Aide pour scrit ZHPFix

Fermé
CantCarry Messages postés 3 Date d'inscription mardi 12 juillet 2016 Statut Membre Dernière intervention 12 juillet 2016 - 12 juil. 2016 à 18:40
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 12 juil. 2016 à 18:43
Bonjour, apres avoir téléchargé un fichier bourré de malwares et adwares je me retrouves avec ENORMEMENT de logiciel et pop up intempestif tels que des publicité a gauche de mon ecran cachant une partie des fenetre ouverte, ou encore Maohai Wifi, un navigateur de recherche chinois qui s'ouvre tout seul meme apres desinstallation ( il se reinstalle automatiquement ) MPC Cleaner et j'en passe.

J'ai donc décidé de faire comme il y a deux ans c'est a dire utiliser ZHPdial et ZHPfix, et j'aimerais vous demander quel est le script a utiliser sur ZHPfix, voici mon rapport :

~ Rapport de ZHPDiag v2014.4.13.25 - Nicolas Coolman (13/04/2014)
~ Lancé par Souleyman (12/07/2016 17:30:30)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.420.10586.0
MFIE: Mozilla Firefox 43.0.1
GCIE: Google Chrome v51.0.2704.103

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 10 Home, 64-bit (Build 10586)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : 8HVX7
Windows License : OK
~ Windows Remaining Initializations Number : 1001
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Bitdefender Antivirus Plus v17.26.0.1106
Malwarebytes Anti-Malware version 2.0.3.1025
McAfee Security Scan Plus v3.11.334.1

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 22 NPAPI
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8146 MB (65% free)
System Restore: Activé (Enable)
System drive C: has 2 GB (1%) free of 150 GB

---\\ Mode de connexion au système
~ Computer Name: SPENZY
~ User Name: Souleyman
~ All Users Names: Souleyman, DefaultAccount, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Souleyman\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Souleyman\AppData\Roaming\
~ %Desktop% : C:\Users\Souleyman\Desktop\
~ %Favorites% : C:\Users\Souleyman\Favorites\
~ %LocalAppData% : C:\Users\Souleyman\AppData\Local\
~ %StartMenu% : C:\Users\Souleyman\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 2 Go of 150 Go)
D: Hard drive, Flash drive, Thumb drive (Free 509 Go of 759 Go)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.E15BEB03592BA12C5C99E2BA46146BDD] - (.Microsoft Corporation - Explorateur Windows.) (.28/05/2016 - 06:05:38.) -- C:\Windows\Explorer.exe [4515264]
[MD5.C1C81AAF533552B3C4D9F11A5FF97700] - (.Microsoft Corporation - Application de démarrage de Windows.) (.23/04/2016 - 06:06:57.) -- C:\Windows\System32\Wininit.exe [291360]
[MD5.75CC21C976BFF286E706AA2D133EB9D4] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/05/2016 - 04:58:19.) -- C:\Windows\System32\wininet.dll [2755584]
[MD5.5C156EC4E44E30331BCC865A3B61D839] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.23/04/2016 - 05:18:01.) -- C:\Windows\System32\Winlogon.exe [585728]
[MD5.9EEAA1B69DC3FD620AE576CC8F4147DC] - (.Microsoft Corporation - Bibliothèque de licences.) (.30/10/2015 - 08:17:52.) -- C:\Windows\System32\sppcomapi.dll [430592]
[MD5.70148EFA9A562E7185B75BBE7D376BF7] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.16/12/2015 - 04:33:12.) -- C:\Windows\system32\Drivers\AFD.sys [578912]
[MD5.492B99D2E3D5D7BFD5F0AE1BE7BD37DD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.30/10/2015 - 08:17:23.) -- C:\Windows\system32\Drivers\atapi.sys [28512]
[MD5.7F9C7226D743B232907ED2537B8A574F] - (.Microsoft Corporation - CD-ROM File System Driver.) (.30/10/2015 - 08:18:09.) -- C:\Windows\system32\Drivers\Cdfs.sys [92672]
[MD5.82D97776BF982AA143BDC7DFB5054EA8] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.30/10/2015 - 08:17:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [173568]
[MD5.935823F79CBEDB91637B63D37E3A5A36] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.29/03/2016 - 08:03:23.) -- C:\Windows\system32\Drivers\DfsC.sys [148480]
[MD5.84BC034B6BB763733C1949B7B9BAF976] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.30/10/2015 - 08:17:18.) -- C:\Windows\system32\Drivers\HDAudBus.sys [79872]
[MD5.53FDD9E69189E546DE4740F8C4D8AB2F] - (.Microsoft Corporation - Pilote de port i8042.) (.30/10/2015 - 08:17:23.) -- C:\Windows\system32\Drivers\i8042prt.sys [114688]
[MD5.9E5E8F2A1996F23B7E9687846AA81B01] - (.Microsoft Corporation - IP Network Address Translator.) (.30/10/2015 - 08:17:43.) -- C:\Windows\system32\Drivers\IpNat.sys [143360]
[MD5.0B3B0C1D86050355676640488FA897D3] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.23/02/2016 - 10:40:28.) -- C:\Windows\system32\Drivers\MRxSmb.sys [430944]
[MD5.C03E926B0E7D66D68994067231DC3246] - (.Microsoft Corporation - MBT Transport driver.) (.28/05/2016 - 05:22:37.) -- C:\Windows\system32\Drivers\netBT.sys [278528]
[MD5.19BD8A88AAC580592668B070AC0727D9] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.29/03/2016 - 11:18:46.) -- C:\Windows\system32\Drivers\ntfs.sys [2152280]
[MD5.7D0FC96264C0F8F2C1321E33E8EB646C] - (.Microsoft Corporation - Pilote de port parallèle.) (.30/10/2015 - 08:17:23.) -- C:\Windows\system32\Drivers\Parport.sys [96768]
[MD5.E3C82823B22463BC38AA4F8ADA852624] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.23/02/2016 - 10:01:19.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [104960]
[MD5.1DC2CC74B51E4DC4CD5A20C1021E4010] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/10/2015 - 20:02:52.) -- C:\Windows\system32\Drivers\rdpdr.sys [173056]
[MD5.91D3F2A6253EF83EFBD7903028F58C4D] - (.Microsoft Corporation - TDI Translation Driver.) (.16/12/2015 - 04:33:12.) -- C:\Windows\system32\Drivers\tdx.sys [118624]
[MD5.E1F91A727A04C9F8199D04FF3BBBF63C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.30/10/2015 - 08:17:22.) -- C:\Windows\system32\Drivers\volsnap.sys [414560]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/810
~ Mes musiques (My Musics) : 1/13
~ Mes Videos (My Videos) : 2/3
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 2/2809
~ Mon Bureau (My Desktop) : 2/445
~ Menu demarrer (Programs) : 1/59
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.8C9231025FAF86B78906B6C847531FFB] - (.ASUSTeK Computer Inc. - ASUS Routine Controller.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2935424] [PID.788]
[MD5.B8C2147999D50DD2146A2F6953A60ACD] - (.ASUSTeK Computer Inc. - ALU MFC Application.) -- C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [555152] [PID.268]
[MD5.9ECC950EC29775344DEC0928C8FEA14C] - (...) -- C:\Users\Souleyman\AppData\Roaming\UPUpdata\service72564.exe [1828352] [PID.4000]
[MD5.C3EF139378171D8BB852BEB6E759B7F1] - (...) -- C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe [144384] [PID.5428]
[MD5.8F82FFC6CD0F4C83F4565E1A40332CCD] - (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896] [PID.2668]
[MD5.8B5B0EE0F788D8DFD21A62423981DC0D] - (...) -- C:\Program Files (x86)\mpck\wincom_032.exe [3622400] [PID.7052]
[MD5.CC436BB2A26391F3DEBE316F6FB0474F] - (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Souleyman\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008] [PID.4996]
[MD5.FC7E2535A6F2DA0988F91A6232139661] - (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe [2851408] [PID.6800]
[MD5.854F8449EBD075DFA64E961EF9C507A6] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Souleyman\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1553520] [PID.640]
[MD5.06A665D35244D77B7AC0F44301A3EB72] - (...) -- C:\Users\Souleyman\AppData\Roaming\UPUpdata\msiql.exe [1912832] [PID.7560]
[MD5.2D75851551D18878FADC21E166DEA3FA] - (.ASUSTek Computer Inc. - AiChargerAP MFC Application.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984] [PID.7776]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432] [PID.7940]
[MD5.AABF93F351E17EA4D42EE028A905AF45] - (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824] [PID.7976]
[MD5.9DA1DA12855A1CA6BEF78185552F1DFA] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688] [PID.8008]
[MD5.E4D0FBF9A39FD29519344919885E0D3F] - (.Adobe Systems Incorporated - Adobe IPC Broker.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe [1029792] [PID.8124]
[MD5.57635D7D9F08DB05EB4FB9BC620A9EEA] - (.Dropbox, Inc. - Dropbox.) -- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648] [PID.8132]
[MD5.6A07D2AD6CB81248FDBB83266257B7E7] - (...) -- C:\Program Files (x86)\win_en_77\win_en_77.exe [4046848] [PID.8188]
[MD5.95C99428602E65978A351D45A5D696EA] - (.Valve Corporation - Steam Client WebHelper.) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe [2062928] [PID.5404]
[MD5.D9603D0D8E153694B048280730714D6F] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe [174256] [PID.1948]
[MD5.6E3C9EBC5CFC5A268350BE3EF2BBEB78] - (...) -- C:\Users\Souleyman\AppData\Roaming\RandomDelJiheReg.exe [343040] [PID.7768]
[MD5.CBAFF9A6A127C076B0F37F234BF4F6E6] - (.Adobe Systems Incorporated - Creative Cloud.) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2269360] [PID.9772]
[MD5.2A46EE823391C0162C7EC193DD8AB464] - (.Pas de propriétaire - Core Sync.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [31401120] [PID.10132]
[MD5.24D989B1905CF86D33D8BF1E1A89896A] - (.Adobe Systems Incorporated - CCXProcess.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe [154288] [PID.10144]
[MD5.6D5DBA957D94E902F5A2C649A361D4CE] - (.Joyent, Inc - Evented I/O for V8 JavaScript.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe [5529472] [PID.8576]
[MD5.1374563E5CD597F623C3E5D055D13F94] - (.eee - eee.) -- C:\Users\Souleyman\AppData\Roaming\THREADAPP.exe [9216000] [PID.12964]
[MD5.EE904630B35505C21A8D6260761A3560] - (...) -- C:\Users\Souleyman\AppData\Roaming\adb.exe [577335] [PID.11968]
[MD5.B74CA571C9142D5FC62E5B2A6D3D3EF6] - (.UCWeb Inc. - UC浏览器.) -- C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe [1161328] [PID.13620]
[MD5.08FECDE82830FA31E186E071D87CE86A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8212992] [PID.8808]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Souleyman\AppData\Roaming\Mozilla\Firefox\Profiles\hc6uehyc.default\prefs.js
M3 - MFPP: Plugins - [Souleyman] -- C:\Users\Souleyman\AppData\Roaming\Mozilla\Firefox\Profiles\hc6uehyc.default\searchplugins\bingp.xml
M3 - MFPP: Plugins - [Souleyman] -- C:\Users\Souleyman\AppData\Roaming\Mozilla\Firefox\Profiles\hc6uehyc.default\searchplugins\findit.xml
M3 - MFPP: Plugins - [Souleyman] -- C:\Users\Souleyman\AppData\Roaming\Mozilla\Firefox\Profiles\hc6uehyc.default\searchplugins\smod.xml
M0 - MFSP: prefs.js [Souleyman - hc6uehyc.default] http://www.zingload.com
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www-searching.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/...{searchterms}
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/...{searchterms}
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/...{searchterms}
~ IE Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 50



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Bing Client Extensions.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll =>Toolbar.Bing
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Souleyman]: .minecraft - Raccourci.lnk . (...) -- C:\Users\Souleyman\AppData\Roaming\.minecraft
O4 - GS\Desktop [Souleyman]: AutoTime.lnk . (...) -- C:\Users\Souleyman\AppData\Local\Temp\is-6TM0J.tmp\AutoTime.exe
O4 - GS\Desktop [Souleyman]: Bibliothèques - Raccourci.lnk . (...) -- C:\Users\Souleyman\AppData\Roaming\Microsoft\Windows\Libraries
O4 - GS\Desktop [Souleyman]: Easy Music Composer Free.lnk . (.MCS - Pas de description.) -- C:\Program Files\Easy Music Composer Free\emcf.exe
O4 - GS\Desktop [Souleyman]: Enregistrement de produit ASUS.lnk - Clé orpheline
O4 - GS\Desktop [Souleyman]: Minecraft.exe - Raccourci.lnk . (...) -- C:\Users\Souleyman\Downloads\Minecraft.exe (.not file.)
O4 - GS\Desktop [Souleyman]: QGifer.lnk . (...) -- C:\Program Files (x86)\QGifer\qgifer.exe
O4 - GS\Desktop [Souleyman]: RocketDock.lnk . (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - GS\Desktop [Souleyman]: SpaceSoundPro.lnk . (.Space Sound Pro - Space Sound Pro.) -- C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe
O4 - GS\Desktop [Souleyman]: Spotify.lnk . (.Spotify Ltd - Spotify.) -- C:\Users\Souleyman\AppData\Roaming\Spotify\Spotify.exe
O4 - GS\Desktop [Souleyman]: Wakfu.lnk . (.Ankama Studio - Launcher Wakfu.) -- C:\Users\Souleyman\AppData\Local\Ankama\Wakfu\Wakfu.exe
O4 - GS\Desktop [Souleyman]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Souleyman\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Souleyman]: ¿ìѹ.lnk . (...) -- C:\Program Files\¿ìѹ\X86\KuaiZip.exe
~ Global Startup: 23 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [AllUsers]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\WINDOWS\system32\nvspcap64.dll
O4 - HKLM\..\Run: [SpaceSoundPro] . (.Space Sound Pro - Space Sound Pro.) -- C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe
O4 - HKLM\..\Run: [WINCOM032] . (...) -- C:\Program Files (x86)\mpck\wincom_032.exe
O4 - HKLM\..\Run: [IDSCCOMONY] C:\Program Files (x86)\EasyHotspot\idsccom_ONY.exe (.not file.)
O4 - HKLM\..\Run: [gplyra] . (...) -- C:\Users\Souleyman\AppData\Roaming\gplyra\gplyra.exe
O4 - HKLM\..\RunOnce: [OTUTPRODUCT_4WNMT] . (.k9Jtqky - k9Jtq.) -- C:\Program Files (x86)\mpck\otutnetwork.exe
O4 - HKCU\..\Run: [BingSvc] . (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Souleyman\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\steam.exe
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Souleyman\AppData\Roaming\Spotify\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [Dxtory Update Checker 2.0] . (.Dxtory Software - Update Checker.) -- C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe
O4 - HKCU\..\Run: [Overwolf] . (.Pas de propriétaire - Overwolf Launcher.) -- C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Souleyman\AppData\Roaming\Spotify\Spotify.exe
O4 - HKCU\..\Run: [fastweb] . (...) -- C:\Program Files (x86)\FastWeb\fastweb.exe
O4 - HKCU\..\Run: [QGuan10in1] . (...) -- C:\Users\Souleyman\AppData\Roaming\UPUpdata\service72564.exe
O4 - HKCU\..\Run: [msiql] . (...) -- C:\Users\Souleyman\AppData\Roaming\UPUpdata\msiql.exe
O4 - HKCU\..\Run: [Caster] . (.yujkKJy - JJude.) -- C:\Program Files\SpaceSoundPro\wizzcaster.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [ASUS Ai Charger] . (.ASUSTek Computer Inc. - AiChargerAP MFC Application.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Wow6432Node\Run: [ASUSWebStorage] . (.ASUS Cloud Corporation - ASUS WebStorage Panel.) -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [Wondershare Helper Compact.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [bdruninstaller] . (.Bitdefender - Bitdefender Setup Launcher.) -- C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe
O4 - HKLM\..\Wow6432Node\Run: [Dropbox] . (.Dropbox, Inc. - Dropbox.) -- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
O4 - HKLM\..\Wow6432Node\Run: [win_en_77] . (...) -- C:\Program Files (x86)\win_en_77\win_en_77.exe
O4 - HKLM\..\Wow6432Node\Run: [EYAN] . (.eee - eee.) -- C:\Users\Souleyman\AppData\Roaming\THREADAPP.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe
O4 - HKUS\S-1-5-21-1475171761-3863613009-2822244331-1001\..\Run: [BingSvc] . (.© 2015 Microsoft Corporation - Microsoft Bing Service.) -- C:\Users\Souleyman\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKUS\S-1-5-21-1475171761-3863613009-2822244331-1001\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\steam.exe
O4 - HKUS\S-1-5-21-1475171761-3863613009-2822244331-1001\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Souleyman\AppData\Roaming\Spotify\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-1475171761-3863613009-2822244331-1001\..\Run: [Dxtory Update Checker 2.0] . (.Dxtory Software - Update Checker.) -- C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe
O4 - HKUS\S-1-5-21-1475171761-3863613009-2822244331-1001\..\Run: [Overwolf] . (.Pas de propriétaire - Overwolf Launcher.) -- C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
O4 - HKUS\S-1-5-21-1475171761-3863613009-2822244331-1001\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Souleyman\AppData\Roaming\Spotify\Spotify.exe
O4 - HKUS\S-1-5-21-1475171761-3863613009-2822244331-1001\..\Run: [fastweb] . (...) -- C:\Program Files (x86)\FastWeb\fastweb.exe
O4 - HKUS\S-1-5-21-1475171761-3863613009-2822244331-1001\..\Run: [QGuan10in1] . (...) -- C:\Users\Souleyman\AppData\Roaming\UPUpdata\service72564.exe
O4 - HKUS\S-1-5-21-1475171761-3863613009-2822244331-1001\..\Run: [msiql] . (...) -- C:\Users\Souleyman\AppData\Roaming\UPUpdata\msiql.exe
O4 - HKUS\S-1-5-21-1475171761-3863613009-2822244331-1001\..\Run: [Caster] . (.yujkKJy - JJude.) -- C:\Program Files\SpaceSoundPro\wizzcaster.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com
O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com
O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{fdb941c8-b8c6-4fa8-94bd-fc571284875e}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{5a02e172-a33f-46f8-b6c9-e5dd4bc0a141}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{fdb941c8-b8c6-4fa8-94bd-fc571284875e}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{5a02e172-a33f-46f8-b6c9-e5dd4bc0a141}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{fdb941c8-b8c6-4fa8-94bd-fc571284875e}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{fdb941c8-b8c6-4fa8-94bd-fc571284875e}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{5a02e172-a33f-46f8-b6c9-e5dd4bc0a141}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{fdb941c8-b8c6-4fa8-94bd-fc571284875e}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{5a02e172-a33f-46f8-b6c9-e5dd4bc0a141}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{fdb941c8-b8c6-4fa8-94bd-fc571284875e}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: 724e22834a0237e69f22741c29048191 (724e22834a0237e69f22741c29048191) . (...) - C:\Program Files\9b5ba7612e07a9921f277ee32ffadaf8\f3e9d740d7dae7118bf41c2ba77c1908.exe (.not file.)
O23 - Service: Asus WebStorage Windows Service (Asus WebStorage Windows Service) . (.Pas de propriétaire - Asus WebStorage Windows Service.) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
O23 - Service: Background Logic Handler (backlh) . (.Pas de propriétaire - ExtManager.) - C:\ProgramData\Logic Handler\set.exe
O23 - Service: Bazery Controls (bazeryControlszurotion.exe) . (...) - C:\Program Files (x86)\Tholigetermught\bazeryControlszurotion.exe
O23 - Service: Service Mise à jour Dropbox (dbupdate) (dbupdate) . (.Dropbox, Inc. - Dropbox Update.) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Renew Single Click (dowidoly) . (...) - C:\Program Files (x86)\6DCB1B38-1468329291-D07A-2841-D850E6C2C4D3\jnsfC7B1.tmp (.not file.)
O23 - Service: Licence Reversed-out (ledykepezbt) . (...) - C:\Program Files (x86)\6DCB1B38-1468329291-D07A-2841-D850E6C2C4D3\knslAF9F.tmpfs (.not file.)
O23 - Service: Économiseur d'écran de League (LolScreenSaverService) . (...) - C:\Riot Games\LolScreenSaver\service\service.exe
O23 - Service: MaohaWiFiService (MaohaWifiSvr) . (.猫哈网络 版权所有 - 猫哈免费WiFi支持服务.) - C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
O23 - Service: MPC Core Protect Service (MPCProtectService) . (.DotC United Inc - MPC Protect Service.) - D:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe =>USP.PCCleaner
O23 - Service: Reservation Plastic (rijufoze) . (...) - C:\Program Files (x86)\6DCB1B38-1468329291-D07A-2841-D850E6C2C4D3\hnsuDE68.tmp (.not file.)
O23 - Service: Search Module Update (SMUpd) . (.Search Module Ltd. - Search Module Update Service.) - C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
O23 - Service: UC浏览器基础服务 (UCBrowserSvc) . (...) - C:\Program Files (x86)\UCBrowser\Application\UCService.exe
O23 - Service: Yueweijie Trans Client Service (YueweijieTransHost) . (.重庆悦微捷科技有限公司 - 极速云网客户端服务程序.) - C:\Program Files\YueweijieNetTrans\TransHost.exe
O23 - Service: zdengine (zdengine) . (.zdengine - Pas de description.) - C:\Program Files (x86)\OtherSearch\zdengine.exe
~ Services: 29 Legitimates Filtered in 00mn 15s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job [1202]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job [1206]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\UCBrowserUpdater.job [478] =>PUP.CertifiedToolbar
[MD5.14F7B8B4926E977D70A4235BEFF11FF5] [APT] [Bazery Controls] (...) -- C:\Program Files (x86)\Tholigetermught\bazeryControlsfimukcloele.exe [338656]
[MD5.00000000000000000000000000000000] [APT] [CreateChoiceProcessTask] (...) -- C:\Windows\BrowserChoice\browserchoice.exe (.not file.) [0]
[MD5.A1F58FFF448E4099297D6EE0641D4D0E] [APT] [DropboxUpdateTaskMachineCore] (.Dropbox, Inc..) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144]
[MD5.A1F58FFF448E4099297D6EE0641D4D0E] [APT] [DropboxUpdateTaskMachineUA] (.Dropbox, Inc..) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144]
[MD5.5AF9559B6698536B040A8807BFE45A7C] [APT] [Overwolf Updater Task] (.Overwolf LTD.) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1309936]
[MD5.4DB19119325633A03C0170EB28399D95] [APT] [SMW_P] (...) -- C:\ProgramData\smp2.exe [512000]
[MD5.00000000000000000000000000000000] [APT] [SMW_UpdateTask_Time_313339313038303938302d3255576c235a6c5755412a34] (...) -- C:\ProgramData\SearchModule\smhe.js" smu.exe (.not file.) [0]
[MD5.9ECC950EC29775344DEC0928C8FEA14C] [APT] [tasklist] (...) -- C:\Users\Souleyman\AppData\Roaming\UPUpdata\service72564.exe [1828352]
[MD5.E6CC3F6414DC9D4007568522790C3967] [APT] [UCBrowserUpdater] (.UCWeb Inc.) -- C:\Program Files (x86)\UCBrowser\Application\update_task.exe [415856] =>PUP.CertifiedToolbar
[MD5.9B09FC4BAE784DB969753DBA6FAB9D9E] [APT] [vwe3034] (...) -- C:\Program Files (x86)\OtherSearch\vwe3034.exe [60143]
~ Scheduled Task: 44 Legitimates Filtered in 00mn 03s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (8b5cecfca2148d0dde7949c4fa47e3d4) . (. - .) - C:\Windows\System32\DRIVERS\8b5cecfca2148d0dde7949c4fa47e3d4.sys (.not file.)
O41 - Driver: (MaohaWifiNetPro) . (...) - C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaoHaWiFiNet64.sys
O41 - Driver: (MPCKpt) . (.DotC United Inc - MPC Driver.) - C:\Windows\System32\DRIVERS\MPCKpt.sys
O41 - Driver: (UCGuard) . (.Huorong Borui (Beijing) Technology Co., Ltd - Huorong Network Security Core Kext.) - C:\Windows\System32\DRIVERS\ucguard.sys
O41 - Driver: (YueweijieTransTDI) . (.重庆悦微捷科技有限公司 - 极速云网TDI驱动程序(64Bit).) - C:\Program Files\YueweijieNetTrans\TransTDI.sys
O41 - Driver: (ZipProtect) . (.Pas de propriétaire - ZipTool Help Driver.) - c:\program files\ziptool\ZipProtect64.sys
~ Drivers: 56 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Blade & Soul - (.NC Interactive, LLC.) [HKLM][64Bits] -- InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}
O42 - Logiciel: Blade & Soul - (.NC Interactive, LLC.) [HKLM][64Bits] -- {C3F383C1-D050-4A40-843F-8171A6A02C3A}
O42 - Logiciel: Caster - (.Caster.) [HKLM][64Bits] -- {d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}
O42 - Logiciel: Compress - (...) [HKLM][64Bits] -- ZipTool
O42 - Logiciel: FastCompress-Zip_1.0.2.2_Release - (...) [HKLM][64Bits] -- FastCompress-Zip
O42 - Logiciel: NetStream - (...) [HKLM][64Bits] -- NetStream
O42 - Logiciel: OtherSearch - (.Ross Che.) [HKLM][64Bits] -- OtherSearch
O42 - Logiciel: QGifer - (...) [HKLM][64Bits] -- 819FBA20-557E-4EFB-9EF9-8040D09FAE68
O42 - Logiciel: Search module - (.Goobzo.) [HKLM][64Bits] -- Search module =>PUP.Goobzo
O42 - Logiciel: Social2Search - (.Social2Search.) [HKLM][64Bits] -- 9b5ba7612e07a9921f277ee32ffadaf8
O42 - Logiciel: SpaceSoundPro - (...) [HKLM][64Bits] -- SpaceSoundPro
O42 - Logiciel: UC浏览器 - (.广州市动景计算机科技有限公司.) [HKLM][64Bits] -- UCBrowser
O42 - Logiciel: WIN - (...) [HKLM][64Bits] -- win_en_77_is1
O42 - Logiciel: mpck version 1.1 - (.mobilepcstarterkit.) [HKLM][64Bits] -- mobilepcstarterkit_is1
O42 - Logiciel: trotux - Uninstall - (...) [HKLM][64Bits] -- {2B86D1FE-C2B9-4A5E-BDF1-B2A3F3CCADCA}
O42 - Logiciel: trotux - Uninstall - (...) [HKLM][64Bits] -- {2F2A8B02-F577-4D10-96BF-31DABF1AF9AE}
O42 - Logiciel: 极速云网 - (.重庆悦微捷科技有限公司.) [HKLM][64Bits] -- YueweijieNetTrans
~ Logic: 39 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AI_RecycleBin]
[HKCU\Software\AutoTime]
[HKCU\Software\Boneloaf]
[HKCU\Software\C2DEF79F32EAEC69CEB387056444A1BD]
[HKCU\Software\Desk]
[HKCU\Software\ElswordINT]
[HKCU\Software\FastCompress-Zip]
[HKCU\Software\InstallPath]
[HKCU\Software\KuaiZipSFX]
[HKCU\Software\KuaiZip]
[HKCU\Software\Maoha]
[HKCU\Software\PS3EyeCamera]
[HKCU\Software\Pando Networks]
[HKCU\Software\PopWnd]
[HKCU\Software\QGifer]
[HKCU\Software\QGuan10in1]
[HKCU\Software\Rtp]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Sunsetriders7]
[HKCU\Software\Totem]
[HKCU\Software\UCBrowserPID]
[HKCU\Software\UCBrowser]
[HKCU\Software\WajIEnhance]
[HKCU\Software\Wizzlabs]
[HKCU\Software\ZipTool]
[HKCU\Software\mtQuoteex]
[HKLM\Software\Partner]
[HKLM\Software\SearchModule]
[HKLM\Software\Social2Sea]
[HKLM\Software\Wow6432Node\C2DEF79F32EAEC69CEB387056444A1BD]
[HKLM\Software\Wow6432Node\Maoha]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\SearchModule]
[HKLM\Software\Wow6432Node\Social2Sea]
[HKLM\Software\Wow6432Node\UCBrowserPID]
[HKLM\Software\Wow6432Node\WIN]
[HKLM\Software\Wow6432Node\geusqo]
[HKLM\Software\Wow6432Node\mtQuoteex]
[HKLM\Software\Yueweijie]
[HKLM\Software\geusqo]
~ Key Software: 476 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/07/2016 - 16:23:48 - [0,097] ----D C:\Program Files (x86)\EasyHotspot =>PUP.EasyToShop
O43 - CFD: 12/07/2016 - 15:12:21 - [0,194] ----D C:\Program Files (x86)\FastWeb
O43 - CFD: 12/07/2016 - 15:24:03 - [19,952] ----D C:\Program Files (x86)\GreatMaker
O43 - CFD: 27/02/2014 - 18:29:48 - [0,238] ----D C:\Program Files (x86)\MDickie
O43 - CFD: 12/07/2016 - 15:20:42 - [7,476] ----D C:\Program Files (x86)\mpck
O43 - CFD: 12/07/2016 - 17:13:10 - [7,034] ----D C:\Program Files (x86)\OtherSearch
O43 - CFD: 10/02/2014 - 20:20:52 - [0] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 16/04/2014 - 13:30:05 - [34,357] ---AD C:\Program Files (x86)\QGifer
O43 - CFD: 12/07/2016 - 15:38:27 - [1,439] ----D C:\Program Files (x86)\Tholigetermught
O43 - CFD: 12/07/2016 - 17:22:33 - [319,180] ----D C:\Program Files (x86)\UCBrowser
O43 - CFD: 12/07/2016 - 15:23:49 - [4,584] ----D C:\Program Files (x86)\win_en_77
O43 - CFD: 11/02/2015 - 11:49:07 - [0] ----D C:\ProgramData\APN
O43 - CFD: 12/07/2016 - 15:11:53 - [0,721] ----D C:\ProgramData\CloudPrinter
O43 - CFD: 30/10/2015 - 09:24:24 - [0] ----D C:\ProgramData\Comms
O43 - CFD: 12/07/2016 - 15:12:15 - [6,286] ----D C:\ProgramData\Logic Handler
O43 - CFD: 27/05/2014 - 18:00:10 - [0,850] ----D C:\ProgramData\MCS EMCF D
O43 - CFD: 12/07/2016 - 15:12:33 - [0,001] ----D C:\ProgramData\Quoteexs
O43 - CFD: 12/07/2016 - 15:22:18 - [0] ----D C:\ProgramData\SearchModule
O43 - CFD: 16/12/2015 - 05:47:42 - [0,002] ----D C:\ProgramData\USOPrivate
O43 - CFD: 08/03/2015 - 21:28:52 - [0,001] ----D C:\ProgramData\{03d5bd49-4cab-cde9-03d5-5bd494caf525}
O43 - CFD: 12/07/2016 - 15:21:55 - [2,323] ----D C:\Users\Souleyman\AppData\Roaming\gplyra
O43 - CFD: 12/04/2014 - 22:24:55 - [8,900] ----D C:\Users\Souleyman\AppData\Roaming\IDM2
O43 - CFD: 12/07/2016 - 16:20:23 - [0] ----D C:\Users\Souleyman\AppData\Roaming\Kuaizip
O43 - CFD: 12/07/2016 - 15:45:17 - [0] ----D C:\Users\Souleyman\AppData\Roaming\MCorp
O43 - CFD: 12/07/2016 - 15:19:09 - [71,803] ----D C:\Users\Souleyman\AppData\Roaming\Profiles
O43 - CFD: 12/07/2016 - 15:29:11 - [0] ----D C:\Users\Souleyman\AppData\Roaming\Softlink
O43 - CFD: 10/03/2014 - 20:14:50 - [0,998] ----D C:\Users\Souleyman\AppData\Roaming\Thinking Minds Building Bytes
O43 - CFD: 10/03/2014 - 20:15:08 - [0,010] ----D C:\Users\Souleyman\AppData\Roaming\TiB
O43 - CFD: 12/07/2016 - 17:09:56 - [6,555] ----D C:\Users\Souleyman\AppData\Roaming\UPUpdata
O43 - CFD: 12/05/2014 - 07:12:21 - [0] --HAD C:\Users\Souleyman\AppData\Local\9Bpn3JbEBAl9CXH
O43 - CFD: 16/12/2015 - 16:00:32 - [0] ----D C:\Users\Souleyman\AppData\Local\ActiveSync
O43 - CFD: 30/07/2015 - 20:20:40 - [8,230] ----D C:\Users\Souleyman\AppData\Local\CEF
O43 - CFD: 21/10/2015 - 08:46:08 - [24,451] ----D C:\Users\Souleyman\AppData\Local\Comms
O43 - CFD: 12/07/2016 - 15:21:49 - [0] ----D C:\Users\Souleyman\AppData\Local\csdi_monetize_120160712
O43 - CFD: 17/11/2014 - 20:48:19 - [0] -SH-D C:\Users\Souleyman\AppData\Local\EmieBrowserModeList
O43 - CFD: 17/11/2014 - 20:48:19 - [0] -SH-D C:\Users\Souleyman\AppData\Local\EmieSiteList
O43 - CFD: 17/11/2014 - 20:48:19 - [0] -SH-D C:\Users\Souleyman\AppData\Local\EmieUserList
O43 - CFD: 04/06/2015 - 18:10:08 - [0] ----D C:\Users\Souleyman\AppData\Local\GWX
O43 - CFD: 12/07/2016 - 15:19:57 - [0,286] ----D C:\Users\Souleyman\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
O43 - CFD: 12/07/2016 - 15:20:08 - [410,812] ----D C:\Users\Souleyman\AppData\Local\levispmenoycazuk
O43 - CFD: 30/07/2015 - 07:03:17 - [0] ----D C:\Users\Souleyman\AppData\Local\NetworkTiles
O43 - CFD: 12/07/2016 - 16:56:30 - [0] ----D C:\Users\Souleyman\AppData\Local\Profiles
O43 - CFD: 13/02/2016 - 17:31:45 - [0,003] ----D C:\Users\Souleyman\AppData\Local\SkinSpotlights
O43 - CFD: 13/02/2016 - 15:16:16 - [0,019] ----D C:\Users\Souleyman\AppData\Local\SkinSpotlightsReplays
O43 - CFD: 12/07/2016 - 15:21:13 - [0] ----D C:\Users\Souleyman\AppData\Local\tuto_monetize_120160712
O43 - CFD: 12/07/2016 - 17:22:30 - [6,361] ----D C:\Users\Souleyman\AppData\Local\UCBrowser
O43 - CFD: 12/07/2016 - 16:33:28 - [193,558] ----D C:\Users\Souleyman\AppData\Local\vghd
O43 - CFD: 12/07/2016 - 15:23:49 - [0] ----D C:\Users\Souleyman\AppData\Local\win_en_77
O43 - CFD: 16/12/2015 - 05:54:52 - [0,002] ----D C:\Users\Souleyman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QGifer
O43 - CFD: 12/07/2016 - 15:20:25 - [0,002] ----D C:\Users\Souleyman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0
O43 - CFD: 12/07/2016 - 15:14:53 - [0,002] ----D C:\Users\Souleyman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage
~ Program Folder: 290 Legitimates Filtered in 00mn 12s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.EB482DBC9786F1A9E3ED5AB6864794FA] - 04/07/2016 - 06:47:37 ---A- . (.Huorong Borui (Beijing) Technology Co., Ltd - Huorong Network Security Core Kext.) -- C:\Windows\System32\Drivers\ucguard.sys [81792]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/07/2016 - 14:19:23 --HA- . (...) -- C:\Windows\System32\BITB2FC.tmp [0]
O44 - LFC:[MD5.E5728FFF1D7425CC12A24934E7B81138] - 12/07/2016 - 14:19:55 ---A- . (...) -- C:\task.vbs [296]
O44 - LFC:[MD5.AA6B2587095984518F7D32D4859A585C] - 12/07/2016 - 14:21:18 ---A- . (...) -- C:\Windows\rsrcs.dll [187904]
O44 - LFC:[MD5.B66A551D00E41D5416F4CB5497926238] - 12/07/2016 - 14:22:37 ---A- . (.DotC United Inc - MPC Driver.) -- C:\Windows\System32\Drivers\MPCKpt.sys [60136]
O44 - LFC:[MD5.B0294569EC4569C8D75B8413FD09A5C4] - 12/07/2016 - 14:30:48 ---A- . (...) -- C:\zingload.xml [534]
O44 - LFC:[MD5.F98CEFBF27E311FD116850BFBA35667C] - 12/07/2016 - 16:12:29 ---A- . (.zdengine - Pas de description.) -- C:\Windows\System32\zdengine64.dll [369527]
O44 - LFC:[MD5.A767FF3670B7349E961687C29EA9054E] - 12/07/2016 - 16:12:49 ---A- . (.zdengine - WFP driver.) -- C:\Windows\System32\Drivers\zdwfp64.sys [46352]
O44 - LFC:[MD5.6D44DDDD36844E38057F92039678F1A7] - 12/07/2016 - 16:13:01 ---A- . (...) -- C:\Windows\System32\zdengineOff.ini [11752]
O44 - LFC:[MD5.23B58DEF11B45727D3351702515F86AF] - 12/07/2016 - 16:13:09 ---A- . (...) -- C:\END [2]
~ Files: 21 Legitimates Filtered in 00mn 01s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - (no name) - {6710C780-E20E-4C49-A87D-321850ED3D7C} - C:\Users\Souleyman\AppData\Local\Microsoft\Windows\INetCookies\reerrerty.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Security Packages . (...) -- C:\Windows\System32\livessp.dll
~ LSA: 9 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"vidc.xtor"="DxtoryCodec.dll" . (.ExKode Co. Ltd. - Dxtory DirectShow and VFW Decoder.) -- C:\Windows\System32\DxtoryCodec.dll
~ TDSD: 11 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "DSCAutomationHostEnabled"=2
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.3F5523DCEFE42B385659C5CB46A6B810] - 30/10/2015 - 08:17:22 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn.sys [9728]
O58 - SDL:[MD5.0B750A6A6D847E73CA48ADD7A0F5A393] - 30/10/2015 - 08:17:22 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [9728]
O58 - SDL:[MD5.FFADF691F7BF727AF5C863454A372723] - 30/10/2015 - 08:17:23 ---A- . (.Mellanox - InfiniBand Fabric Bus Driver.) -- C:\Windows\System32\Drivers\ibbus.sys [424800]
O58 - SDL:[MD5.BE0E47988D78F731DEC2C0CB03E765CB] - 30/10/2015 - 08:17:23 ---A- . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas3i.sys [99168]
O58 - SDL:[MD5.2ED29B635F35E31A1C0D3DDB7DD2AD03] - 30/10/2015 - 08:17:23 ---A- . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\Drivers\megasas.sys [59744]
O58 - SDL:[MD5.D41920FBFFF2BBCBBC69A5B383AD022E] - 30/10/2015 - 08:17:23 ---A- . (.Mellanox - MLX4 Bus Driver.) -- C:\Windows\System32\Drivers\mlx4_bus.sys [705376]
O58 - SDL:[MD5.B66A551D00E41D5416F4CB5497926238] - 12/07/2016 - 14:22:37 ---A- . (.DotC United Inc - MPC Driver.) -- C:\Windows\System32\Drivers\MPCKpt.sys [60136]
O58 - SDL:[MD5.B57CE307DA101C739885B7CC0678077F] - 30/10/2015 - 08:17:23 ---A- . (.Mellanox - NetworkDirect Support Filter Driver.) -- C:\Windows\System32\Drivers\ndfltr.sys [76128]
O58 - SDL:[MD5.35F7C7AD709D909D618D9EDF987FC3ED] - 30/10/2015 - 08:17:23 ---A- . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\Drivers\percsas3i.sys [58720]
O58 - SDL:[MD5.CCDA497C880AD16D87EDFAEFCFB2EDF5] - 30/10/2015 - 08:17:23 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:[MD5.EB482DBC9786F1A9E3ED5AB6864794FA] - 04/07/2016 - 06:47:37 ---A- . (.Huorong Borui (Beijing) Technology Co., Ltd - Huorong Network Security Core Kext.) -- C:\Windows\System32\Drivers\ucguard.sys [81792]
O58 - SDL:[MD5.4A53441C1C4D2878BEF27E381138BB2D] - 30/10/2015 - 08:17:23 ---A- . (.Mellanox - Kernel WinMad.) -- C:\Windows\System32\Drivers\winmad.sys [26976]
O58 - SDL:[MD5.40A3E8D729F458B2C9A8BD9380FF83D5] - 30/10/2015 - 08:17:23 ---A- . (.Mellanox - Kernel WinVerbs.) -- C:\Windows\System32\Drivers\winverbs.sys [59232]
O58 - SDL:[MD5.A767FF3670B7349E961687C29EA9054E] - 04/03/2016 - 15:13:18 ---A- . (.zdengine - WFP driver.) -- C:\Windows\System32\Drivers\zdwfp64.sys [46352]
O58 - SDL:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - 04/01/2008 - 06:34:42 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp32.sys [10216]
O58 - SDL:[MD5.EDAA17CE771C696655B6585F7CAD2100] - 04/01/2008 - 06:34:48 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys [11832]
O58 - SDL:[MD5.798DE15F187C1F013095BBBEB6FB6197] - 22/08/2012 - 10:54:10 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [15232]
O58 - SDL:[MD5.1392B92179B07B672720763D9B1028A5] - 03/08/2010 - 22:21:24 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys [14464]
O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
~ Drivers: 21 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <UCHTML>[HKCU\..\open\Command] (.UCWeb Inc. - UC浏览器.) -- C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.zingload.com
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.zingload.com =>Hijacker.Browsers
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.zingload.com =>Hijacker.Browsers
O68 - StartMenuInternet: <UCBrowser> <UC浏览器>[HKLM\..\Shell\open\Command] (.UCWeb Inc. - UC浏览器.) -- C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {DD722FC0-1C70-4372-9874-BE6654CA13F5} - (Searching) - http://www-searching.com
O69 - SBI: SearchScopes [HKCU] {ielnksrch} [DefaultScope] - (Search the web) - http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/...{searchTerms} =>Adware.IMBooster
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.18C1A2D9C2425431EE1D2B9394324D64] [SPRF][09/03/2014] (...) -- C:\ProgramData\1394391963.bdinstall.bin [1309573]
[MD5.6C029671EA38E0E7CE41E63F98458329] [SPRF][30/07/2015] (...) -- C:\ProgramData\1438236678.bdinstall.bin [518484]
[MD5.8DD88721EF0B1358BBCE4BCB02AFC6FD] [SPRF][11/05/2014] (...) -- C:\ProgramData\hash.dat [32]
[MD5.4DB19119325633A03C0170EB28399D95] [SPRF][12/07/2016] (...) -- C:\ProgramData\smp2.exe [512000]
[MD5.6A8014549B1EAF1FDD7BD539120FA311] [SPRF][26/04/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\a.bat [9]
[MD5.EE904630B35505C21A8D6260761A3560] [SPRF][28/08/2010] (...) -- C:\Users\Souleyman\AppData\Roaming\adb.exe [577335]
[MD5.47A6EE3F186B2C2F5057028906BAC0C6] [SPRF][28/08/2010] (.Google, inc - Android ADB API.) -- C:\Users\Souleyman\AppData\Roaming\AdbWinApi.dll [96256]
[MD5.5F23F2F936BDFAC90BB0A4970AD365CF] [SPRF][28/08/2010] (.Google, inc - Android ADB API (WinUsb).) -- C:\Users\Souleyman\AppData\Roaming\AdbWinUsbApi.dll [60928]
[MD5.680AF4B2CD9F67932CFBD98DBDACA3A6] [SPRF][12/07/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\agent.dat [7101952]
[MD5.3C089F23F34D18DBC624B1FC2367398C] [SPRF][12/07/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\ApplicationHosting.dat [54272]
[MD5.B639E91FC0B0E09AB9CBB0F4AD9CD814] [SPRF][04/07/2016] (.UCWeb Inc. - UC浏览器.) -- C:\Users\Souleyman\AppData\Roaming\Browser_V5.6.14087.7_r_4681_(Build1607010949).exe [51376752]
[MD5.747E247B942E4D7AA84A55803368415F] [SPRF][28/08/2010] (...) -- C:\Users\Souleyman\AppData\Roaming\fastboot.exe [356009]
[MD5.E07AA1339BFA83E1932399E49D2A448A] [SPRF][12/07/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\Fixla.bin [2279413]
[MD5.131F97E8F8D3ACB4A274522E9EE13591] [SPRF][11/07/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\InstallDingjDlr.exe [1608704]
[MD5.9BB9774CC79DBF622E95AF800B4F58A6] [SPRF][12/07/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\Installer.dat [128512]
[MD5.9C72F085A7A0C39234E051F537EDB5AA] [SPRF][18/02/2016] (.Pas de propriétaire - 快压安装包.) -- C:\Users\Souleyman\AppData\Roaming\KuaiZip_Setup_703612525_zzlm_002.exe [7318464]
[MD5.5DE22EF88C8E4A3C25D659B790C6DCBD] [SPRF][12/07/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\lobby.dat [126464]
[MD5.7B84427D0A79D13641D9589D7531D67C] [SPRF][12/07/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\Main.dat [18432]
[MD5.2C426C963EE4A5256CBC017310149E54] [SPRF][01/07/2016] (.深圳市伟创科技软件有限公司 - MaohaWiFi安装程序.) -- C:\Users\Souleyman\AppData\Roaming\MaoHaWiFiSetup_263.exe [8284704]
[MD5.005DC6005EC13814D1FE8AF9C2936D36] [SPRF][12/07/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\noah.dat [126464]
[MD5.7B646EF66CD81F34E542898469FB51A4] [SPRF][12/07/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\Physlax.exe [700928]
[MD5.6E3C9EBC5CFC5A268350BE3EF2BBEB78] [SPRF][08/07/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\RandomDelJiheReg.exe [343040]
[MD5.1374563E5CD597F623C3E5D055D13F94] [SPRF][05/07/2016] (.eee - eee.) -- C:\Users\Souleyman\AppData\Roaming\THREADAPP.exe [9216000]
[MD5.7B646EF66CD81F34E542898469FB51A4] [SPRF][12/07/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\Toughplus.exe [700928]
[MD5.F7E650C31A9A55833D067C753A4C589C] [SPRF][26/05/2016] (.Pas de propriétaire - USB大师安装程序.) -- C:\Users\Souleyman\AppData\Roaming\usbboxlite_4001_o_8209_hn.exe [4761392]
[MD5.AB5A0869270738CF7720CC06FA79E23A] [SPRF][12/07/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\Voltlex.bin [848437]
[MD5.0FFCFE773BE5195BFC881EB614B23F72] [SPRF][21/06/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\WebOptimum_.exe [1611264]
[MD5.71471942F086B5E6B2591BB5769E5D42] [SPRF][06/07/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\YellowSend.exe [1613824]
[MD5.0A1B1BB47E0F041217730436F205F54E] [SPRF][06/07/2016] (...) -- C:\Users\Souleyman\AppData\Roaming\YoyNotepad.exe [1609728]
[MD5.FD853D06E1D74DB68710435655D403CE] [SPRF][18/02/2016] (.Pas de propriétaire - Compress安装程序.) -- C:\Users\Souleyman\AppData\Roaming\ziptool_wc-9015_setup.exe [5267952]
[MD5.48190C8B4A6BC41A830B515CC2B6BCEA] [SPRF][05/04/2014] (...) -- C:\Users\Souleyman\Desktop\Gang Beasts.exe [11283968]
[MD5.910FFCFA6909D3BA564F6A60DE9D2A2A] [SPRF][03/07/2016] (.Mojang - Minecraft launcher.) -- C:\Users\Souleyman\Desktop\Minecraft.exe [1247624]
[MD5.370C1B4C526B1C5AD82637B3FB717472] [SPRF][05/03/2016] (...) -- C:\Users\Souleyman\Desktop\PokeMMO.exe [2898319]
[MD5.9A85A77B1E5C854C759B1E665C80AC58] [SPRF][20/02/2014] (.Thinking Minds Building Bytes - This installer database contains the logic and data required to install CubeDesktop NXT..) -- C:\Users\Souleyman\Desktop\setup_cubedesktop.exe [3675441]
[MD5.FEB7F310E42EC1A645DD2F9420ED9F66] [SPRF][06/09/2012] (...) -- C:\Users\Souleyman\Desktop\Slender - The Eight Pages.exe [9152000]
~ Files: 40 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "UDP Query User{F74F96D5-20A6-4EA9-AFF8-6FF365F44304}D:\nouveau dossier\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe" |In - Private - P17 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "TCP Query User{EABBC703-8464-482C-91E8-92491AF809FE}D:\nouveau dossier\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe" |In - Private - P6 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "UDP Query User{9771D46A-7C08-46FB-A362-C77CFEC43D22}D:\nouveau dossier\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe" |In - Private - P17 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "TCP Query User{EE36A014-D88A-4D10-B60D-4EC79C5F27B9}D:\nouveau dossier\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe" |In - Private - P6 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "UDP Query User{DC2D8FF7-A93A-4731-8B9A-1E7486DC39E2}D:\nouveau dossier\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe" |In - Private - P17 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "TCP Query User{AA788F9E-6957-425E-A75A-2982F4E8E6A9}D:\nouveau dossier\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe" |In - Private - P6 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "UDP Query User{F01C2C55-7D9A-49A0-B51A-68AE1459BB00}C:\users\souleyman\appdata\local\vghd\bin\virtuagirl_downloader.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\souleyman\appdata\local\vghd\bin\virtuagirl_downloader.exe (.not file.) =>Adware.VirtualGirl
O87 - FAEL: "TCP Query User{18F816EF-553A-4C6F-86A9-F89C58E1D011}C:\users\souleyman\appdata\local\vghd\bin\virtuagirl_downloader.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\souleyman\appdata\local\vghd\bin\virtuagirl_downloader.exe (.not file.) =>Adware.VirtualGirl
O87 - FAEL: "UDP Query User{DB02248B-2D9B-4348-BFFA-98B6FAF4E042}C:\program files (x86)\lolreplay\lolreplay.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\lolreplay\lolreplay.exe (.not file.)
O87 - FAEL: "TCP Query User{8BDDBCF2-BE20-471E-B559-6776A792C719}C:\program files (x86)\lolreplay\lolreplay.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\lolreplay\lolreplay.exe (.not file.)
O87 - FAEL: "UDP Query User{86067CA1-4878-4067-A8C3-600FF00A7FEE}C:\users\souleyman\desktop\goat simulator\binaries\win32\goatgame-win32-shipping.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\souleyman\desktop\goat simulator\binaries\win32\goatgame-win32-shipping.exe (.not file.)
O87 - FAEL: "TCP Query User{A5E0AA18-C6C8-48B9-A764-4CB158662F0F}C:\users\souleyman\desktop\goat simulator\binaries\win32\goatgame-win32-shipping.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\souleyman\desktop\goat simulator\binaries\win32\goatgame-win32-shipping.exe (.not file.)
O87 - FAEL: "TCP Query User{B8E9AE8A-AEFF-4543-93F4-5067336C9969}C:\program files (x86)\lolreplay\lolreplay.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\lolreplay\lolreplay.exe (.not file.)
O87 - FAEL: "UDP Query User{2327415E-B37E-4B48-8AAB-AA6AEE229AFB}C:\program files (x86)\lolreplay\lolreplay.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\lolreplay\lolreplay.exe (.not file.)
O87 - FAEL: "TCP Query User{95402D9B-E38A-4A8D-92CC-3A9C50231FA8}D:\nouveau dossier\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe" |In - Public - P6 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "UDP Query User{CA9D6CE5-DF26-423F-BA52-F5FACDC96F1A}D:\nouveau dossier\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe" |In - Public - P17 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "TCP Query User{583B7122-ABFF-4E5E-A833-794C63BA9106}D:\nouveau dossier\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe" |In - Public - P6 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "UDP Query User{684B45CA-6B22-45F9-9CF0-3BE2DE0150D3}D:\nouveau dossier\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe" |In - Public - P17 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "TCP Query User{0DA08E54-A74A-449A-B139-826B7C3BFD1C}C:\users\souleyman\appdata\local\vghd\bin\virtuagirl_downloader.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\souleyman\appdata\local\vghd\bin\virtuagirl_downloader.exe (.not file.) =>Adware.VirtualGirl
O87 - FAEL: "UDP Query User{93B439AE-A9A7-45A4-A1A9-923CFDDB643E}C:\users\souleyman\appdata\local\vghd\bin\virtuagirl_downloader.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\souleyman\appdata\local\vghd\bin\virtuagirl_downloader.exe (.not file.) =>Adware.VirtualGirl
O87 - FAEL: "TCP Query User{18DC646D-15E2-49C9-B0CD-E6847CA7D614}D:\nouveau dossier\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe" |In - Public - P6 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "UDP Query User{BFCC34FC-2126-44B6-85EF-A91535413751}D:\nouveau dossier\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe" |In - Public - P17 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "TCP Query User{B8EF38A8-9597-4F35-9506-2ADE63DA7F16}D:\nouveau dossier\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe" |In - Public - P6 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "UDP Query User{B1155603-D43F-442B-978D-403E4092B658}D:\nouveau dossier\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe" |In - Public - P17 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "TCP Query User{97687F29-CE7F-4DC8-9FD6-BCAF908ACE8E}D:\nouveau dossier\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe" |In - Private - P6 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "UDP Query User{E0291C1E-199B-42A4-855A-E6E60F51E5AB}D:\nouveau dossier\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe" |In - Private - P17 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "TCP Query User{9848A475-AB31-42DD-8BD7-0E1D63F4F13C}D:\nouveau dossier\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe" |In - Private - P6 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "UDP Query User{295DAF17-39D8-45D9-827E-49FC7590A955}D:\nouveau dossier\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe" |In - Private - P17 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "TCP Query User{D211FD5E-334E-4BE5-98AB-137050320218}D:\nouveau dossier\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe" |In - Private - P6 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "UDP Query User{DE58B084-16C2-4AA6-BF96-C3E0907A3D80}D:\nouveau dossier\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe" |In - Private - P17 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "TCP Query User{8729164F-BE6F-48FE-82CF-CC1DCA084F42}D:\nouveau dossier\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe" |In - Private - P6 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "UDP Query User{E1803EDF-1533-4BC4-B889-BA1E2007B8ED}D:\nouveau dossier\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe" |In - Private - P17 - TRUE | .(...) -- D:\nouveau dossier\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe (.not file.)
O87 - FAEL: "{A29545BE-3F61-451F-A60C-F38AFFDFE7B3}" | In - Private - P6 - TRUE | .(.Dotc United Inc - Download Application.) -- C:\Users\Souleyman\AppData\Local\Temp\MPCOnline\MPCDownload.exe
O87 - FAEL: "{AFFF0815-2F50-43C5-BD09-10AC3A15C025}" | In - Private - P17 - TRUE | .(.Dotc United Inc - Download Application.) -- C:\Users\Souleyman\AppData\Local\Temp\MPCOnline\MPCDownload.exe
O87 - FAEL: "{FF05DDCF-399B-4B89-A8FE-8A983FBBDE1D}" | In - None - P17 - TRUE | .(...) -- C:\Users\Souleyman\AppData\Local\Temp\EHEQIU4YXE\chromedriver.exe
O87 - FAEL: "{793D9A14-EADF-4660-A942-2FDF01229B0E}" | In - None - P17 - TRUE | .(...) -- C:\Users\Souleyman\AppData\Local\Temp\Q4WZ2SIFQJ\chromedriver.exe
O87 - FAEL: "{508E5EDA-3AB8-4D29-A59E-A1352AC28F72}" | In - None - P17 - TRUE | .(...) -- C:\Users\Souleyman\AppData\Local\Temp\QQMIVSRB7N\chromedriver.exe
O87 - FAEL: "{E8DDE20F-CB86-402F-8052-C23DB3C2BAB7}" | In - None - P17 - TRUE | .(.重庆悦微捷科技有限公司 - 极速云网客户端服务程序.) -- C:\Program Files\YueweijieNetTrans\TransHost.exe
O87 - FAEL: "{08A9E463-273B-4624-A046-01476C2EA905}" | Out - None - P17 - TRUE | .(.重庆悦微捷科技有限公司 - 极速云网客户端服务程序.) -- C:\Program Files\YueweijieNetTrans\TransHost.exe
O87 - FAEL: "{9467F21E-AA74-42F9-B499-B6E724AAB263}" | In - None - P17 - TRUE | .(.猫哈网络 版权所有 - 猫哈免费WiFi支持服务.) -- C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
O87 - FAEL: "{AD59A1BC-1D44-48C1-ADB3-09D392490942}" | In - None - P17 - TRUE | .(.UCWeb Inc. - UC浏览器.) -- C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
O87 - FAEL: "{930A249D-0ACC-4C05-A186-22F75EC57034}" | In - None - P17 - TRUE | .(.UCWeb Inc. - UC浏览器.) -- C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
~ Firewall: 340 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "1C383F3C050D04A448F318176A0AC2A3" . (.Blade & Soul.) -- C:\WINDOWS\Installer\{C3F383C1-D050-4A40-843F-8171A6A02C3A}\ARPPRODUCTICON.exe
O90 - PUC: "537E56336A8449149988EC95CAA55E30" . (.Bing Bar.) -- C:\Windows\Installer\{3365E735-48A6-4194-9988-CE59AC5AE503}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "617DD6FF01B79624F991FF0BA74CDC59" . (.Bing Bar.) -- C:\Windows\Installer\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 124 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\C2DEF79F32EAEC69CEB387056444A1BD]:d="20160712"
[HKLM\Software\Wow6432Node\C2DEF79F32EAEC69CEB387056444A1BD]:="{9DC74CD5-24EA-4ADE-9C42-608A8CE17116}"
~ Export Key Software: Scanned in 00mn 00s



---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: - {088e3905-0323-4b02-9826-5d99428e115f}
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {24ad3ad4-a569-4530-98e1-ab02f9417aa8}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
O92 - MNS: - {d3162b92-9365-467a-956b-92703aca08af}
O92 - MNS: - {f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}
~ MNS: 11 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.E9A141DDFA31866294313210A2B6B2FF] [WIS][11/05/2016] (.Dropbox, Inc. - Dropbox Update Helper.) -- C:\Windows\Installer\1adaae.msi [31232]
[MD5.BF5A7C5158E18B11FFEB86B3796C8A09] [WIS][29/01/2016] (.NC Interactive, LLC - Blade & Soul Client.) -- C:\Windows\Installer\472251f.msi [90089472]
[MD5.DA1D4C968EE15FCFB0AE1CD410BB77F6] [WIS][11/02/2015] (.Riot Games - League of Legends.) -- C:\Windows\Installer\583d46.msi [3853824]
~ WIS: 129 Legitimates Filtered in 00mn 02s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing
~ BCK: 6062 Legitimates Filtered in 00mn 05s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 16/06/2016 270016 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 15/05/2016 2089472 | (backlh) . (...) - C:\ProgramData\Logic Handler\set.exe
SS - | Auto 12/07/2016 705760 | (bazeryControlszurotion.exe) . (...) - C:\Program Files (x86)\Tholigetermught\bazeryControlszurotion.exe
SS - | Auto 11/03/2014 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe =>Toolbar.Bing
SS - | Auto 11/05/2016 143144 | (dbupdate) . (.Dropbox, Inc..) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
SS - | Demand 11/05/2016 143144 | (dbupdatem) . (.Dropbox, Inc..) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
SS - | Auto 10/07/1658 0 | (dowidoly) . (...) - C:\Program F
A voir également:
  • Aide pour scrit ZHPFix
  • ZHPFix - Télécharger - Informations & Diagnostic

1 réponse

Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 658
12 juil. 2016 à 18:43
Salut,

Suis le tutoriel AdwCleaner d'Xplode
  • Télécharge le sur ton Bureau ou dans ton dossier des téléchargements,
  • Lance "AdwCleaner" et clique sur [Scanner],
  • L'analyse va durer plusieurs minutes, patiente,
  • Une fois le scan terminé, ne décoche rien, clique sur [Nettoyer],
  • Une fois le nettoyage terminé, un rapport va s'ouvrir,
  • Copie/colle le contenu du rapport dans ta prochaine réponse.


Si le copié/collé ne fonctionne pas, utilise le site http://pjjoint.malekal.com/ pour héberger ton rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt


puis :

Suis le tutoriel FRST. ( prends le temps de lire attentivement - tout y est bien expliqué ).

Télécharge et lance le scan FRST, 3 rapports FRST seront générés :
  • FRST.txt
  • Shortcut.txt
  • Additionnal.txt


Envoie ces 3 rapports sur le site http://pjjoint.malekal.com/ et en retour donne les 3 liens pjjoint qui mènent aux rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.


0