Recherche aide pour enlèver Dclogs

j'ai besoin de reboot le pc avant de faire ca? car ayant fait le scan de malwarebytes ...

j'ai reboot , comme ca le dclog revient ( normalement) je fais actuellement le scan sur ZHPDiag

Poste moi le rapport de Malwaresbytes;merci

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/11/2014
Scan Time: 07:31:40
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.02.02
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: rodrigo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339885
Time Elapsed: 13 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Malware.Trace, HKU\S-1-5-21-1940165818-1852188719-4095088488-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, Quarantined, [a654999d99e3ba7ca2e4aa5a1ee68b75],

Registry Values: 1
Hijack.Shell.Gen, HKU\S-1-5-21-1940165818-1852188719-4095088488-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell, explorer.exe,C:\Users\rodrigo\AppData\Roaming\msscfg\msscfg.exe, Quarantined, [6e8c7abc5a228da9e2d4ad55c242748c]

Registry Data: 0
(No malicious items detected)

Folders: 1
Stolen.Data, C:\Users\rodrigo\AppData\Roaming\dclogs, Quarantined, [6d8de353bac269cdfe3547ec966e51af],

Files: 1
Stolen.Data, C:\Users\rodrigo\AppData\Roaming\dclogs\2014-11-02-1.dc, Quarantined, [6d8de353bac269cdfe3547ec966e51af],

Physical Sectors: 0
(No malicious items detected)


(end)

voici le rapport ZHPDiag : https://pjjoint.malekal.com/files.php?id=ZHPDiag_20141102_t6e8p10l11x14

https://www.virustotal.com/gui/file/916b82b0db49b82b92b622813a08e2e176690586d885d31a6950689943e0bb17

ce lien ci?

oui justement je stop de télécharger des cracks ou autres jeux sur le net maintenant...

le rapport :

Rapport de ZHPFix 2014.10.24.12 par Nicolas Coolman, Update du 24/10/2014
Fichier d'export Registre :
Run by rodrigo at 02/11/2014 15:38:11
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Corbeille vidée (00mn 03s)
Dossier Prefetcher vidé
Réparation des raccourcis navigateur

========== Clés du Registre ==========
SUPPRIMÉ: HKCU\Software\DC3_FEXEC
SUPPRIMÉ: HKLM\Software\Wow6432Node\Better Surf Plus
SUPPRIMÉ: HKLM\Software\Wow6432Node\Better-Surf
SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8B1881C3-A40C-4DF3-BFD2-CCD2FEDD7D83}
SUPPRIMÉ:* HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
SUPPRIMÉ:* HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
SUPPRIMÉ: CLSID BHO: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}
SUPPRIMÉ: SearchScopes :{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
SUPPRIMÉ: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
SUPPRIMÉ:* HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
SUPPRIMÉ:* StartupReg: msscfg

========== Valeurs du Registre ==========
SUPPRIMÉ: Toolbar: {EF79F67A-6AD7-4715-A0F8-932FCA442023}
SUPPRIMÉ RunValue: msscfg
Aucune Valeur Standard Profile: FirewallRaz :
Aucune Valeur Domain Profile: FirewallRaz :
SUPPRIMÉ: FirewallRaz (None) : {81425942-B415-40E7-8161-CF468411A763}

========== Dossiers ==========
Aucun dossiers CLSID Local utilisateur vide

========== Fichiers ==========
SUPPRIMÉ: c:\program files (x86)\iobit\iobit malware fighter\adsremoval\ie\adblock.dll
SUPPRIMÉ Redémarrage: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-1940165818-1852188719-4095088488-1000core
SUPPRIMÉ Redémarrage: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-1940165818-1852188719-4095088488-1000ua
SUPPRIMÉ Redémarrage: c:\users\rodrigo\appdata\roaming\msscfg\msscfg.exe
SUPPRIMÉS Temporaires Windows (75) (51 260 503 octets)

========== Tache planifiée ==========
SUPPRIMÉ: OptimizerPro1UpdaterTask{1B191176-1AC1-416A-AF67-6E89F492B445}
SUPPRIMÉ: {64AC7A91-73A5-42B0-BCCC-72A2DAAB4D0B}
SUPPRIMÉ: {7681C24C-4895-40CF-A78E-C2D440BC4FAE}
SUPPRIMÉ: {81BA8D14-154A-4197-92B0-B38B303EB5BC}
SUPPRIMÉ: {C199F7D0-4862-41E9-92C5-69F072FA1A2B}


========== Récapitulatif ==========
11 : Clés du Registre
5 : Valeurs du Registre
1 : Dossiers
5 : Fichiers
5 : Tache planifiée


End of clean in 00mn 25s

========== Chemin de fichier rapport ==========
C:\Users\rodrigo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/11/2014 15:38:14 [2573]

dois-je changer aussi les mot de passes de jeux que j'utilise ( style ceux de battle.net , steam) ?
je suis entrain de faire le rapport de ZHPDiag

Tous les mots de passe que tu utilises sur ce PC

voici le rapport de ZHPDiag ,

~ Rapport de ZHPDiag v2014.11.2.154 - Nicolas Coolman (28/10/2014)
~ Lancé par rodrigo (02/11/2014 15:50:09)
~ Adresse du Site Web https://nicolascoolman.eu
~ Adresse du Forum https://nicolascoolman.eu
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 30.0

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 32W74
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.0.3.1025
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v4.15

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 15 Plugin
Adobe Reader XI
Java 7 Update 17 (64-bit)

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6134 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 473 GB (34%) free of 1387 GB

---\\ Mode de connexion au système
~ Computer Name: RODRIGO-PC
~ User Name: rodrigo
~ All Users Names: rodrigo, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\rodrigo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\rodrigo\AppData\Roaming\
~ %Desktop% : C:\Users\rodrigo\Desktop\
~ %Favorites% : C:\Users\rodrigo\Favorites\
~ %LocalAppData% : C:\Users\rodrigo\AppData\Local\
~ %StartMenu% : C:\Users\rodrigo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 473 Go of 1387 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Free 0 Go of 3 Go)
F: Hard drive, Flash drive, Thumb drive (Free 3 Go of 10 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.3AC8E863526FE25FEAFC90317EB236AD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/10/2014 - 23:53:53.) -- C:\Windows\System32\wininet.dll [1188864]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.14/10/2014 - 23:52:14.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/1640
~ Mes musiques (My Musics) : 1/71
~ Mes Videos (My Videos) : 1/37
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 2/1973
~ Mon Bureau (My Desktop) : 1/5338
~ Menu demarrer (Programs) : 1/67
~ Hidden Files: Scanned in 00mn 08s



---\\ Processus lancés
[MD5.69265BC7D6B30C7AAAFA45D411039455] - (.IObit - Advanced SystemCare 7 Monitor.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [785696] [PID.2240]
[MD5.4F011F572DAC7057DF9D6E9064AA77E8] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488] [PID.3260]
[MD5.9C350E8F337DDB4BA17E92BBE14B8FAB] - (.Alienware Corporation - Alienware AlienFX Controller.) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [58696] [PID.3300]
[MD5.EEEE8140E6B06EEA12117597A19221B7] - (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2386720] [PID.3512]
[MD5.ECF45E3FC8C63E44ED45D38A8672E7F1] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [275768] [PID.3336]
[MD5.D88B2D487439305A2EC308A6796C3044] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.3524]
[MD5.14D6542607ACD4B2D1DDB1A36E0D8813] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744] [PID.1124]
[MD5.D0D99257DDDCDDBE998AF7CA14E85BD0] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.4524]
[MD5.9843F58DF3E2908D1FED4DF4B8747E51] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.4580]
[MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.4612]
[MD5.66A4A7C7802E0968E07647999FFC87E2] - (.Google Inc. - Google Chrome.) -- C:\Users\rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe [854344] [PID.3868]
[MD5.AFB59FE22EA9C805919E5B6E87CCA774] - (.Alienware - AlienFXHook32 Manager.) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe [13624] [PID.4824]
[MD5.058F2D06C66B49E7FEC21587222732ED] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8118272] [PID.4492]
[MD5.3FD909ED46EC85442820ECB6DB9A897D] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [410952] [PID.952]
[MD5.C5679E5186B2FC95BC76A8A9870D5456] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704] [PID.1760]
[MD5.608D6A90E989C6522F170E5526A64BF4] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1844]
[MD5.1F79342D9EB530A48742F651E570983A] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176] [PID.1912]
[MD5.E4938E0A376CF0B9D989EE5C0A146891] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520] [PID.1944]
[MD5.507E699BD36530491BA0F95251B22F06] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912] [PID.1060]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\rodrigo\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 1 Legitimates Filtered in 00mn 13s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\rodrigo\AppData\Roaming\Mozilla\Firefox\Profiles\dwool5ns.default\prefs.js
M0 - MFSP: prefs.js [rodrigo - dwool5ns.default] http://www.golsearch.com
M2 - MFEP: prefs.js [rodrigo - dwool5ns.default\adremoveext@adremoveext.net] [] Ads Removal v1.0.0 (..)
M2 - MFEP: prefs.js [rodrigo - dwool5ns.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.golsearch.com
~ IE Browser: 24 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (19)
~ Hosts File: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [rodrigo]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\rodrigo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [rodrigo]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\rodrigo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 3 Legitimates Filtered in 00mn 03s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [AlienFX Controller] . (.Alienware Corporation - Alienware AlienFX Controller.) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\Run: [Thermal Controller] . (.Alienware Corp. - ThermalController.) -- C:\Program Files\Alienware\Command Center\ThermalController.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\rodrigo\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [msscfg] C:\Users\rodrigo\AppData\Roaming\msscfg\msscfg.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [IObit Malware Fighter] . (.IObit - IObit Malware Fighter.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1940165818-1852188719-4095088488-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1940165818-1852188719-4095088488-1000\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKUS\S-1-5-21-1940165818-1852188719-4095088488-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\rodrigo\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1940165818-1852188719-4095088488-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\rodrigo\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-1940165818-1852188719-4095088488-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-1940165818-1852188719-4095088488-1000\..\Run: [msscfg] C:\Users\rodrigo\AppData\Roaming\msscfg\msscfg.exe (.not file.)
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com
O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com
O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B4D0A8D-7A28-403A-B453-D39A50897493}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{80C21BBA-B500-4058-BD02-E4575916B9D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{95FE283C-69EF-4F54-9424-FC918A61F1BF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{966DCC73-A083-4E1F-A65B-FBACEE86E82C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB60DACE-8411-4BA5-A2A8-15070994B634}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D72A72BB-9765-4A3C-8EF6-93D94D64C7F5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC58C82A-EF3C-46F9-A66A-D361EE7CFB1B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF24FD79-FD47-450A-9DFE-2D5CAF8D1783}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B4D0A8D-7A28-403A-B453-D39A50897493}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{80C21BBA-B500-4058-BD02-E4575916B9D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{95FE283C-69EF-4F54-9424-FC918A61F1BF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{966DCC73-A083-4E1F-A65B-FBACEE86E82C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{BB60DACE-8411-4BA5-A2A8-15070994B634}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D72A72BB-9765-4A3C-8EF6-93D94D64C7F5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DC58C82A-EF3C-46F9-A66A-D361EE7CFB1B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DF24FD79-FD47-450A-9DFE-2D5CAF8D1783}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3B4D0A8D-7A28-403A-B453-D39A50897493}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{80C21BBA-B500-4058-BD02-E4575916B9D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{95FE283C-69EF-4F54-9424-FC918A61F1BF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{966DCC73-A083-4E1F-A65B-FBACEE86E82C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{BB60DACE-8411-4BA5-A2A8-15070994B634}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D72A72BB-9765-4A3C-8EF6-93D94D64C7F5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{DC58C82A-EF3C-46F9-A66A-D361EE7CFB1B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{DF24FD79-FD47-450A-9DFE-2D5CAF8D1783}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GoToAssist . (.Citrix Online, a division of Citrix Systems - Citrix Online GoToAssist Corporate.) -- C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{046A5A34-9D0B-435C-AF19-BCE5E452B915}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe [97856]
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{0738CB7A-716C-4723-9760-1DBFDF485A94}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe [97856]
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{33035D2F-7F76-4386-91E4-D992BF1C5804}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe [97856]
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{421997EA-448A-45E3-B852-A4C73EE8C19B}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe [97856]
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{556EA2D5-048C-4B21-AEBD-B405B1F7FEA1}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe [97856]
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{6ACA731F-D696-449D-BAF6-39CE2C438699}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe [97856]
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{83C2F98F-7D69-4C3C-B70F-87F08E868408}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe [97856]
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{8FA3D985-ACB8-456D-BCA5-FC9F1B7CCE57}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe [97856]
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{9AA282FD-38D2-4C0B-95BA-A56A662334BA}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe [97856]
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{C57515EA-5E18-412C-ADF3-F2B24FAD8A8A}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe [97856]
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{C753373C-34CF-499F-B98F-5AF89227CA63}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe [97856]
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{CC17A894-D52A-478E-AD2D-92F17BB72A7C}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe [97856]
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{E0904AAA-C01A-433B-808F-41A77B07A599}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe [97856]
[MD5.B240ED07816893746CE7CDDD95C166BF] [APT] [{E1F5B509-BE87-4E8D-95FA-61C128EC1B51}] (...) -- C:\Riot Games\League of Legends\lol.launcher.exe [97856]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1940165818-1852188719-4095088488-1000Core [914]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1940165818-1852188719-4095088488-1000UA [936]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1940165818-1852188719-4095088488-1000Core [1034]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1940165818-1852188719-4095088488-1000UA [1086]
~ Scheduled Task: 35 Legitimates Filtered in 00mn 03s



---\\ Logiciels installés (O42)
O42 - Logiciel: Astebreed version 1.0 - (.Edelweiss.) [HKLM][64Bits] -- {E3848ADA-B107-47E2-816C-C84A51E333CF}_is1
O42 - Logiciel: Broforce - (.Free Lives.) [HKLM][64Bits] -- Steam App 274190
O42 - Logiciel: Castle Story - (.Sauropod Studio.) [HKLM][64Bits] -- Steam App 227860
O42 - Logiciel: Circuits - (.Digital Tentacle.) [HKLM][64Bits] -- Steam App 282760
O42 - Logiciel: Craft The World - (...) [HKLM][64Bits] -- Steam App 248390
O42 - Logiciel: Crawl - (.Powerhoof.) [HKLM][64Bits] -- Steam App 293780
O42 - Logiciel: Crypt of the NecroDancer - (.Brace Yourself Games.) [HKLM][64Bits] -- Steam App 247080
O42 - Logiciel: Deadly 30 - (.Ignatus Zuk and Gonzalo Villagomez.) [HKLM][64Bits] -- Steam App 264730
O42 - Logiciel: Evolve - (.Turtle Rock Studios.) [HKLM][64Bits] -- Steam App 273350
O42 - Logiciel: FaceRig - (.Holotech Studios.) [HKLM][64Bits] -- Steam App 274920
O42 - Logiciel: Godus - (...) [HKLM][64Bits] -- Steam App 232810
O42 - Logiciel: Hammerwatch - (...) [HKLM][64Bits] -- Steam App 239070
O42 - Logiciel: Handy Updater - (...) [HKLM][64Bits] -- HandyUpdater
O42 - Logiciel: How to Survive - (...) [HKLM][64Bits] -- Steam App 250400
O42 - Logiciel: Ingato Client - (.Ingato LTD.) [HKLM][64Bits] -- Ingato Client 1.68
O42 - Logiciel: Kingdom Rush - (...) [HKLM][64Bits] -- S2luZ2RvbVJ1c2g=_is1
O42 - Logiciel: MechWarrior Online - (.Piranha Games Inc..) [HKLM][64Bits] -- {1B2EC53E-FB7C-40E7-A4E8-504171771FC0}
O42 - Logiciel: MechWarrior Online - (.Piranha Games Inc..) [HKLM][64Bits] -- {73bcb521-8936-42d7-ad00-ec2bb399e26c}
O42 - Logiciel: No More Room in Hell - (.No More Room in Hell Team.) [HKLM][64Bits] -- Steam App 224260
O42 - Logiciel: Over 9000 Zombies! - (.Loren Lemcke.) [HKLM][64Bits] -- Steam App 273500
O42 - Logiciel: Pixel Piracy - (.Vitali Kirpu.) [HKLM][64Bits] -- Steam App 264140
O42 - Logiciel: Receiver - (.Wolfire Games.) [HKLM][64Bits] -- Steam App 234190
O42 - Logiciel: Risk of Rain - (...) [HKLM][64Bits] -- Steam App 248820
O42 - Logiciel: Savant - Ascent - (.DPad Studios.) [HKLM][64Bits] -- Steam App 259530
O42 - Logiciel: Streamtip Alerter - (.NightDev, LLC.) [HKLM][64Bits] -- {946E75BA-B3DA-470C-80EC-66AE17107334}_is1
O42 - Logiciel: The Bridge - (...) [HKLM][64Bits] -- The Bridge_is1
O42 - Logiciel: The Bureau: XCOM Declassified - (.2K Marin.) [HKLM][64Bits] -- Steam App 65930
O42 - Logiciel: The Escapists - (.Mouldy Toof Studios.) [HKLM][64Bits] -- Steam App 298630
O42 - Logiciel: The Expendabros - (.Free Lives.) [HKLM][64Bits] -- Steam App 312990
O42 - Logiciel: The Stomping Land - (.SuperCrit.) [HKLM][64Bits] -- Steam App 263440
O42 - Logiciel: Tower Wars - (.SuperVillain Studios.) [HKLM][64Bits] -- Steam App 214360
O42 - Logiciel: Valiant Hearts: The Great War - (...) [HKLM][64Bits] -- VmFsaWFudEhlYXJ0c1RoZUdyZWF0V2Fy_is1
~ Logic: 23 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Demiurge Studios]
[HKCU\Software\Digital Tentacle S.L.]
[HKCU\Software\EightyEightGames]
[HKCU\Software\Failbetter Games]
[HKCU\Software\Games Foundry]
[HKCU\Software\Holotech]
[HKCU\Software\Ironhide Game Studio]
[HKCU\Software\Piranha Games]
[HKCU\Software\Powerhoof]
[HKCU\Software\SmashGames]
[HKCU\Software\VITALI KIRPU & QUADRO DELTA]
[HKCU\Software\[pec]]
[HKLM\Software\Wow6432Node\8s1oB8xlLV1EB1wB]
[HKLM\Software\Wow6432Node\ADSRemoval]
[HKLM\Software\Wow6432Node\Holotech]
[HKLM\Software\Wow6432Node\Ingato LTD]
[HKLM\Software\Wow6432Node\PSXMC_FAMILY]
~ Key Software: 688 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/08/2014 - 15:32:31 - [] ----D C:\Program Files (x86)\505 Games
O43 - CFD: 30/10/2014 - 07:54:04 - [0] ----D C:\Program Files (x86)\A Wizards Lizard
O43 - CFD: 12/08/2014 - 15:35:23 - [] ----D C:\Program Files (x86)\Astebreed
O43 - CFD: 07/09/2014 - 00:06:31 - [] ----D C:\Program Files (x86)\HandyUpdater
O43 - CFD: 23/09/2014 - 08:53:37 - [] ----D C:\Program Files (x86)\Ingato LTD
O43 - CFD: 12/08/2014 - 15:41:21 - [] ----D C:\Program Files (x86)\Jumi
O43 - CFD: 12/08/2014 - 15:41:21 - [] ----D C:\Program Files (x86)\Kingdom Rush
O43 - CFD: 12/08/2014 - 15:41:27 - [] ----D C:\Program Files (x86)\MAQL
O43 - CFD: 12/08/2014 - 15:42:25 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 12/08/2014 - 15:42:28 - [] ----D C:\Program Files (x86)\Piranha Games
O43 - CFD: 12/08/2014 - 15:42:51 - [] ----D C:\Program Files (x86)\S.W.A.T. 4
O43 - CFD: 12/08/2014 - 15:42:56 - [] ----D C:\Program Files (x86)\Santas Rampage
O43 - CFD: 21/10/2014 - 03:02:35 - [] ----D C:\Program Files (x86)\Streamtip Alerter
O43 - CFD: 12/08/2014 - 16:13:52 - [] ----D C:\Program Files (x86)\The Bridge
O43 - CFD: 27/10/2014 - 13:22:38 - [] ----D C:\Program Files (x86)\The Legend of Korra
O43 - CFD: 12/08/2014 - 16:14:41 - [] ----D C:\Program Files (x86)\Valiant Hearts The Great War
O43 - CFD: 12/08/2014 - 16:15:11 - [] ----D C:\ProgramData\Arbuz
O43 - CFD: 12/08/2014 - 16:15:37 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 12/08/2014 - 16:15:39 - [] ----D C:\ProgramData\WaLMaRT
O43 - CFD: 14/10/2014 - 23:33:52 - [] ----D C:\Users\rodrigo\AppData\Roaming\capy
O43 - CFD: 12/08/2014 - 16:28:16 - [] ----D C:\Users\rodrigo\AppData\Roaming\grapefrukt games
O43 - CFD: 23/09/2014 - 08:53:22 - [] ----D C:\Users\rodrigo\AppData\Roaming\Ingato LTD
O43 - CFD: 05/08/2014 - 23:07:31 - [0] ----D C:\Users\rodrigo\AppData\Roaming\InstallDir
O43 - CFD: 14/07/2013 - 01:46:24 - [0] ----D C:\Users\rodrigo\AppData\Roaming\IonFx
O43 - CFD: 02/11/2014 - 15:40:02 - [0] ----D C:\Users\rodrigo\AppData\Roaming\msscfg
O43 - CFD: 12/08/2014 - 16:29:16 - [] ----D C:\Users\rodrigo\AppData\Roaming\ProductData
O43 - CFD: 12/08/2014 - 16:29:49 - [] ----D C:\Users\rodrigo\AppData\Roaming\StunlockStudios
O43 - CFD: 12/08/2014 - 16:25:06 - [] ----D C:\Users\rodrigo\AppData\Local\A Wizard's Lizard
O43 - CFD: 12/08/2014 - 16:25:19 - [] ----D C:\Users\rodrigo\AppData\Local\Coin
O43 - CFD: 12/08/2014 - 16:25:19 - [] ----D C:\Users\rodrigo\AppData\Local\Demiurge Studios
O43 - CFD: 23/09/2014 - 08:57:51 - [] ----D C:\Users\rodrigo\AppData\Local\Ingato
O43 - CFD: 23/09/2014 - 08:54:07 - [] ----D C:\Users\rodrigo\AppData\Local\Ingato_Client
O43 - CFD: 12/08/2014 - 16:26:23 - [] ----D C:\Users\rodrigo\AppData\Local\nuclearthrone
O43 - CFD: 12/08/2014 - 16:26:33 - [] ----D C:\Users\rodrigo\AppData\Local\Savant_Ascent
O43 - CFD: 12/08/2014 - 16:26:46 - [] ----D C:\Users\rodrigo\AppData\Local\storage
O43 - CFD: 12/08/2014 - 16:26:46 - [] ----D C:\Users\rodrigo\AppData\Local\StreamPrivacy
O43 - CFD: 21/10/2014 - 03:59:06 - [] ----D C:\Users\rodrigo\AppData\Local\streamtip-alerter
O43 - CFD: 12/08/2014 - 16:28:32 - [] ----D C:\Users\rodrigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jumi
~ Program Folder: 430 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/11/2014 - 15:40:13 ---A- . (...) -- C:\Windows\System32\Drivers\lvuvc.hs [0]
O44 - LFC:[MD5.B6E08BA45A05CB0447999D65C30B47E9] - 27/10/2014 - 09:44:25 ----- . (...) -- C:\Windows\hpwmdl27.dat [385]
O44 - LFC:[MD5.AB163E809D7D934A2425F8C5982C5711] - 27/10/2014 - 09:50:54 ---A- . (...) -- C:\Windows\win.ini [492]
O44 - LFC:[MD5.F1FCB29E85A642E7BFA75AF6E0A3E5CA] - 27/10/2014 - 09:50:59 ---A- . (...) -- C:\Windows\hpwins27.dat [198914]
O44 - LFC:[MD5.F817713E1A6670BCB1D52717D3FA1267] - 28/10/2014 - 03:13:04 ---A- . (...) -- C:\PhysicalMBR.bin [512]
~ Files: 36 Legitimates Filtered in 00mn 01s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{6be083a1-4900-11e1-a43e-00d041a6ed24}\AutoRun\command. (.Activision - The Legend of Korra Setup.) -- E:\setup.exe
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\SteelSeries Engine [Key] . (.Pas de propriétaire - SteelSeries Engine.) -- c:\program files\steelseries\steelseries engine\steelseriesengine.exe
~ SMSR Keys: 20 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:26/06/2012 - 14:14:12 ---A- . (.Pas de propriétaire - Alienware Optical Drive Filter Driver.) -- C:\Windows\System32\Drivers\AWOPFilterDriver.sys [19464]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/05/2014 - 14:21:18 ---A- . (.Visicom Media Inc. - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv_x64.sys [35440]
O58 - SDL:28/07/2014 - 15:06:24 ---A- . (.Visicom Media Inc. - ManyCam Virtual Webcam Driver.) -- C:\Windows\System32\Drivers\mcvidrv.sys [49264]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:28/07/2014 - 13:52:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 67 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 27/10/2014 - 15:50:58 ---A- . (...) -- C:\Users\rodrigo\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.111\38.0.2125.111_38.0.2125.104_chrome_updater.exe [895568]
O61 - LFC: 27/10/2014 - 15:51:07 ---A- . (...) -- C:\Users\rodrigo\Desktop\Programmes\OJ4500vG510a-f_Full_13.exe [315074928]
O61 - LFC: 28/10/2014 - 15:51:07 ---A- . (...) -- C:\Users\rodrigo\Desktop\adwcleaner_4.002.exe [1998336]
~ 16 Fichiers temporaires (Temporary files)
~ 3631 Fichiers cookies (Cookies files)
~ Files: 14 Legitimates Filtered in 00mn 10s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: OTL - (.OldTimer.)
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\rodrigo\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {CFFF915F-E5A3-47F9-B8F4-365BA344B65C} - (Yahoo! Search) - https://ch.search.yahoo.com/
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\bins_cef_win32.zip.vz.c76e53d9429d9869efb0b76c4994e03a7d44d24d_6982586 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\bins_codecs_win32.zip.vz.06cccf89664fc93437f3f508875f77a54fced4ee_3049124 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\bins_misc_win32.zip.vz.b25a31e4c1a70ee9593ffc393bfb09c18a0e19cc_6675837 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\bins_win32.zip.vz.796e5ea24bb84e549afbab3f164d7dd2f46f4127_12441948 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\gamesforwindows_win32.zip.vz.ca62115a2ffa00b856dbddb3aac3c67a12e032a2_1216660 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\public_all.zip.vz.ef937fd5e5eac6fbc9dbd76ff5d8ec1caa2c6eee_600257 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\remoteui_all.zip.vz.9ffbcb2095d8a5bd8d63ec668e25431d0645c53a_143117 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\resources_all.zip.vz.9809ed5a0d5ad516eab50d3468bffc46a807fa33_2740892 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\resources_misc_all.zip.vz.ac4ad0df6d6c67597d1430c34579dd22579ba897_3651556 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\steam_win32.zip.vz.d04f24268c579704db41b89d0f5f61edc8d19961_691666 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\strings_all.zip.vz.6f85a9a05566b3788d5a874786011dfb860f74e6_1742367 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\strings_en_all.zip.df164767483b87938ae0ff9b6732a5f5be280f46 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\tenfoot_all.zip.vz.c7936176079ec6cb4983f84ad0fdd5b4da225380_859716 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\tenfoot_ambientsounds_all.zip.888b796633f8a81789aeb026bc1aa3292d04f989 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\tenfoot_dicts_all.zip.c31ed9aaeb4a023fcbc8a26a4133ef8a6e9aae29 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\tenfoot_fonts_all.zip.7c5db178f5ebe8b1bb02aca53939040358a56342 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\tenfoot_images_all.zip.vz.6e84bf2674e8e42245bb79445a96bbff4028382c_9320899 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\tenfoot_misc_all.zip.b2edde04f992497dc6866f65bb881b84cce49c89 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\tenfoot_sounds_all.zip.vz.513680104410158b10b2b94d4ef23c83e17b7c63_1224523 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\streaming_client.exe =>.Crack,Keygen
C:\Users\rodrigo\Desktop\Programmes\AVS.Video.Converter.v8.1.1.509.Cracked-F4CG\AVSVideoConverter.exe =>.Crack,Keygen
C:\Users\rodrigo\Desktop\Programmes\AVS.Video.Converter.v8.1.1.509.Cracked-F4CG\setup.exe =>.Crack,Keygen
C:\Users\rodrigo\Desktop\Programmes\WINDOWS 7 PROGRAM\ADOBE\Adobe Photoshop CS5 Extended\Keygen.exe =>.Crack,Keygen
C:\Users\rodrigo\Desktop\Programmes\WINDOWS 7 PROGRAM\ADOBE\Adobe Photoshop CS5 Extended1\Keygen.exe =>.Crack,Keygen
C:\Users\rodrigo\Desktop\Programmes\WINDOWS 7 PROGRAM\ADOBE\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah\Keygen\keygen.exe =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\bins_cef_win32.zip.vz.c76e53d9429d9869efb0b76c4994e03a7d44d24d_6982586 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\bins_codecs_win32.zip.vz.06cccf89664fc93437f3f508875f77a54fced4ee_3049124 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\bins_misc_win32.zip.vz.b25a31e4c1a70ee9593ffc393bfb09c18a0e19cc_6675837 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\bins_win32.zip.vz.796e5ea24bb84e549afbab3f164d7dd2f46f4127_12441948 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\gamesforwindows_win32.zip.vz.ca62115a2ffa00b856dbddb3aac3c67a12e032a2_1216660 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\public_all.zip.vz.ef937fd5e5eac6fbc9dbd76ff5d8ec1caa2c6eee_600257 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\remoteui_all.zip.vz.9ffbcb2095d8a5bd8d63ec668e25431d0645c53a_143117 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\resources_all.zip.vz.9809ed5a0d5ad516eab50d3468bffc46a807fa33_2740892 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\resources_misc_all.zip.vz.ac4ad0df6d6c67597d1430c34579dd22579ba897_3651556 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\steam_win32.zip.vz.d04f24268c579704db41b89d0f5f61edc8d19961_691666 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\strings_all.zip.vz.6f85a9a05566b3788d5a874786011dfb860f74e6_1742367 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\strings_en_all.zip.df164767483b87938ae0ff9b6732a5f5be280f46 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\tenfoot_all.zip.vz.c7936176079ec6cb4983f84ad0fdd5b4da225380_859716 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\tenfoot_ambientsounds_all.zip.888b796633f8a81789aeb026bc1aa3292d04f989 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\tenfoot_dicts_all.zip.c31ed9aaeb4a023fcbc8a26a4133ef8a6e9aae29 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\tenfoot_fonts_all.zip.7c5db178f5ebe8b1bb02aca53939040358a56342 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\tenfoot_images_all.zip.vz.6e84bf2674e8e42245bb79445a96bbff4028382c_9320899 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\tenfoot_misc_all.zip.b2edde04f992497dc6866f65bb881b84cce49c89 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\package\tenfoot_sounds_all.zip.vz.513680104410158b10b2b94d4ef23c83e17b7c63_1224523 =>.Crack,Keygen
C:\Users\rodrigo\AppData\Roaming\ZHP\Quarantine\Cracked Steam.DIR\streaming_client.exe =>.Crack,Keygen
C:\Users\rodrigo\Desktop\Programmes\AVS.Video.Converter.v8.1.1.509.Cracked-F4CG\AVSVideoConverter.exe =>.Crack,Keygen
C:\Users\rodrigo\Desktop\Programmes\AVS.Video.Converter.v8.1.1.509.Cracked-F4CG\setup.exe =>.Crack,Keygen
C:\Users\rodrigo\Desktop\Programmes\WINDOWS 7 PROGRAM\ADOBE\Adobe Photoshop CS5 Extended\Keygen.exe =>.Crack,Keygen
C:\Users\rodrigo\Desktop\Programmes\WINDOWS 7 PROGRAM\ADOBE\Adobe Photoshop CS5 Extended1\Keygen.exe =>.Crack,Keygen
C:\Users\rodrigo\Desktop\Programmes\WINDOWS 7 PROGRAM\ADOBE\Adobe.Photoshop.CS5.Extended.v12.Keygen.Only.EMBRACE-Deantjah\Keygen\keygen.exe =>.Crack,Keygen
~ Files: Scanned in 04mn 32s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F70FACA6CD9085B380F0F5544E14735D] [SPRF][04/07/2014] (...) -- C:\Users\rodrigo\AppData\Roaming\7-Zip Self extracting archive.exe [657408]
[MD5.FF33D8CDF04B1D15F3808D49406BEA43] [SPRF][28/10/2014] (.Pas de propriétaire - Aut2Exe.) -- C:\Users\rodrigo\Desktop\adwcleaner_4.002.exe [1998336]
~ Files: 11 Legitimates Filtered in 00mn 01s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{AAD898CC-3832-4AB0-8608-679938F260D5}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\rodrigo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{A22A548D-67D3-4080-A1AE-3BD3CE1D9CBB}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\rodrigo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{7FFEDC0D-F675-47B7-81EB-66E5CABF8AD0}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{93DA8CC3-54C9-4191-A05C-FC1464A4A3C4}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 05s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 28/10/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 14/01/2014 881952 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
SS - | Disabled 03/09/2009 14648 | (AlienFusionService) . (.Alienware.) - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
SS - | Disabled 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Disabled 26/06/2012 13160 | (GoToAssist) . (.Citrix Online, a division of Citrix Systems.) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
SS - | Disabled 03/02/2014 9216 | (HiPatchService) . (.Hi-Rez Studios.) - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
SS - | Disabled 15/05/2014 342336 | (IMFservice) . (.IObit.) - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
SS - | Disabled 04/05/2014 2152736 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Disabled 06/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 27/07/2009 62464 | (SiHbaWakeupService) . (...) - C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
SS - | Disabled 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 28/08/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 17/09/2014 1148744 | (GfExperienceService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Demand 01/09/2014 640840 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 17/09/2014 1795912 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 17/09/2014 19439944 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 16/10/2014 933064 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 16/10/2014 410952 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 08s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by rodrigo at 02/11/2014 15:56:05
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by rodrigo at 02/11/2014 15:56:07
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/10/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 835236 Items scanned in 00mn 16s



---\\ Informations complémentaires sur les modules
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Applications lancées au démarrage du système (O4)
~ https://nicolascoolman.eu =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 3 Legitimates Filtered in 00mn 00s



~ 1369 Legitimates filtered by white list
End of the scan (634 lines in 06mn 14s)(50)

voilà je viens de le supprimer et installer la nouvelle version de java. il y a autre chose a faire encore?

ainsi que vous pouvez m'aider a desinstaller le ''Cracked Steam''?

voilà j'ai eu ceci :

# DelFix v10.8 - Rapport créé le 02/11/2014 à 16:18:33
# Mis à jour le 29/07/2014 par Xplode
# Nom d'utilisateur : rodrigo - RODRIGO-PC
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Suppression des outils de désinfection ...

Supprimé : C:\_OTL
Supprimé : C:\AdwCleaner
Supprimé : C:\Users\rodrigo\AppData\Roaming\ZHP
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Supprimé : C:\Program Files (x86)\ZHPDiag
Supprimé : C:\PhysicalDisk0_MBR.bin
Supprimé : C:\Users\rodrigo\Desktop\adwcleaner_4.002.exe
Supprimé : C:\Users\rodrigo\Desktop\login darksoul.txt
Supprimé : C:\Users\rodrigo\Desktop\OTL.exe
Supprimé : C:\Users\rodrigo\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\rodrigo\Desktop\ZHPDiag.txt
Supprimé : C:\Users\rodrigo\Desktop\ZHPDiag2.exe
Supprimé : C:\Users\rodrigo\Desktop\ZHPFix.lnk
Supprimé : C:\Users\rodrigo\Desktop\ZHPFixReport.txt
Supprimé : C:\Users\rodrigo\Desktop\ZHPFix[R1].txt
Supprimée : HKLM\SOFTWARE\OldTimer Tools
Supprimée : HKLM\SOFTWARE\AdwCleaner
Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Purge de la restauration système ...

Supprimé : RP #63 [Point de contrôle planifié | 10/30/2014 23:00:02]
Supprimé : RP #64 [Installed Java 7 Update 71 | 11/02/2014 06:36:42]
Supprimé : RP #65 [Removed Java 8 Update 25 | 11/02/2014 15:14:29]

Nouveau point de restauration créé !

########## - EOF - ##########

Merci beaucoup pour le temps que vous m'avez accordé :) passez une très bonne journée et dimanche!!

bonsoir, ce DClogs est revenu après que j'ai fait une analyse avec Malwarebytes à l'instant, mais pourtant je peux utiliser les ''^'' a nouveau, pouvez-vous m'aider encore? :/

le rapport :

Scan Date: 03/11/2014
Scan Time: 20:48:56
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.03.08
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: rodrigo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342060
Time Elapsed: 11 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Hijack.Shell.Gen, HKU\S-1-5-21-1940165818-1852188719-4095088488-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell, explorer.exe,C:\Users\rodrigo\AppData\Roaming\msscfg\msscfg.exe, Quarantined, [a4c048ef1567a393d9a418ecb450d828]

Registry Data: 0
(No malicious items detected)

Folders: 1
Stolen.Data, C:\Users\rodrigo\AppData\Roaming\dclogs, Quarantined, [7aeaf04784f896a0e11970c4e81cf20e],

Files: 1
Stolen.Data, C:\Users\rodrigo\AppData\Roaming\dclogs\2014-11-02-1.dc, Quarantined, [7aeaf04784f896a0e11970c4e81cf20e],

Physical Sectors: 0
(No malicious items detected)


(end)

Bonjour, je vous envoi le rapport ZHPDiag et merci encore de m'aider.

https://pjjoint.malekal.com/files.php?id=ZHPDiag_20141104_e12m9j6f12r8

ça doit être mon frère qui a encore télécharge qqch -.-''' je lui ai pourtant dis de ne plus toucher cet ordi, désolé , voici le rapport :

Rapport de ZHPFix 2014.10.24.12 par Nicolas Coolman, Update du 24/10/2014
Fichier d'export Registre :
Run by rodrigo at 04/11/2014 12:19:24
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Corbeille vidée (00mn 02s)
Dossier Prefetcher vidé
Réparation des raccourcis navigateur

========== Valeurs du Registre ==========
SUPPRIMÉ RunValue: msscfg
Aucune Valeur Standard Profile: FirewallRaz :
Aucune Valeur Domain Profile: FirewallRaz :

========== Dossiers ==========
Aucun dossiers CLSID Local utilisateur vide

========== Fichiers ==========
SUPPRIMÉS Temporaires Windows (46) (34 655 143 octets)


========== Récapitulatif ==========
3 : Valeurs du Registre
1 : Dossiers
1 : Fichiers


End of clean in 00mn 05s

========== Chemin de fichier rapport ==========
C:\Users\rodrigo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 04/11/2014 12:19:27 [846]

voici le rapport :

# DelFix v10.8 - Rapport créé le 04/11/2014 à 12:24:49
# Mis à jour le 29/07/2014 par Xplode
# Nom d'utilisateur : rodrigo - RODRIGO-PC
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Suppression des outils de désinfection ...

Supprimé : C:\Users\rodrigo\AppData\Roaming\ZHP
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Supprimé : C:\Program Files (x86)\ZHPDiag
Supprimé : C:\PhysicalDisk0_MBR.bin
Supprimé : C:\Users\rodrigo\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\rodrigo\Desktop\ZHPFix.lnk
Supprimé : C:\Users\rodrigo\Desktop\ZHPFixReport.txt
Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Purge de la restauration système ...

Supprimé : RP #66 [Fin de désinfection | 11/02/2014 15:18:47]
Supprimé : RP #67 [Driver Booster : Adobe AIR | 11/03/2014 10:21:38]
Supprimé : RP #68 [Windows Update | 11/03/2014 10:25:09]

Nouveau point de restauration créé !

########## - EOF - ##########

merci encore et passez une bonne journée =)

merci de même :-))