~ Rapport de ZHPDiag v2013.10.15.37 - Nicolas Coolman (15/10/2013) ~ Lancé par moi (15/10/2013 17:19:20) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16686 MFIE: Mozilla Firefox 24.0 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_COA_NSLP channel Windows ID Activation : OK ~ Windows Partial Key : H6X4M Windows License : OK ~ Windows Remaining Initializations Number : 5 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système avast! Free Antivirus v8.0.1497.0 Trusteer Sécurité des points d'accès v3.5.1302.61 Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v3.18 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer eMule µTorrent v2.2.1 =>P2P.µTorrent ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 25 ---\\ Informations sur le système ~ Processor: x86 Family 16 Model 2 Stepping 3, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2815 MB (62% free) System Restore: Activé (Enable) System drive C: has 72 GB (23%) free of 304 GB ---\\ Mode de connexion au système ~ Computer Name: XIB ~ User Name: moi ~ All Users Names: moi, ASPNET, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\moi\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\moi\AppData\Roaming\ ~ %Desktop% : C:\Users\moi\Desktop\ ~ %Favorites% : C:\Users\moi\Favorites\ ~ %LocalAppData% : C:\Users\moi\AppData\Local\ ~ %StartMenu% : C:\Users\moi\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 72 Go of 304 Go) D: Hard drive, Flash drive, Thumb drive (Free 47 Go of 153 Go) E: CD-ROM drive (Not Inserted) F: CD-ROM drive (Not Inserted) J: Hard drive, Flash drive, Thumb drive (Free 78 Go of 149 Go) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 38 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Explorateur Windows.) (.20/11/2010 - 13:17:09.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.535F6263035F2530A62D5D64EF6E73D3] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2013 - 04:59:10.) -- C:\Windows\System32\wininet.dll [1767936] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/914 ~ Mes musiques (My Musics) : 1/35 ~ Mes Videos (My Videos) : 1/3 ~ Mes Favoris (My Favorites) : 1/39 ~ Mes Documents (My Documents) : 3/881 ~ Mon Bureau (My Desktop) : 0/1460 ~ Menu demarrer (Programs) : 1/81 ~ Hidden Files: Scanned in 00mn 11s ---\\ Processus lancés [MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3696] [MD5.2F0EAAF91FC7A5C70D1F4BE9B18A1CF5] - (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe [354304] [PID.3744] [MD5.E98EA7471918E1987075815DC4C61001] - (.Yahoo! Inc. - Yahoo! Widgets.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [4742184] [PID.3976] [MD5.D565CAB5D617B563CF0DD4C19AA172CA] - (.Trusteer Ltd. - RapportService.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe [2476312] [PID.3360] [MD5.53334F792CD73638D16527F718EFDE1F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8088576] [PID.4936] [MD5.7D685AE28E6876EE5057DA51958F3CA7] - (.Microsoft Corporation - Serveur de personnalisation d’entrée.) -- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [294400] [PID.5076] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\zfjzzvu9.default\prefs.js M2 - MFEP: prefs.js [moi - zfjzzvu9.default\{9473F86A-8CD2-0C01-CF9E-946854F63D87}] [] New tab v5.0.0.9397 (..) P2 - FPN:Firefox Plugin Navigator . (.PopCap Games - PopCap Games Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\nppopcaploader.dll =>Adware.PopCap P2 - FPN: [HKLM] [@protectdisc.com/NPMPDRM] - (.Pas de propriétaire - fluxDVD Browser Plugin.) -- C:\Program Files\Common Files\mpDRM\NPMPDRM.dll P2 - FPN: [HKLM] [@scolring.org/scol] - (...) -- C:\Program Files\Scol Voyager\npScol.dll (.not file.) P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (...) -- C:\Users\moi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (.not file.) ~ Firefox Browser: 41 Legitimates Filtered in 00mn 02s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.) ~ IE Browser: 15 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 1 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Webcam Station Evolution SE.lnk . (.Guillemot Corporation S.A. - Hercules Webcam Station Evolution SE.) -- C:\Program Files\Hercules\Webcam Station Evolution SE\StationEvSE.exe O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [moi]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files\Astonsoft\DeepBurner\DeepBurner.exe O4 - GS\QuickLaunch [moi]: Free Video Converter.lnk . (.Koyote Soft - FreeVideoConverter.) -- C:\Program Files\Free Video Converter\FreeVideoConverter.exe O4 - GS\QuickLaunch [moi]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [moi]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [moi]: Mozilla Sunbird.lnk . (.Mozilla - Sunbird.) -- C:\Program Files\Mozilla Sunbird\sunbird.exe O4 - GS\QuickLaunch [moi]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) -- C:\Program Files\PrivaZer\PrivaZer.exe O4 - GS\QuickLaunch [moi]: Upgrade to Paltalk Extreme.lnk - Clé orpheline O4 - GS\QuickLaunch [moi]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\Program [moi]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [moi]: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) -- C:\Program Files\PrivaZer\PrivaZer.exe O4 - GS\SystemTools [moi]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SendTo [moi]: Free File Wiper.lnk . (...) -- C:\Users\moi\AppData\Local\temp\Rar$EX26.312\Free_File_Wiper.exe (.not file.) O4 - GS\Desktop [moi]: Eusing Free MP3 Cutter.lnk . (...) -- C:\Program Files\Eusing Free MP3 Cutter\mp3cutter.exe ~ Global Startup: 64 Legitimates Filtered in 00mn 03s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [moi]: Pense-bête.lnk . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation O4 - GS\Startup [moi]: Yahoo! Widgets.lnk . (.Yahoo! Inc. - Yahoo! Widgets.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [AMD AVT] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\Cmd.exe =>.Microsoft Corporation O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-1078184168-2510578676-2456167704-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (.not file.) O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - Synchronisation des favoris ActiveSync.) -- C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -- Clé orpheline O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - ((no name)) - (.Yahoo! Inc. - YInstHelper Module.) -- C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{A36D7D81-0BB1-4540-9F34-39DA7DB39024}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{B33E1019-B696-4B9B-B6DD-1FABF4B1EF76}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{A36D7D81-0BB1-4540-9F34-39DA7DB39024}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{B33E1019-B696-4B9B-B6DD-1FABF4B1EF76}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{A36D7D81-0BB1-4540-9F34-39DA7DB39024}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CS2\Services\Tcpip\..\{B33E1019-B696-4B9B-B6DD-1FABF4B1EF76}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\Program Files\movies~1\safety~1\safety~2.dll (.not file.) ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: SafetyNut Manager (SafetyNutManager) . (...) - C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe (.not file.) =>Adware.Bandoo O23 - Service: Fujitsu Siemens Computers Diagnostic Tes (TestHandler) . (.Fujitsu Siemens Computers - Testhandler Service.) - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe ~ Services: 11 Legitimates Filtered in 00mn 15s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\{48FAEAB8-A01A-41C4-9EF5-769149F0776D}.job [320] [MD5.00000000000000000000000000000000] [APT] [Test TimeTrigger] (...) -- C:\Users\moi\AppData\Local\Temp\Runner.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [Updater27096.exe] (...) -- C:\Users\moi\AppData\Local\Updater27096\Updater27096.exe (.not file.) [0] =>PUP.CrossRider [MD5.00000000000000000000000000000000] [APT] [Your File Updater] (...) -- C:\Program Files\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] =>PUP.YourFileDownloader [MD5.00000000000000000000000000000000] [APT] [{37A88D3E-540E-40EA-9FA4-9B106FD0CFAA}] (...) -- C:\Users\moi\Downloads\RUU_Mozart_HTC_Europe_1.30.401.01_5.54.09.21_22.33b.50_RELEASE.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{763E962F-C7D0-4223-BB02-5B6BB6AF08B7}] (...) -- C:\GTL\GTL.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{7A7428C7-940D-4F80-A85A-A5E7D891A5A4}] (...) -- C:\GTL\GTL.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{8EA1CD1C-78D2-44D6-915F-12E4BAA5E881}] (...) -- C:\Program Files\IncrediMail\Bin\IncMail.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{BA979223-3FF3-44BB-975A-18E55DBCE97C}] (...) -- C:\Users\moi\Downloads\ROF_ICE_Unlimited_Demo_1021b.exe (.not file.) [0] ~ Scheduled Task: 29 Legitimates Filtered in 00mn 07s ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: PixiePack Codec Pack 1.1.1200.0 - {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} . (...) -- C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe ~ Active Setup: 15 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Endurance Series by EnduRacers - rF1 FULL - (...) [HKCU] -- Endurance Series by EnduRacers - rF1 FULL O42 - Logiciel: GEM+/iGOR & Lee's GPL Setup Manager 2.5.0.32 - (.GPLSecrets Group.) [HKLM] -- GEM+/iGOR & Lee's GPL Setup Manager_is1 O42 - Logiciel: LT41217 Driver - (...) [HKLM] -- Rmtablet O42 - Logiciel: Patin-Couffin 36 - (.VSO-software.) [HKLM] -- Patin-Couffin Drivers_is1 O42 - Logiciel: Pensoft - (...) [HKLM] -- Pensoft O42 - Logiciel: Power&Glory v3.0 (remove only) - (.GTL Workshop.) [HKCU] -- Power&Glory v3.0 O42 - Logiciel: Yahoo! Widgets - (.Yahoo! Inc..) [HKLM] -- Yahoo! Widget Engine O42 - Logiciel: Yahoo! Widgets SDK - (...) [HKLM] -- Yahoo! Widgets SDK ~ Logic: 168 Legitimates Filtered in 00mn 02s ---\\ HKCU & HKLM Software Keys [HKCU\Software\1C-SoftClub] [HKCU\Software\1C] [HKCU\Software\GPL Replay Analyser] [HKCU\Software\GrandOrgue] [HKCU\Software\HeartWare] [HKCU\Software\OpenCV] [HKCU\Software\Our Organ] [HKCU\Software\PIP] [HKCU\Software\Screen Recording Suite] [HKCU\Software\SpeedCircuit] [HKCU\Software\Torrent2Exe.com] [HKCU\Software\WinVROC] [HKCU\Software\Yahoo] [HKLM\Software\1C-Softclub] [HKLM\Software\Exotypos] [HKLM\Software\GEM+] [HKLM\Software\GPLMods] [HKLM\Software\GPLPS] [HKLM\Software\SimracewayGame] [HKLM\Software\TWD] [HKLM\Software\Yahoo] ~ Key Software: 337 Legitimates Filtered in 00mn 02s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 13/03/2013 - 22:05:46 - [228,367] ----D C:\Program Files\PnG3 O43 - CFD: 25/01/2013 - 14:16:26 - [30,857] ----D C:\Program Files\Yahoo! O43 - CFD: 19/01/2012 - 15:16:19 - [4,642] ----D C:\Program Files\Common Files\KnifeEdge O43 - CFD: 16/03/2012 - 23:08:32 - [0] ----D C:\ProgramData\The Web Atom O43 - CFD: 11/10/2011 - 15:38:32 - [0,001] ----D C:\Users\moi\AppData\Roaming\.Ignition O43 - CFD: 04/02/2013 - 11:13:48 - [0,017] ----D C:\Users\moi\AppData\Roaming\CRDeltaTB =>Toolbar.DeltaSearch O43 - CFD: 23/01/2012 - 15:34:23 - [0] ----D C:\Users\moi\AppData\Roaming\LogMate O43 - CFD: 17/10/2012 - 16:38:07 - [24,242] ----D C:\Users\moi\AppData\Local\IM O43 - CFD: 21/09/2013 - 11:09:43 - [0] ----D C:\Users\moi\AppData\Local\Updater27096 =>PUP.CrossRider O43 - CFD: 25/01/2013 - 14:16:37 - [0,112] ----D C:\Users\moi\AppData\Local\Yahoo O43 - CFD: 21/12/2011 - 15:54:48 - [0,013] ----D C:\Users\moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Historic GT and Touring cars O43 - CFD: 25/09/2011 - 18:01:10 - [0,005] ----D C:\Users\moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pensoft O43 - CFD: 09/11/2012 - 19:43:30 - [0,002] ----D C:\Users\moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power&Glory v3.0 ~ 553 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 870 Legitimates Filtered in 01mn 53s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.3D53B393D0E85457574AD05F12CF3560] - 15/10/2013 - 13:01:43 ----- . (...) -- C:\bootsqm.dat [3424] O44 - LFC:[MD5.0A29D937F8C06EB6C32AE5E52D1A0A26] - 15/10/2013 - 13:20:10 ---A- . (...) -- C:\Windows\ntbtlog.txt [104390] ~ Files: 16 Legitimates Filtered in 00mn 14s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.DFEF3EE38F82F87451ADEAC0BE90BD05] - 15/10/2013 - 12:46:38 ---A- - C:\Windows\Prefetch\KDBSYNC.EXE-FEEAE65E.pf O45 - LFCP:[MD5.F1ABAD17CD93F9FBDDC1C70B8A537803] - 15/10/2013 - 12:52:15 ---A- - C:\Windows\Prefetch\WLRMDR.EXE-C2B47318.pf O45 - LFCP:[MD5.F058D894F62E8BF8CB24BD632A07449C] - 15/10/2013 - 13:09:31 ---A- - C:\Windows\Prefetch\REPAIR_WINDOWS.EXE-7AA70A22.pf O45 - LFCP:[MD5.43D888C4DDB14421224D8801E56E72E1] - 15/10/2013 - 14:21:59 ---A- - C:\Windows\Prefetch\EMULE.EXE-7607EBE0.pf O45 - LFCP:[MD5.419CEFF98CC38AD29F595160A055C0E7] - 15/10/2013 - 14:23:01 ---A- - C:\Windows\Prefetch\ZUMA.EXE-87B786E0.pf O45 - LFCP:[MD5.BCDAE4A321015468034030FCF3E25D8F] - 15/10/2013 - 15:56:25 ---A- - C:\Windows\Prefetch\YAHOOWIDGETS.EXE-3F1EBF0D.pf ~ Prefetcher: 110 Legitimates Filtered in 00mn 01s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel ~ IFEO: Scanned in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.BitTorrent O53 - SMSR:HKLM\...\startupreg\Zune Launcher [Key] . (...) -- C:\Program Files\Zune\ZuneLauncher.exe (.not file.) ~ SMSR Keys: 6 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.85ECE26F326C2D07BA77A60343468272] - 30/12/2010 - 14:19:40 ---A- . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys [16640] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: 16 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 14/10/2013 - 17:23:52 ---A- . (...) -- C:\Users\moi\AppData\Local\Thunderbird\Mozilla Thunderbird\active-update.xml [57] =>.Mozilla Corporation O61 - LFC: 14/10/2013 - 17:24:22 ---A- . (...) -- C:\Users\moi\Documents\reparation Windows installer.txt [9410] O61 - LFC: 14/10/2013 - 17:24:27 ---A- . (.ParetoLogic, Inc..) -- C:\Users\moi\Downloads\Repair-tool.exe [5162600] =>PUP.Paretologic O61 - LFC: 15/10/2013 - 17:24:16 ---A- . (...) -- C:\Users\moi\AppData\Roaming\ZHP\Log.txt [80419] =>.Nicolas Coolman O61 - LFC: 15/10/2013 - 17:24:16 ---A- . (...) -- C:\Users\moi\AppData\Roaming\ZHP\TestsZHPDiag.txt [2764] =>.Nicolas Coolman O61 - LFC: 15/10/2013 - 17:24:16 ---A- . (...) -- C:\Users\moi\AppData\Roaming\ZHP\ZHPADSReport.txt [0] =>.Nicolas Coolman O61 - LFC: 15/10/2013 - 17:24:16 ---A- . (...) -- C:\Users\moi\AppData\Roaming\ZHP\ZHPDiag.txt [49671] =>.Nicolas Coolman O61 - LFC: 15/10/2013 - 17:24:21 ---A- . (...) -- C:\Users\moi\Documents\rapport.txt [20224] O61 - LFC: 15/10/2013 - 17:24:23 ---A- . (...) -- C:\Users\moi\Downloads\adwcleaner.exe [1048960] ~ 16 Fichiers temporaires (Temporary files) ~ Files: 205 Legitimates Filtered in 01mn 07s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {F42D4712-298F-4502-8668-7B9940C3FB00} - (BasicSeek) - http://www.basicseek.com =>Hijacker.BasicSeek O69 - SBI: SearchScopes [HKUS\S-1-5-18] {F42D4712-298F-4502-8668-7B9940C3FB00} - (BasicSeek) - http://www.basicseek.com =>Hijacker.BasicSeek ~ Keys: Scanned in 00mn 00s ---\\ Enumère les fichiers Crack & Keygen (CKF) (O82) C:\Users\moi\Downloads\eMule\Incoming\Movavi Video Converter 11.2 Setup + KeyGen.rar C:\Users\moi\Downloads\eMule\Incoming\Movavi Video Converter 11.2 Setup + KeyGen.rar ~ Files: Scanned in 03mn 11s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.3CE9DE3340D567E49E2A73963AF7A333] [SPRF][02/11/2012] (...) -- C:\Users\moi\AppData\Local\fusioncache.dat [91] [MD5.6EA18C193AAF14F9EDFF65EED8EFAB2C] [SPRF][09/10/2013] (...) -- C:\Users\moi\AppData\Local\Temp\Quarantine.exe [344355] ~ Files: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "TCP Query User{06BC327E-4273-439C-842C-AE8925F46007}C:\program files\rfactor\rfactor.exe" | In - Public - P6 - TRUE | .(.Image Space Incorporated - rFactor.) -- C:\program files\rfactor\rfactor.exe O87 - FAEL: "UDP Query User{548EA619-CF0A-4625-9777-E34D4DC06661}C:\program files\rfactor\rfactor.exe" | In - Public - P17 - TRUE | .(.Image Space Incorporated - rFactor.) -- C:\program files\rfactor\rfactor.exe O87 - FAEL: "TCP Query User{A1B79F4D-4B2D-491C-A5C9-CDEC4870AF17}C:\historic gt\rfactor\rfactor.exe" | In - Public - P6 - TRUE | .(.Image Space Incorporated - rFactor.) -- C:\historic gt\rfactor\rfactor.exe O87 - FAEL: "UDP Query User{09441BCF-7AF3-4A3A-A7C4-9B612BBC1DD1}C:\historic gt\rfactor\rfactor.exe" | In - Public - P17 - TRUE | .(.Image Space Incorporated - rFactor.) -- C:\historic gt\rfactor\rfactor.exe O87 - FAEL: "TCP Query User{22537BF7-0EDE-44F4-991D-B9433CC44E01}E:\fscommand\updater.exe" |In - Private - P6 - TRUE | .(...) -- E:\fscommand\updater.exe (.not file.) O87 - FAEL: "UDP Query User{D782E6FD-06ED-4DCD-B7B1-F4DF40C71DB4}E:\fscommand\updater.exe" |In - Private - P17 - TRUE | .(...) -- E:\fscommand\updater.exe (.not file.) O87 - FAEL: "{046C1DD1-59F6-44E9-80DC-129D01F368BC}" |In - Public - P17 - TRUE | .(...) -- E:\fscommand\updater.exe (.not file.) O87 - FAEL: "{D9A58951-58DC-41BC-9644-BE434D61B28B}" |In - Public - P6 - TRUE | .(...) -- E:\fscommand\updater.exe (.not file.) O87 - FAEL: "TCP Query User{3D842AE3-944C-415B-8AF2-E3F922D08744}C:\gplsecrets\igor\igor.exe" | In - Public - P6 - TRUE | .(...) -- C:\gplsecrets\igor\igor.exe O87 - FAEL: "UDP Query User{C9FA519A-E030-4A56-A45F-80CD144A669F}C:\gplsecrets\igor\igor.exe" | In - Public - P17 - TRUE | .(...) -- C:\gplsecrets\igor\igor.exe O87 - FAEL: "TCP Query User{F4C60CD9-C19C-4E46-B53F-E99DC0B36F24}C:\gplsecrets\vroc\winvroc\winvroc.exe" | In - Private - P6 - TRUE | .(.Lawrence L. Holbert - Main WinVROC Module.) -- C:\gplsecrets\vroc\winvroc\winvroc.exe O87 - FAEL: "UDP Query User{75563589-E0F3-4DF8-B0FC-E1E61E4938FA}C:\gplsecrets\vroc\winvroc\winvroc.exe" | In - Private - P17 - TRUE | .(.Lawrence L. Holbert - Main WinVROC Module.) -- C:\gplsecrets\vroc\winvroc\winvroc.exe O87 - FAEL: "{D9B2BEEE-4EF2-4596-A56C-53088A25AC70}" | In - Public - P17 - TRUE | .(.Lawrence L. Holbert - Main WinVROC Module.) -- C:\gplsecrets\vroc\winvroc\winvroc.exe O87 - FAEL: "{9935F961-BD46-4009-AD5E-9D74255D3ADE}" | In - Public - P6 - TRUE | .(.Lawrence L. Holbert - Main WinVROC Module.) -- C:\gplsecrets\vroc\winvroc\winvroc.exe O87 - FAEL: "TCP Query User{3EDDEFA0-D76B-43A5-8468-ABCA42F71C1F}C:\Program Files\lg electronics\lg pc suite\smartsharera.exe" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\lg electronics\lg pc suite\smartsharera.exe O87 - FAEL: "UDP Query User{498716CB-7A9C-4E77-921F-FF05BD08EDE0}C:\Program Files\lg electronics\lg pc suite\smartsharera.exe" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\lg electronics\lg pc suite\smartsharera.exe ~ Firewall: 273 Legitimates Filtered in 00mn 03s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.8F3862F231BD2B7D766A8272CA2FE5C1] [WIS][01/07/2011] (.DocumentViewerQFolder - DocumentViewerQFolder.) -- C:\Windows\Installer\174e99.msi [121344] [MD5.92B873BCA64B297A656417BD767D1A3D] [WIS][04/09/2011] (.Carsten Wenzel - Far Cry (Patch 2).) -- C:\Windows\Installer\175e3da.msi [63524352] [MD5.147D1988AD45E82906385C5C8FFD0264] [WIS][04/09/2011] (.Carsten Wenzel - Far Cry (Patch 1.3).) -- C:\Windows\Installer\18ad000.msi [72567808] [MD5.A5CCE305668674B827C1003F4241104B] [WIS][11/10/2011] (.Team Players - Team Players Corvette C6R.) -- C:\Windows\Installer\1b3e0a9.msi [86168100] [MD5.D2DEB536BFDD0F334A7D573ED56518C4] [WIS][17/08/2011] (.None - PixiePack Codec Pack.) -- C:\Windows\Installer\1d382ea.msi [325120] [MD5.88C07DBA19B120B0A49DD63985D42131] [WIS][05/09/2011] (.Carsten Wenzel - Far Cry (Patch 1.31).) -- C:\Windows\Installer\2be874.msi [8463360] [MD5.4387BCB6D9F7AACFFB52D06CB608D1DC] [WIS][05/09/2011] (.Carsten Wenzel - Far Cry (Patch 1.32).) -- C:\Windows\Installer\2be88e.msi [20801536] [MD5.B30998DA769EC03AEEB59CE034A4A260] [WIS][05/09/2011] (.Denis Barth - Far Cry (Patch 1.33).) -- C:\Windows\Installer\2be8a9.msi [21384704] [MD5.B670A591B510AEF7C334B7C727E30B7A] [WIS][05/09/2011] (.Denis Barth - Far Cry (Patch 1.4).) -- C:\Windows\Installer\58168e.msi [128876544] [MD5.80FDE84F1454AA3720C35D38D7D76CA7] [WIS][25/06/2011] (.NETGEAR - WG311v3.) -- C:\Windows\Installer\599d1.msi [4003840] [MD5.7AE5FF598B22E4F65558BAF73107FA7E] [WIS][14/05/2009] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\5d7e5.msi [459264] [MD5.D2F34AF196CCAF29A124324392FC3DFF] [WIS][11/05/2013] (.Valve Corporation - Steam.) -- C:\Windows\Installer\71d391.msi [8532992] [MD5.76A80F4FE7222D1F8BC3B4282B3A3265] [WIS][09/10/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\8e983.msi [22413312] ~ WIS: 191 Legitimates Filtered in 00mn 37s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 09/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 15/02/2013 219136 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 16/11/2012 291840 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SS - | Auto 20/02/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 20/02/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 28/05/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 27/09/2010 4180576 | (hasplms) . (.SafeNet Inc..) - C:\Windows\system32\hasplms.exe SR - | Demand 14/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 07/09/2012 1828496 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe SS - | Demand 01/10/2012 295224 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe SR - | Auto 16/03/2007 537520 | (lxbc_device) . (...) - C:\Windows\system32\lxbccoms.exe SR - | Auto 22/04/2013 754000 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SS - | Demand 01/10/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 10/09/2013 1435928 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe SS - | Auto 10/07/1658 0 | (SafetyNutManager) . (...) - C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe =>Adware.Bandoo SS - | Demand 07/04/2008 430592 | (ServiceLayer) . (.Nokia..) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe SS - | Demand 04/10/2012 529744 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 38s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by moi at 15/10/2013 17:29:04 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 12948 - (15/10/2013) Clés trouvées (Keys found) : 11 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 2 [HKLM\SYSTEM\CurrentControlSet\Services\SafetyNutManager] =>Adware.Bandoo^ [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}] =>Adware.GamePlayLabs [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] =>Toolbar.Conduit [HKLM\Software\Microsoft\Tracing\YourFile_RASAPI32] =>PUP.YourFileDownloader [HKLM\Software\Microsoft\Tracing\YourFileUpdater_RASAPI32] =>PUP.YourFileDownloader [HKLM\Software\Microsoft\Tracing\YourFileUpdater_RASMANCS] =>PUP.YourFileDownloader [HKCU\Software\PIP] =>Toolbar.Ask [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211701196}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211701196}] =>PUP.CrossRider C:\Users\moi\AppData\Roaming\CRDeltaTB =>Toolbar.DeltaSearch^ C:\Users\moi\AppData\Local\Updater27096 =>PUP.CrossRider^ C:\Users\moi\Downloads\Repair-tool.exe =>PUP.Paretologic^ C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe =>Adware.Bandoo^ ~ Additionnel Scan: 419195 Items scanned in 00mn 54s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/26666257-adware-popcap =>Adware.PopCap ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ http://nicolascoolman.webs.com/apps/blog/show/27752690-pup-yourfiledownloader =>PUP.YourFileDownloader ~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard =>PUP.BitGuard ~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel ~ http://nicolascoolman.webs.com/apps/blog/show/30068076-pup-paretologic =>PUP.Paretologic ~ http://nicolascoolman.webs.com/apps/blog/show/26820943-adware-gameplaylabs =>Adware.GamePlayLabs ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ MSI: 11 link(s) detected in 00mn 54s ~ 2452 Legitimates filtered by white list End of the scan (573 lines in 10mn 39s)(2)