyon]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\CyberLink]
[HKLM\Software\Wow6432Node\GlobalUpdate]
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\Hewlett-Packard]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Insyde]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\Khronos]
[HKLM\Software\Wow6432Node\Lake]
[HKLM\Software\Wow6432Node\Licenses]
[HKLM\Software\Wow6432Node\LogMeInRescueCallingCard]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\Nuance]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\Wow6432Node\Realtek]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\RtWLan]
[HKLM\Software\Wow6432Node\Software]
[HKLM\Software\Wow6432Node\Symantec]
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\WildTangent]
[HKLM\Software\Wow6432Node\buenosearch LTD] =>PUP.BuenoSearch
[HKLM\Software\Wow6432Node\fst]
[HKLM\Software\Wow6432Node\systweak]
[HKLM\Software\Wow6432Node]
~ Key Software: 249 Scanned in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/10/2013 - 21:27:39 - [] ----D C:\Program Files (x86)\Bonjour
O43 - CFD: 21/06/2014 - 17:23:35 - [] ----D C:\Program Files (x86)\Boxore =>Adware.Boxore
O43 - CFD: 04/06/2014 - 13:15:35 - [] ----D C:\Program Files (x86)\buenosearch LTD =>PUP.BuenoSearch
O43 - CFD: 24/04/2014 - 20:07:32 - [] ----D C:\Program Files (x86)\Cisco
O43 - CFD: 04/06/2014 - 17:02:29 - [] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 13/02/2014 - 14:45:12 - [] ----D C:\Program Files (x86)\CyberLink
O43 - CFD: 26/06/2014 - 13:58:39 - [] ----D C:\Program Files (x86)\EZDownloader
O43 - CFD: 18/04/2014 - 18:52:30 - [] ----D C:\Program Files (x86)\Farming Simulator 2013
O43 - CFD: 05/06/2014 - 13:18:07 - [] ----D C:\Program Files (x86)\globalUpdate
O43 - CFD: 24/04/2014 - 18:56:59 - [] ----D C:\Program Files (x86)\Hewlett-Packard
O43 - CFD: 23/07/2013 - 21:51:41 - [] ----D C:\Program Files (x86)\HPConnectedMusic
O43 - CFD: 04/06/2014 - 16:49:21 - [0] ----D C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster
O43 - CFD: 08/10/2013 - 21:54:35 - [] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 08/10/2013 - 21:25:55 - [] ----D C:\Program Files (x86)\Intel
O43 - CFD: 10/07/2014 - 21:32:59 - [] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 23/07/2013 - 21:43:17 - [] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 26/07/2014 - 12:42:36 - [] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 23/07/2013 - 21:47:38 - [] ----D C:\Program Files (x86)\Microsoft SkyDrive =>.Microsoft Corporation
O43 - CFD: 23/07/2013 - 21:48:29 - [] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 27/04/2014 - 21:04:17 - [] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 04/06/2014 - 13:13:28 - [] ----D C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 04/08/2012 - 00:37:58 - [] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 10/12/2013 - 12:11:33 - [] R---D C:\Program Files (x86)\Online Services
O43 - CFD: 04/06/2014 - 16:50:05 - [0] ----D C:\Program Files (x86)\predm
O43 - CFD: 24/04/2014 - 20:06:50 - [] ----D C:\Program Files (x86)\Realtek
O43 - CFD: 04/08/2012 - 00:37:58 - [] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 04/06/2014 - 13:12:38 - [] ----D C:\Program Files (x86)\Software
O43 - CFD: 25/07/2014 - 13:04:12 - [0] ----D C:\Program Files (x86)\SW-Booster =>PUP.SafeWeb
O43 - CFD: 08/10/2013 - 21:58:04 - [] ----D C:\Program Files (x86)\SymSilent
O43 - CFD: 29/04/2014 - 20:44:55 - [] ----D C:\Program Files (x86)\sysTPL
O43 - CFD: 08/10/2013 - 21:23:09 - [0] --H-D C:\Program Files (x86)\Temp
O43 - CFD: 04/06/2014 - 13:16:28 - [] ----D C:\Program Files (x86)\Wajam =>PUP.Wajam
O43 - CFD: 23/07/2013 - 22:01:30 - [] ----D C:\Program Files (x86)\WildGames
O43 - CFD: 23/07/2013 - 22:02:05 - [] ----D C:\Program Files (x86)\WildTangent Games
O43 - CFD: 01/06/2014 - 22:07:24 - [] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 23/07/2013 - 21:48:27 - [] ----D C:\Program Files (x86)\Windows Live
O43 - CFD: 06/02/2014 - 14:55:47 - [] ----D C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 06/02/2014 - 14:55:47 - [] ----D C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 26/07/2012 - 10:13:01 - [] ----D C:\Program Files (x86)\Windows Multimedia Platform
O43 - CFD: 26/07/2012 - 10:12:59 - [] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 06/02/2014 - 14:55:46 - [] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 26/07/2012 - 10:13:01 - [] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 26/07/2012 - 10:12:59 - [] -SH-D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 29/07/2014 - 17:43:48 - [] ----D C:\Program Files (x86)\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 13/02/2014 - 14:46:42 - [] ----D C:\Program Files (x86)\Common Files\CyberLink
O43 - CFD: 08/10/2013 - 21:20:27 - [] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 08/10/2013 - 21:26:33 - [] ----D C:\Program Files (x86)\Common Files\Intel Corporation
O43 - CFD: 27/04/2014 - 21:03:01 - [] ----D C:\Program Files (x86)\Common Files\Microsoft Shared
O43 - CFD: 08/10/2013 - 21:55:28 - [] ----D C:\Program Files (x86)\Common Files\Nikon
O43 - CFD: 08/10/2013 - 21:17:59 - [] ----D C:\Program Files (x86)\Common Files\postureAgent
O43 - CFD: 26/07/2012 - 10:13:01 - [] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 25/12/2013 - 18:46:55 - [0] ----D C:\Program Files (x86)\Common Files\Symantec Shared
O43 - CFD: 06/02/2014 - 14:55:45 - [] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 23/07/2013 - 21:47:17 - [] ----D C:\Program Files (x86)\Common Files\Windows Live
O43 - CFD: 08/10/2013 - 21:27:36 - [] ----D C:\ProgramData\Apple
O43 - CFD: 26/07/2012 - 09:22:08 - [] -SH-D C:\ProgramData\Application Data
O43 - CFD: 02/02/2014 - 13:09:47 - [] ----D C:\ProgramData\AVAST Software
O43 - CFD: 26/06/2014 - 13:58:45 - [] ----D C:\ProgramData\BlueOcean
O43 - CFD: 10/12/2013 - 09:57:50 - [] -SH-D C:\ProgramData\Bureau
O43 - CFD: 07/01/2014 - 10:34:14 - [] ----D C:\ProgramData\CyberLink
O43 - CFD: 26/07/2012 - 09:22:08 - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 26/07/2012 - 09:22:08 - [] -SH-D C:\ProgramData\Documents
O43 - CFD: 26/12/2013 - 12:31:18 - [] ----D C:\ProgramData\Hewlett-Packard
O43 - CFD: 26/06/2014 - 13:58:45 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 08/10/2013 - 21:54:35 - [] ----D C:\ProgramData\install_clap
O43 - CFD: 08/10/2013 - 21:26:14 - [] ----D C:\ProgramData\Intel
O43 - CFD: 10/12/2013 - 09:57:50 - [] -SH-D C:\ProgramData\Menu Démarrer
O43 - CFD: 26/07/2014 - 12:43:59 - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 27/04/2014 - 21:04:38 - [] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 23/07/2013 - 21:47:27 - [] ----D C:\ProgramData\Microsoft SkyDrive =>.Microsoft Corporation
O43 - CFD: 10/12/2013 - 09:57:50 - [] -SH-D C:\ProgramData\Modèles
O43 - CFD: 29/07/2014 - 15:56:38 - [] ----D C:\ProgramData\Norton
O43 - CFD: 08/10/2013 - 21:56:19 - [] ----D C:\ProgramData\NortonInstaller
O43 - CFD: 08/10/2013 - 21:28:52 - [] ----D C:\ProgramData\Package Cache
O43 - CFD: 26/12/2013 - 14:15:00 - [] ----D C:\ProgramData\PRICache
O43 - CFD: 27/04/2014 - 21:02:54 - [] ----D C:\ProgramData\regid.1991-06.com.microsoft
O43 - CFD: 29/07/2014 - 10:34:03 - [] ----D C:\ProgramData\RogueKiller
O43 - CFD: 26/07/2012 - 09:22:08 - [] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 08/10/2013 - 21:32:49 - [] ----D C:\ProgramData\Synaptics
O43 - CFD: 08/10/2013 - 21:54:37 - [] ----D C:\ProgramData\Temp
O43 - CFD: 26/07/2012 - 09:22:08 - [] -SH-D C:\ProgramData\Templates
O43 - CFD: 23/07/2013 - 22:02:04 - [] ----D C:\ProgramData\WildTangent
O43 - CFD: 23/07/2013 - 21:52:57 - [] ----D C:\ProgramData\{4A268D42-77A5-4E91-AE73-470ED3BD9CA8}
O43 - CFD: 10/12/2013 - 12:11:35 - [] ----D C:\Users\karine\AppData\Roaming\Adobe
O43 - CFD: 04/06/2014 - 13:16:08 - [0] ----D C:\Users\karine\AppData\Roaming\Advanced System Protector =>PUP.AdvancedSystemProtector
O43 - CFD: 02/02/2014 - 13:12:17 - [] ----D C:\Users\karine\AppData\Roaming\AVAST Software
O43 - CFD: 04/06/2014 - 13:15:43 - [] ----D C:\Users\karine\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 13/02/2014 - 20:30:35 - [] ----D C:\Users\karine\AppData\Roaming\CyberLink
O43 - CFD: 26/06/2014 - 13:58:55 - [] ----D C:\Users\karine\AppData\Roaming\EZDownloader
O43 - CFD: 10/12/2013 - 12:30:34 - [] ----D C:\Users\karine\AppData\Roaming\Hewlett-Packard
O43 - CFD: 25/12/2013 - 01:29:39 - [] ----D C:\Users\karine\AppData\Roaming\hpqlog
O43 - CFD: 10/12/2013 - 12:16:20 - [] ----D C:\Users\karine\AppData\Roaming\Macromedia
O43 - CFD: 25/07/2014 - 11:54:03 - [] -S--D C:\Users\karine\AppData\Roaming\Microsoft
O43 - CFD: 10/12/2013 - 12:10:23 - [] ----D C:\Users\karine\AppData\Roaming\Synaptics
O43 - CFD: 04/06/2014 - 16:50:38 - [] ----D C:\Users\karine\AppData\Roaming\systweak
O43 - CFD: 29/07/2014 - 15:52:45 - [0] ----D C:\Users\karine\AppData\Roaming\uTorrent =>P2P.µTorrent
O43 - CFD: 10/12/2013 - 12:25:50 - [] ----D C:\Users\karine\AppData\Roaming\WildTangent
O43 - CFD: 29/07/2014 - 17:54:10 - [] ----D C:\Users\karine\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 06/03/2014 - 09:29:20 - [0] ----D C:\Users\karine\AppData\Local\Adobe
O43 - CFD: 10/12/2013 - 12:08:47 - [] -SH-D C:\Users\karine\AppData\Local\Application Data
O43 - CFD: 06/04/2014 - 12:43:50 - [] ----D C:\Users\karine\AppData\Local\Apps
O43 - CFD: 10/12/2013 - 12:13:29 - [] ----D C:\Users\karine\AppData\Local\CyberLink
O43 - CFD: 11/07/2014 - 18:44:30 - [0] ----D C:\Users\karine\AppData\Local\Deployment
O43 - CFD: 28/07/2014 - 21:42:47 - [] ----D C:\Users\karine\AppData\Local\Diagnostics
O43 - CFD: 26/12/2013 - 13:45:57 - [] ----D C:\Users\karine\AppData\Local\Downloaded Installations
O43 - CFD: 27/12/2013 - 16:43:51 - [] ----D C:\Users\karine\AppData\Local\Facebook
O43 - CFD: 04/06/2014 - 13:13:12 - [] ----D C:\Users\karine\AppData\Local\globalUpdate
O43 - CFD: 25/12/2013 - 01:29:35 - [] ----D C:\Users\karine\AppData\Local\Hewlett-Packard
O43 - CFD: 10/12/2013 - 12:08:47 - [] -SH-D C:\Users\karine\AppData\Local\Historique
O43 - CFD: 10/12/2013 - 12:31:03 - [0] ----D C:\Users\karine\AppData\Local\HP Quick Start
O43 - CFD: 23/07/2014 - 10:01:09 - [] ----D C:\Users\karine\AppData\Local\HPConnectedMusic
O43 - CFD: 26/12/2013 - 13:38:49 - [] ----D C:\Users\karine\AppData\Local\MediaServer
O43 - CFD: 07/01/2014 - 10:35:20 - [0] ----D C:\Users\karine\AppData\Local\MediaShow
O43 - CFD: 19/04/2014 - 22:44:38 - [] ----D C:\Users\karine\AppData\Local\Microsoft
O43 - CFD: 27/04/2014 - 18:46:50 - [0] ----D C:\Users\karine\AppData\Local\Microsoft Help
O43 - CFD: 26/12/2013 - 14:15:06 - [] ----D C:\Users\karine\AppData\Local\Packages
O43 - CFD: 10/12/2013 - 12:10:34 - [] ----D C:\Users\karine\AppData\Local\Power2Go8
O43 - CFD: 30/01/2014 - 19:24:18 - [] ----D C:\Users\karine\AppData\Local\Programs
O43 - CFD: 04/06/2014 - 13:12:38 - [] ----D C:\Users\karine\AppData\Local\Software
O43 - CFD: 29/07/2014 - 17:52:43 - [] ----D C:\Users\karine\AppData\Local\Temp
O43 - CFD: 10/12/2013 - 12:08:47 - [] -SH-D C:\Users\karine\AppData\Local\Temporary Internet Files
O43 - CFD: 10/12/2013 - 12:09:19 - [0] ----D C:\Users\karine\AppData\Local\VirtualStore
O43 - CFD: 26/07/2012 - 10:13:00 - [] R---D C:\Users\karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 26/07/2012 - 10:13:00 - [] R---D C:\Users\karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 02/06/2014 - 08:10:19 - [] R---D C:\Users\karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 26/07/2012 - 10:13:00 - [] ----D C:\Users\karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 02/06/2014 - 08:10:19 - [] R---D C:\Users\karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 24/07/2013 - 06:40:21 - [] R---D C:\Users\karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
~ Program Folder: 128 Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.58CC013EFA9893057160EDA018D8ADCE] - 15/07/2014 - 23:51:05 ---A- . (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\Drivers\hdaudbus.sys [71168]
O44 - LFC:[MD5.6F297C3AD5E0F188E9539D0F0F385941] - 19/07/2014 - 13:01:04 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [428688]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/07/2014 - 13:47:42 ---A- . (...) -- C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt [0]
O44 - LFC:[MD5.357CEBBCD99C8928A2D1A61A6CACC168] - 25/07/2014 - 11:27:23 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\Windows\avastSS.scr [43152]
O44 - LFC:[MD5.A5757DE5F9C83AB40667A53D5126EA40] - 25/07/2014 - 11:27:24 ---A- . (.AVAST Software - avast! WFP Redirect Driver.) -- C:\Windows\System32\Drivers\aswRdr2.sys [93568]
O44 - LFC:[MD5.D95E64416A4A3ED6986E0F474DA934BD] - 25/07/2014 - 11:27:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.645D97385F3F284FB5604F9B970F4D24] - 25/07/2014 - 11:27:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O44 - LFC:[MD5.471A311745848B80339436688A8286E6] - 25/07/2014 - 11:27:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896]
O44 - LFC:[MD5.48DED912CDE54FC0923B9858512366E1] - 25/07/2014 - 11:27:25 ---A- . (.AVAST Software - Stream Filter.) -- C:\Windows\System32\Drivers\aswStm.sys [92008]
O44 - LFC:[MD5.FF1E537A3632CBB9A0BF72B9FD0878D5] - 25/07/2014 - 11:27:25 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2.) -- C:\Windows\System32\Drivers\aswMonFlt.sys [79184]
O44 - LFC:[MD5.B8FDEDE963B82CFD23B3A53A3084666D] - 25/07/2014 - 11:27:25 ---A- . (.AVAST Softw
Tu as dû installer des logiciels potentiellement indésirables
Pour éviter ce genre de problème :
- Ne télécharge aucun programme proposé dans des publicités ou sur des sites suspects. A noter que certains sites connus comme Softronic, Tuto4PC, etc modifient parfois les programmes proposés au téléchargement pour y ajouter des logiciels publicitaires ==> Préfère toujours le téléchargement directement sur le site de l'éditeur.
- Au cours de l'installation d'un programme gratuit, lis bien attentivement et décoche tous les programmes additionnels qui sont proposés, en particulier les barres d'outils.
Pour ton information lis ces dossier sur les Programmes Potentiellement Indésirables et Les Barres d'Outils ce n'est pas obligatoires
* Télécharge cet outil simple d'utilisation
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
* Si problème avec le 1er lien prends le ici https://www.commentcamarche.net/telecharger/securite/2759-adwcleaner/
* Lance le (Sous vista/seven/8 clic droit dessus,et sur exécuter en tant qu'administrateur)si tu es sous xp double cliques dessus
* Cliques sur scanner
* Poste le rapport de recherche C:\Adwcleaner[R]
* Note le rapport de recherche est également sauvegardé sous C:\Adwcleaner[R1]
* Héberge le rapport sur cjoint
* Pour t'aider https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
Pour éviter ce genre de problème :
- Ne télécharge aucun programme proposé dans des publicités ou sur des sites suspects. A noter que certains sites connus comme Softronic, Tuto4PC, etc modifient parfois les programmes proposés au téléchargement pour y ajouter des logiciels publicitaires ==> Préfère toujours le téléchargement directement sur le site de l'éditeur.
- Au cours de l'installation d'un programme gratuit, lis bien attentivement et décoche tous les programmes additionnels qui sont proposés, en particulier les barres d'outils.
Pour ton information lis ces dossier sur les Programmes Potentiellement Indésirables et Les Barres d'Outils ce n'est pas obligatoires
* Télécharge cet outil simple d'utilisation
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
* Si problème avec le 1er lien prends le ici https://www.commentcamarche.net/telecharger/securite/2759-adwcleaner/
* Lance le (Sous vista/seven/8 clic droit dessus,et sur exécuter en tant qu'administrateur)si tu es sous xp double cliques dessus
* Cliques sur scanner
* Poste le rapport de recherche C:\Adwcleaner[R]
* Note le rapport de recherche est également sauvegardé sous C:\Adwcleaner[R1]
* Héberge le rapport sur cjoint
* Pour t'aider https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
pas de connexion internet à cause du proxy: code ERR PROXY CONNECTION FAILED
j"ai un HP Pavilion avec windows 8
voici le rapport de roguekiller:
RogueKiller V10.0.4.0 [Oct 29 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 8.1 (6.3.9200 ) 64 bits version
Démarré en : Mode normal
Utilisateur : kille_000 [Administrateur]
Mode : Scan -- Date : 11/09/2014 15:56:55
¤¤¤ Processus : 9 ¤¤¤
[Suspicious.Path] iLivid.exe -- C:\Users\kille_000\AppData\Local\iLivid\iLivid.exe[7] -> Tué(e) [TermProc]
[Suspicious.Path] StartMenuIndexer.exe -- C:\Users\kille_000\AppData\Local\Pokki\Engine\StartMenuIndexer.exe[7] -> Tué(e) [TermProc]
[Suspicious.Path] HostAppService.exe -- C:\Users\kille_000\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Tué(e) [TermProc]
[Suspicious.Path] HostAppService.exe -- C:\Users\kille_000\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Tué(e) [TermThr]
[Suspicious.Path] (SVC) MaintainerSvc3.38.8461645 -- "C:\ProgramData\5fd2ca9d-b04a-4998-b7e8-2d30ebba8fbe\maintainer.exe"[7] -> Arrêté(e)
[PUP] (SVC) servervo -- C:\Users\kille_000\AppData\Roaming\VOPackage\VOsrv.exe[-] -> Arrêté(e)
[PUP] (SVC) UniversalUpdater -- C:\Program Files (x86)\0ca45c95134d\cf3e08d747e4.exe[-] -> Arrêté(e)
[Suspicious.Path] (SVC) utspYR -- "C:\ProgramData\GXLBkvo\utspYR.exe"[7] -> ERROR [41c]
[PUP] (SVC) WindowsMangerProtect -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service[-] -> Arrêté(e)
¤¤¤ Registre : 44 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} -> Trouvé(e)
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} -> Trouvé(e)
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} -> Trouvé(e)
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Trouvé(e)
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} -> Trouvé(e)
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} -> Trouvé(e)
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} -> Trouvé(e)
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} -> Trouvé(e)
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Boxore Client : C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe -> Trouvé(e)
[PUP] (X64) HKEY_USERS\S-1-5-21-1056588063-3516213221-3264483551-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform -> Trouvé(e)
[PUP] (X64) HKEY_USERS\S-1-5-21-1056588063-3516213221-3264483551-1001\Software\Microsoft\Windows\CurrentVersion\Run | iLivid : "C:\Users\kille_000\AppData\Local\iLivid\iLivid.exe" -autorun -> Trouvé(e)
[PUP] (X86) HKEY_USERS\S-1-5-21-1056588063-3516213221-3264483551-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform -> Trouvé(e)
[PUP] (X86) HKEY_USERS\S-1-5-21-1056588063-3516213221-3264483551-1001\Software\Microsoft\Windows\CurrentVersion\Run | iLivid : "C:\Users\kille_000\AppData\Local\iLivid\iLivid.exe" -autorun -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MaintainerSvc3.38.8461645 ("C:\ProgramData\5fd2ca9d-b04a-4998-b7e8-2d30ebba8fbe\maintainer.exe") -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\servervo (C:\Users\kille_000\AppData\Roaming\VOPackage\VOsrv.exe) -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Software_update (C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe /svc) -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Software_update_m (C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe /medsvc) -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UniversalUpdater (C:\Program Files (x86)\0ca45c95134d\cf3e08d747e4.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\utspYR ("C:\ProgramData\GXLBkvo\utspYR.exe") -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MaintainerSvc3.38.8461645 ("C:\ProgramData\5fd2ca9d-b04a-4998-b7e8-2d30ebba8fbe\maintainer.exe") -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\servervo (C:\Users\kille_000\AppData\Roaming\VOPackage\VOsrv.exe) -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Software_update (C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe /svc) -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Software_update_m (C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe /medsvc) -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UniversalUpdater (C:\Program Files (x86)\0ca45c95134d\cf3e08d747e4.exe) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\utspYR ("C:\ProgramData\GXLBkvo\utspYR.exe") -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.sweet-page.com/?type=hp&ts=1410628470&from=cor&uid=HGSTXHTS541010A9E680_JD1008CCJZ73YVJZ73YVX -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1056588063-3516213221-3264483551-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://rts.dsrlte.com?affID=na -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1056588063-3516213221-3264483551-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://rts.dsrlte.com?affID=na -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.sweet-page.com/web/?type=ds&ts=1410628470&from=cor&uid=HGSTXHTS541010A9E680_JD1008CCJZ73YVJZ73YVX&q={searchTerms} -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1056588063-3516213221-3264483551-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/...{searchTerms} -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1056588063-3516213221-3264483551-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/...{searchTerms} -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE2E8184-0721-4326-8836-D49B900584C9} | DhcpNameServer : 10.70.27.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AE2E8184-0721-4326-8836-D49B900584C9} | DhcpNameServer : 10.70.27.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
¤¤¤ Tâches : 5 ¤¤¤
[Suspicious.Path] AmiUpdXp.job -- C:\Users\kille_000\AppData\Local\29261\a4947.exe -> Trouvé(e)
[Suspicious.Path] Groovorio.job -- C:\Users\KILLE_~1\AppData\Roaming\GROOVO~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Trouvé(e)
[Suspicious.Path] HOCEUWN.job -- C:\Users\kille_000\AppData\Roaming\HOCEUWN.exe (/infocmdline=xNm3uP0gnZ8unM+YLPUCnGHoK0a32xCSWUhuVOG0oNt6lDwcRiQQiHSkh6S5opv9AKqw+DXvcmMoPxJB3liPl6ljQsntITQHcwYgGN3AgSFSe4iLlaY9THo3E6eowzmZIAEIftGYBjiLGm1xpMW2/T8ElJ9Kr8JPtwSYXVl4Z/ZziikrMKVKaos8gQz5e1FeZL0EEwl52fuGUdqLCiHc38yy7po1Vi+fW+YQBMQQp+umjx78oWymeTDUeM2Jeba5V5Ba0umeOxReBg6/HWxX8y9HFfM6FqJBfnA5PW2PG6vCRbBEczzXwa/HvwrbYyr2ybp9DpA20lmbcAzDQnlM4R4EvXoSH1+1l0Dcgb2GdKk9MwRkV89OrXCWudvdp4zqjjBBUxgZPpWLrzQB3V7EoEbQeF91Vin2V4gRcbiz4WqWvGehBz6ZT9/PHamGSYCvpxOoV2WkCvi12oWmls1eS0GXDtVdNpkv4ewJ6ijIOg8vMMnDSSRfP1jY133KQq7a) -> Trouvé(e)
[Suspicious.Path] KYZNYC.job -- C:\Users\kille_000\AppData\Roaming\KYZNYC.exe (/infocmdline=LbGqyuqP9SFIiD4jZyOSiLr8qDk2z/RO/6dbkrc17e2P9d4A9yO3oZy4+KM5eIOSzzrTHwQslQdN5Tiq/GhM7QzSoE39+c/Mj9G3QOwNgYWOH2dM7foam2tLW+4ZDp6lpu3jiUaiveEjQvHyKMkMPPjzWdLkJg3QoSDmUr6lU/RQemIUvKvIdkcPhVk7wXuzzflz3DeZ75cFe+ecwfrbHzycPdEI9mIfjAKoNtJGLuPDgLeo2cLpunnCVyNF2H0wNmLX/5/QjJxvyeSfbdvWv+MSUoKGGfrV6mSE+2cxdr3iPJ+kqXuelqfeuXD0hhxth3SsPtDA13RS2ijfgwfKl7gEkSM/dY0CTZA2i6wq5iV+K45srty2LLfBbWKuLEg+jGkOMn4MCEq3IuE6Se/6pxkuIGmx7EjKrWWYhnh1zSO47htru5+a5UV3jjE5dFqs7Za7/7cWzv8Snm3BOJk8IA7LF1Jce1v06FECRQni6tPonU/JADXrmyhhy+LM3JDF) -> Trouvé(e)
[Suspicious.Path] \\Groovorio -- C:\Users\KILLE_~1\AppData\Roaming\GROOVO~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Trouvé(e)
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 5 (Driver: Non chargé [0x20]) ¤¤¤
[IAT:Inl] (***@***) KERNEL32.dll - CreateThreadpoolIo : Unknown @ 0x45026500 (jmp 0xffffffffcfdf5779)
[IAT:Addr] (***@***) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\Windows\SYSTEM32\clbcatq.dll @ 0x77203206
[IAT:Addr] (***@***) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\Windows\SYSTEM32\clbcatq.dll @ 0x7720278d
[IAT:Inl] (***@***) KERNEL32.dll - CreateThreadpoolIo : Unknown @ 0x45026500 (jmp 0xffffffffcfdf5779)
[IAT:Inl] (***@***) WS2_32.dll - WSARecv : Unknown @ 0x45025620 (jmp 0xffffffffcf93eabb)
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541010A9E680 +++++
--- User ---
[MBR] 672ffe292cd6adfaad4b79eefcf0f31b
[BSP] 605512f9ad89fdbbc435868f052ac319 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: USB DISK 2.0 USB Device +++++
--- User ---
[MBR] 920a93d9005b3184086ab14f198d61d7
[BSP] 7b1ab5c71ebaf61b2d7a1051cbb539c8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 15268 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
Que dois je faire???
cordialement
* Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, clique sur Scan
* Vérifie que tous les éléments sont cochés puis clique sur Suppression
* Poste le rapport RKreport.txt présent sur le bureau.