Bonjour G225,
Voilà mes 3 textes ... espérons !
MBAM : Malwarebytes Anti-Malware
www.malwarebytes.org
Date de l'examen: 19/02/2015
Heure de l'examen: 12:48:45
Fichier journal: Mbam.txt
Administrateur: Oui
Version: 2.00.4.1028
Base de données Malveillants: v2015.02.19.05
Base de données Rootkits: v2015.02.03.01
Licence: Premium
Protection contre les malveillants: Activé(e)
Protection contre les sites Web malveillants: Activé(e)
Auto-protection: Activé(e)
Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Admin
Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 372881
Temps écoulé: 12 min, 40 sec
Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Activé(e)
Heuristique: Activé(e)
PUP: Activé(e)
PUM: Activé(e)
Processus: 0
(Aucun élément malicieux detecté)
Modules: 0
(Aucun élément malicieux detecté)
Clés du Registre: 0
(Aucun élément malicieux detecté)
Valeurs du Registre: 0
(Aucun élément malicieux detecté)
Données du Registre: 0
(Aucun élément malicieux detecté)
Dossiers: 0
(Aucun élément malicieux detecté)
Fichiers: 0
(Aucun élément malicieux detecté)
Secteurs physiques: 0
(Aucun élément malicieux detecté)
(end)
AdwCleaner[S0] :
# AdwCleaner v4.111 - Rapport créé le 19/02/2015 à 13:21:16
# Mis à jour le 18/02/2015 par Xplode
# Base de données : 2015-02-18.3 [Serveur]
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (x64)
# Nom d'utilisateur : Admin - ORDI-6
# Exécuté depuis : G:\Download\0-C\AdwCleaner\adwcleaner.exe
# Option : Nettoyer
***** [ Services ] *****
***** [ Fichiers / Dossiers ] *****
***** [ Tâches planifiées ] *****
***** [ Raccourcis ] *****
***** [ Registre ] *****
***** [ Navigateurs ] *****
-\\ Internet Explorer v10.0.9200.17229
-\\ Google Chrome v
*************************
AdwCleaner[R27].txt - [806 octets] - [31/12/2014 01:00:33]
AdwCleaner[R28].txt - [1480 octets] - [21/01/2015 12:59:00]
AdwCleaner[R29].txt - [1584 octets] - [06/02/2015 23:22:05]
AdwCleaner[R30].txt - [1077 octets] - [09/02/2015 17:36:48]
AdwCleaner[R31].txt - [1139 octets] - [12/02/2015 17:15:09]
AdwCleaner[R32].txt - [1200 octets] - [18/02/2015 19:40:51]
AdwCleaner[R33].txt - [1261 octets] - [19/02/2015 13:19:25]
AdwCleaner[S20].txt - [1550 octets] - [21/01/2015 13:01:03]
AdwCleaner[S21].txt - [1659 octets] - [06/02/2015 23:24:20]
AdwCleaner[S22].txt - [1184 octets] - [19/02/2015 13:21:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S22].txt - [1245 octets] ##########
ZHPDiag :
~ Rapport de ZHPDiag v2015.2.19.21 - Nicolas Coolman (19/02/2015)
~ Lancé par Admin (19/02/2015 13:40:03)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.17229 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : V4W4B
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.0.4.1028
Windows Defender W7 (Deactivate)
---\\ Logiciels d'optimisation du système
CCleaner v5.01
---\\ Logiciels de partage PeerToPeer
µTorrent v3.1.3 =>P2P.µTorrent
---\\ Surveillance de Logiciels
Adobe Flash Player 16 ActiveX
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8087 MB (67% free)
System Restore: Désactivé (Disabled)
System drive C: has 113 GB (62%) free of 180 GB
---\\ Mode de connexion au système
~ Computer Name: ORDI-6
~ User Name: Admin
~ All Users Names: UpdatusUser, Administrateur, Admin,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Admin\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Admin\AppData\Roaming\
~ %Desktop% : C:\Users\Admin\Desktop\
~ %Favorites% : F:\Favoris\
~ %LocalAppData% : C:\Users\Admin\AppData\Local\
~ %StartMenu% : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 113 Go of 180 Go)
D: Hard drive, Flash drive, Thumb drive (Free 5 Go of 8 Go)
E: Hard drive, Flash drive, Thumb drive (Free 6 Go of 12 Go)
F: Hard drive, Flash drive, Thumb drive (Free 9 Go of 10 Go)
G: Hard drive, Flash drive, Thumb drive (Free 432 Go of 721 Go)
U: Hard drive, Flash drive, Thumb drive (Free 2103 Go of 3726 Go)
V: CD-ROM drive (Not Inserted)
W: CD-ROM drive (Not Inserted)
X: CD-ROM drive (Not Inserted)
Y: CD-ROM drive (Not Inserted)
Z: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyPics: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D214A7272A039B63E1DBCF6C249BC500] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/01/2015 - 07:59:28.) -- C:\Windows\System32\wininet.dll [2237952]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 04:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.25/02/2011 - 07:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1533
~ Mes musiques (My Musics) : 1/270
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/557
~ Mes Documents (My Documents) : 1/1490
~ Mon Bureau (My Desktop) : 0/201
~ Menu demarrer (Programs) : 1/419
~ Hidden Files: Scanned in 00mn 02s
---\\ Processus lancés
[MD5.4BA84C832E0741A294C4444556DFE993] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928] [PID.2088]
[MD5.3C13F26A4766752314A5413038BD86B4] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- D:\Applis\0-C\AM\MalwarebytesAnti-Malware\mbam.exe [7229752] [PID.4240]
[MD5.A0C88349651D9F5421AFD363C27102E8] - (.Symantec Corporation - Norton 360.) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [265040] [PID.2196]
[MD5.AE106E133C8660AB8B78CD67C9004A5B] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer.exe [16764688] [PID.3064]
[MD5.784C46078733CE7915B0810E1DD2FB34] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [1112656] [PID.5380]
[MD5.74422E42099FDA6E206E0DA0112B3A8F] - (.Samsung Electronics Co., Ltd. - Smart Setting Program.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2277256] [PID.5396]
[MD5.FF4F0A9F049A5E5FADF0FE4DD0E63D63] - (.Samsung Electronics Co., Ltd. - MovieColorEnhancer.exe.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [784264] [PID.5404]
[MD5.5AB7CCCEB94C3C9ECE35142CCC527B0D] - (.Samsung Electronics - Easy Speed Up Manager.) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [1640328] [PID.5412]
[MD5.9806EAFE682766EADEE921DCBDA5231A] - (.Heidi Computers Ltd - Eraser..) -- D:\Applis\D-F\Eraser\eraser.exe [634880] [PID.1680]
[MD5.BE0186C2984A1A04E84FF94EE07ACA0C] - (.TomTom - MyDrive Connect.) -- C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376] [PID.4516]
[MD5.D192592FD0A99D9F360906D3F6DFBFF1] - (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928] [PID.4524]
[MD5.CD728F3C52C78B01F3C4E4C586B4ABB7] - (.Acronis - Acronis True Image Monitor.) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7842712] [PID.5900]
[MD5.3BB92560C86512348B53A0F4436044E7] - (.Acronis International GmbH - Acronis TIB Mounter Monitor.) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104320] [PID.6456]
[MD5.B793DDE01D181ED91F333BF10FE2FC50] - (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168] [PID.6668]
[MD5.7F42FFCD6FF7CA558C2D95DADCD5EFA9] - (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440] [PID.6128]
[MD5.E3D5C5E7D2E4A77D96153F0FBBE0FAA3] - (...) -- C:\Program Files (x86)\FDD + FMD Combo Reader\CZFMDxpk.exe [266240] [PID.1316]
[MD5.403E928BA217E38485009636C793F3C9] - (...) -- D:\Applis\T-V\Unlocker\UnlockerAssistant.exe [15872] [PID.5944]
[MD5.6364FA7D825B600251A4D1DE7D6FF695] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.2248]
[MD5.E7614A53164694FBC124130729CED616] - (.H+H Software GmbH - Virtual CD - Player.) -- D:\Applis\T-V\VCDv10\System\VC10Play.exe [411976] [PID.6180]
[MD5.31E3CDEABD9F89AED78C08A391D6A7D2] - (.Western Digital Technologies, Inc. - WD Quick View.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136] [PID.716]
[MD5.3DF7AC30A381C57D0C70EAEFEE3C4EF2] - (.Google Inc. - Gmail Notifier.) -- D:\Applis\G-I\GMailNotify\Gmail Notifier\gnotify.exe [479232] [PID.7012]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.6140]
[MD5.3F63F9C37038D314356F0CBD59415A11] - (.Pas de propriétaire - Application MFC hyperappel.) -- D:\Applis\J-L\Larousse\Petit Larousse 2009\bin\Hyperappel.exe [237568] [PID.416]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.3804]
[MD5.ED6F2C71F147276CC162DA771A9D9E18] - (.H+H Software GmbH - Virtual CD - Quick Start Utility.) -- D:\Applis\T-V\VCDv10\System\VC10Tray.exe [323912] [PID.5432] =>PUP.QuickStart
[MD5.6D228FD62AB416C076D2E4B944DDA4FB] - (.H+H Software GmbH - Forward COM-Server.) -- D:\Applis\T-V\VCDv10\System\vc10fwd.exe [85320] [PID.5284]
[MD5.0D7CED1848C5B2F8FE78D54FE33FF17C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8175616] [PID.6748]
[MD5.02B6AA01C06BAEFFD6573EBAB2B8B677] - (...) -- C:\Program Files (x86)\FDD + FMD Combo Reader\Czfmdser.exe [28672] [PID.1732]
[MD5.E54DA03A8EEB8C002C6F2E709B08651A] - (.Ellora Assets Corp. - CaptureLibService.) -- D:\Applis\D-F\Freemake\CaptureLib\CaptureLibService.exe [9216] [PID.1912]
[MD5.54C6B346D6FF1944A6E7587EB4942589] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165664] [PID.1312]
[MD5.0BB29DE40C9D9529793DCDB59A43CF5B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- D:\Applis\0-C\AM\MalwarebytesAnti-Malware\mbamscheduler.exe [1871160] [PID.1156]
[MD5.5F82D8188B370B0CF185D4AE2B9B4A0E] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- D:\Applis\0-C\AM\MalwarebytesAnti-Malware\mbamservice.exe [969016] [PID.2060]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.2160]
[MD5.5E66ABD041D76C46CBF55AEF910FCA56] - (...) -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624] [PID.2396]
[MD5.37A33B6CA6CC370C1B269DDDCA716F06] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176] [PID.2596]
[MD5.17DFE3E67A89721AF755117E5EAAA9A7] - (.H+H Software GmbH - Virtual CD - Management Service.) -- D:\Applis\T-V\VCDv10\System\VC10SecS.exe [144712] [PID.2860]
[MD5.AFA293DAE84019BB65E17F926E9F5185] - (.Western Digital Technologies, Inc. - WD Drive Service.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704] [PID.3048]
[MD5.3A164E4C3F453230B6F6C3BD319D83C1] - (.Western Digital Technologies, Inc. - WD Backup Engine.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808] [PID.3204]
[MD5.83BB030C71C9727DCFB2737005772C4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe [232264] [PID.4828]
[MD5.54BB9A16DFBE1D39E1C71A5DE453785D] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\tv_w32.exe [229136] [PID.5664]
[MD5.F9786A8C30798EB9FA64D226B08E6BF4] - (.Motorola Solutions, Inc. - Bluetooth Device Monitor.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [1095616] [PID.5892]
[MD5.05043E2CD76CCEA2F71F56C2A16C4D85] - (.Motorola Solutions, Inc. - Bluetooth Media Service.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1333184] [PID.3088]
[MD5.120E270AE4C75459051AA1D56ECBDE49] - (.Motorola Solutions, Inc. - Bluetooth OBEX Service.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1124288] [PID.6240]
[MD5.EA7E57F87D6FEE5FD6C5F813C04E8CD2] - (.Brother Industries, Ltd. - BrYNCSvc.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760] [PID.5592]
[MD5.777788D9B63CCEEEF2DB353BA4EDD454] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14904] [PID.7496]
[MD5.CA759506BF0C7186A9B6B90551353E3B] - (.Intel Corporation - Intel(R) ME Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824] [PID.7332]
[MD5.4BE94D758691FAA00181F799CF528088] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277792] [PID.7956]
[MD5.B509744A1DC808B32D67DEABB3B82470] - (.Acronis - TrueImage Sync Agent Service.) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7151024] [PID.7608]
[MD5.C3F2CA25E371DA2EB0AE13DDF9484FDE] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [364832] [PID.6684]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Désactivé)
G2 - GCE: Preference [User Data\Default] [bepbmhgboaologfdajaanbcjmnhjmhfn] Google Voice Search Hotword (Beta) v.0.1.1.5023, (Désactivé)
G2 - GCE: Preference [User Data\Default] [dnhpdliibojhegemfjheidglijccjfmc] hotword helper v.0.0.2.0 (Activé)
G2 - GCE: Preference [User Data\Default] [fadgflmigmogfionelcpalhohefbnehm] Block Yourself from Analytics v.2.3.0 (Activé)
G2 - GCE: Preference [User Data\Default] [iikflkcanblccfahdhdonehdalibjnif] Norton Identity Safe v.1.0.5 (Désactivé)
G2 - GCE: Preference [User Data\Default] [jpnbcnjminaklpgemhabgehipdlpcono] FreeHDSport TV V7.0 v.1.26.13, (Activé) =>Hijacker.FreehdsportTV
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.8.59 (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 29 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com
~ IE Browser: 23 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (15423)
~ Hosts File: Scanned in 00mn 06s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Classic Explorer Bar - [HKLM]{553891B7-A0D5-4526-BE18-D3CE461D6310} . (.IvoSoft - Adds classic Windows Explorer features.) -- D:\Applis\0-C\ClassicShell\ClassicExplorer64.dll
O3 - Toolbar: (no name) - [HKLM]{57434C32-2D56-3700-76A7-7A786E7484D7} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [Admin]: Applian Director.lnk . (.Applian Technologies Inc. - Applian Director.) -- C:\Program Files (x86)\Applian Director 3\Director.exe =>PUP.ApplianTechnologies
O4 - GS\QuickLaunch [Admin]: RepConvert4.lnk . (.(Author: Mike Christensen) Applian Technolo - Replay Converter.) -- D:\Applis\P-S\ReplayCaptureSuite\ReplayConverter.exe =>PUP.ApplianTechnologies
O4 - GS\QuickLaunch [Admin]: RepMusic6.lnk . (.(Author: Mike Christensen) Applian Technolo - Replay Music.) -- D:\Applis\P-S\ReplayCaptureSuite\ReplayMusic.exe =>PUP.ApplianTechnologies
O4 - GS\QuickLaunch [Admin]: RepVidCap7.lnk . (.AllAlex, Inc / Applian Technnologies, Inc - Replay Video Capture Startup.) -- D:\Applis\P-S\ReplayCaptureSuite\RVC.exe =>PUP.ApplianTechnologies
~ Global Startup: 4 Legitimates Filtered in 00mn 06s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [Classic Start Menu] . (.IvoSoft - Classic Start Menu.) -- D:\Applis\0-C\ClassicShell\ClassicStartMenu.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] . (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Eraser] . (.Heidi Computers Ltd - Eraser..) -- D:\Applis\D-F\Eraser\eraser.exe
O4 - HKCU\..\Run: [MyDriveConnect.exe] . (.TomTom - MyDrive Connect.) -- C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- D:\Applis\0-C\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKCU\..\Run: [WSHelperSetup.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [TrueImageMonitor.exe] . (.Acronis - Acronis True Image Monitor.) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [AcronisTibMounterMonitor] . (.Acronis International GmbH - Acronis TIB Mounter Monitor.) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [CanonQuickMenu] :C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [IJNetworkScannerSelectorEX] . (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
O4 - HKLM\..\Wow6432Node\Run: [Wondershare Helper Compact.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [WSHelperSetup.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-808812791-3364131652-3434471583-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-808812791-3364131652-3434471583-1001\..\Run: [Eraser] . (.Heidi Computers Ltd - Eraser..) -- D:\Applis\D-F\Eraser\eraser.exe
O4 - HKUS\S-1-5-21-808812791-3364131652-3434471583-1001\..\Run: [MyDriveConnect.exe] . (.TomTom - MyDrive Connect.) -- C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
O4 - HKUS\S-1-5-21-808812791-3364131652-3434471583-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- D:\Applis\0-C\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKUS\S-1-5-21-808812791-3364131652-3434471583-1001\..\Run: [WSHelperSetup.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Classic IE Settings [64Bits] - {56753E59-AF1D-4FBA-9E15-31557124ADA2} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4AE2719-13E1-4508-8AED-93626E073462}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{7772B2B7-66EB-4000-A9CE-9F6F2323FAA7}: DhcpNameServer = 127.0.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D22D302-AB26-49E1-BFB0-F2387D123BC6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{7772B2B7-66EB-4000-A9CE-9F6F2323FAA7}: DhcpDomain = smallbusiness.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D22D302-AB26-49E1-BFB0-F2387D123BC6}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{C4AE2719-13E1-4508-8AED-93626E073462}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{7772B2B7-66EB-4000-A9CE-9F6F2323FAA7}: DhcpNameServer = 127.0.0.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9D22D302-AB26-49E1-BFB0-F2387D123BC6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{7772B2B7-66EB-4000-A9CE-9F6F2323FAA7}: DhcpDomain = smallbusiness.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{9D22D302-AB26-49E1-BFB0-F2387D123BC6}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{C4AE2719-13E1-4508-8AED-93626E073462}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS2\Services\Tcpip\..\{7772B2B7-66EB-4000-A9CE-9F6F2323FAA7}: DhcpNameServer = 127.0.0.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9D22D302-AB26-49E1-BFB0-F2387D123BC6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{7772B2B7-66EB-4000-A9CE-9F6F2323FAA7}: DhcpDomain = smallbusiness.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{9D22D302-AB26-49E1-BFB0-F2387D123BC6}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) --
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Jaksta Technologies Pty Ltd - Jaksta audio capture.) - C:\windows\Jaksta\AC\x64\jaudcap.dll
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: CZFMDSER.EXE (CZFMDSER.EXE) . (...) - C:\Program Files (x86)\FDD_FM~1\CZFMDSER.exe
O23 - Service: SamsungDeviceConfiguration (SamsungDeviceConfigurationWinService) . (...) - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
O23 - Service: Virtual CD v10 Management Service (VC10SecS) . (.H+H Software GmbH - Virtual CD - Management Service.) - D:\Applis\T-V\VCDv10\System\VC10SecS.exe
~ Services: 34 Legitimates Filtered in 00mn 10s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [4670] (...) -- C:\Users\Admin\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Wise Disk Cleaner Schedule Task] (...) -- D:\Applis\W-Z\Wise Disk Cleaner\WiseDiskCleaner.exe (.not file.) [0]
[MD5.6F5C5DFBB3A7BB1B5F4E5C33DA6F816A] [APT] [{33743ED0-F388-44D3-9263-1B87E98A48AD}] (.Yellow Computing Germany.) -- F:\Casio\SFIWIN.exe [1345216]
[MD5.A58EF83194500CE63AB3C33060816C14] [APT] [{3F59F408-84EE-4151-997B-53BDE3CC137A}] (.Fridgesoft.) -- D:\Applis\G-I\HardDiskOgg\Harddisk.exe [513536]
[MD5.6F5C5DFBB3A7BB1B5F4E5C33DA6F816A] [APT] [{5BCBEAF6-D55D-4471-8347-A4987655C219}] (.Yellow Computing Germany.) -- F:\Casio\SFIWIN.exe [1345216]
[MD5.00000000000000000000000000000000] [APT] [{67A8EA29-2AF4-447A-934A-DB2C5121DB74}] (...) -- Y:\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6F04F360-6C78-4DE0-BE83-329829A23C9A}] (...) -- G:\Download\0-C\CanonDriver\Twain\lide20lide30n670un676un1240uvst7031a_xpfr\SetupSG.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6FF8A273-A193-467A-848D-5CC7169250AF}] (...) -- G:\Download\0-C\CanonDriver\Twain\lide20lide30n670un676un1240uvst7031a_xpfr\SetupSG.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{890F62F6-B447-4CB5-9979-2762D976FF07}] (...) -- Y:\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8AF505CA-23CE-49A6-8EEE-C4094F85174C}] (...) -- Y:\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A8CCE2D2-6C78-419A-843C-73E9D7394F72}] (...) -- W:\Start.exe (.not file.) [0]
[MD5.6F5C5DFBB3A7BB1B5F4E5C33DA6F816A] [APT] [{D6243147-8322-4FC6-AC53-45547C291761}] (.Yellow Computing Germany.) -- F:\Casio\SFIWIN.exe [1345216]
[MD5.00000000000000000000000000000000] [APT] [{EEAE95DD-FA4B-4F8C-9B33-6A0EEAF78711}] (...) -- G:\install.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: Wise Disk Cleaner Schedule Task - (...) -- C:\Windows\Tasks\Wise Disk Cleaner Schedule Task.job [388]
O39 - APT: Wise Disk Cleaner Schedule Task - (...) -- C:\Windows\System32\Tasks\Wise Disk Cleaner Schedule Task [388]
~ Scheduled Task: 37 Legitimates Filtered in 00mn 03s
---\\ Logiciels installés (O42)
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {57434C32-2D56-3700-76A7-A758B70C0A06} =>Toolbar.Avira
O42 - Logiciel: MiniGet 1.0.8.2504 - (.MiniGet.) [HKLM][64Bits] -- MiniGet
O42 - Logiciel: STX OpenClose 2.0 - (.STX.) [HKLM][64Bits] -- STX OpenClose_is1
O42 - Logiciel: SafeIP - (.SafeIP.) [HKLM][64Bits] -- SAFEIP_is1
O42 - Logiciel: The Weather Channel App - (.The Weather Channel.) [HKLM][64Bits] -- {167158CE-1637-4167-8A1C-C2549EEA966A}
O42 - Logiciel: Virtual CD v10 - (.H+H Software GmbH.) [HKLM][64Bits] -- {10C51313-A308-4B40-90E3-B368D5882660}
~ Logic: 51 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\49030InstEnd]
[HKCU\Software\Beamrise] =>Hijacker.Beamrise
[HKCU\Software\Rapid Environment Editor]
[HKCU\Software\SafeIP]
[HKCU\Software\SecretSauce] =>Adware.SecretSauce
[HKCU\Software\The Weather Channel]
[HKCU\Software\Video Padlock]
[HKLM\Software\Wow6432Node\KSW]
[HKLM\Software\Wow6432Node\SecretSauce] =>Adware.SecretSauce
[HKLM\Software\Wow6432Node\Video Padlock]
[HKLM\Software\Wow6432Node\WafCX]
~ Key Software: 589 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/02/2015 - 17:41:41 - [] ----D C:\Program Files (x86)\MiniGet
O43 - CFD: 19/02/2015 - 04:15:38 - [] ----D C:\Program Files (x86)\MyDrive Connect
O43 - CFD: 17/09/2012 - 18:49:44 - [] ----D C:\Program Files (x86)\Virtual CD v9
O43 - CFD: 28/09/2012 - 10:49:53 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 30/01/2014 - 00:23:06 - [] ----D C:\ProgramData\ClassicShell
O43 - CFD: 03/02/2015 - 19:38:33 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 14/06/2014 - 10:17:05 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Admin
O43 - CFD: 12/02/2014 - 17:19:49 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Object Rexx
O43 - CFD: 03/03/2012 - 06:34:23 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 12/05/2014 - 18:24:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
O43 - CFD: 09/09/2014 - 11:17:56 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Useless
O43 - CFD: 28/06/2014 - 19:29:04 - [] ----D C:\Users\Admin\AppData\Roaming\BBCiPlayerDownloads
O43 - CFD: 19/02/2015 - 01:54:23 - [] ----D C:\Users\Admin\AppData\Roaming\ClassicShell
O43 - CFD: 15/01/2015 - 10:15:20 - [0] ----D C:\Users\Admin\AppData\Roaming\HMYGSetting
O43 - CFD: 12/02/2015 - 17:15:44 - [] ----D C:\Users\Admin\AppData\Roaming\MiniGet
O43 - CFD: 30/07/2014 - 15:00:00 - [] ----D C:\Users\Admin\AppData\Roaming\Replay Radio 9
O43 - CFD: 18/10/2012 - 16:34:37 - [] -S--D C:\Users\Admin\AppData\Roaming\Virtual CD v10
O43 - CFD: 30/07/2014 - 14:58:49 - [] ----D C:\Users\Admin\AppData\Roaming\WMBrowser
O43 - CFD: 29/12/2014 - 18:21:49 - [0] ----D C:\Users\Admin\AppData\Local\com
O43 - CFD: 11/02/2015 - 14:21:44 - [] ----D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Admin
O43 - CFD: 12/02/2015 - 17:15:44 - [] ----D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiniGet
O43 - CFD: 05/05/2014 - 16:22:06 - [] --H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled
~ Program Folder: 314 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.623D94E5AF08EBB3F3D89CCC35260613] - 12/02/2015 - 02:27:38 ---A- . (...) -- C:\Windows\System32\TeamViewer10_Hooks.log [3198]
O44 - LFC:[MD5.37CA83ED8A5E99DFA719126254D737A0] - 19/02/2015 - 11:19:11 ---A- . (...) -- C:\Windows\BRCALIB.INI [334]
~ Files: 80 Legitimates Filtered in 00mn 01s
---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{8b599d3d-fe80-11e1-84d3-c485083917b8}\AutoRun\command. (...) -- X:\start.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\NavX-Sync [Key] . (...) -- :"D:\Applis\M-O\Navx\Sync\NavxSync.exe (.not file.)
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "HideSCAHealth"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:05/12/2011 - 01:22:58 ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) -- C:\Windows\System32\Drivers\AmpPal.sys [195584]
O58 - SDL:21/10/2011 - 14:13:54 ----- . (...) -- C:\Windows\System32\Drivers\AQFileRestore.sys [21040]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:09/07/2009 - 10:24:30 ---A- . (.H+H Software GmbH - H+H CDROM Helper 64-Bit Driver.) -- C:\Windows\System32\Drivers\HH10Help.sys [24088]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:15/08/2014 - 23:35:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:17/06/2008 - 08:22:24 ---A- . (.H+H Software GmbH - Virtual CD - BusEnumerator 64-Bit Driver.) -- C:\Windows\System32\Drivers\vcd10bus.sys [40464]
O58 - SDL:19/04/2011 - 07:53:32 ---A- . (.H+H Software GmbH - Virtual CD - XP/2003/Vista/Win7 Driver 64-Bit.) -- C:\Windows\System32\Drivers\vdrv1000.sys [223256]
O58 - SDL:17/03/2009 - 16:37:12 ---A- . (.H+H Software GmbH - Virtual CD - XP / 2003 / Vista Driver 64-Bit.) -- C:\Windows\System32\Drivers\vdrv9000.sys [129048]
O58 - SDL:29/07/2011 - 12:54:56 ---A- . (...) -- C:\Windows\System32\epmntdrv.sys [16776]
O58 - SDL:29/07/2011 - 12:54:56 ---A- . (...) -- C:\Windows\System32\EuGdiDrv.sys [9096]
O58 - SDL:30/09/2013 - 16:26:50 ----- . (...) -- C:\Windows\System32\pwdrvio.sys [19152]
O58 - SDL:30/09/2013 - 16:26:48 ----- . (...) -- C:\Windows\System32\pwdspio.sys [12504]
O58 - SDL:25/07/2012 - 19:30:30 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AQFileRestore.sys [21120]
O58 - SDL:15/11/2000 - 13:32:38 ---A- . (...) -- C:\Windows\SysWOW64\drivers\UNINST2K.SYS [2204]
O58 - SDL:29/07/2011 - 12:54:56 ---A- . (...) -- C:\Windows\SysWOW64\epmntdrv.sys [14216]
O58 - SDL:29/07/2011 - 12:54:56 ---A- . (...) -- C:\Windows\SysWOW64\EuGdiDrv.sys [8456]
~ Drivers: 125 Legitimates Filtered in 00mn 01s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
~ Legacy: 121 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.3B67C4FD14BE2E8E16488DBE31294653] [SPRF][25/08/2006] (...) -- C:\Users\Admin\Desktop\ClearTray.reg [328]
[MD5.ACF06DAF60522C8A1BD3D8C25D81E83C] [SPRF][18/01/2012] (...) -- C:\Users\Admin\Desktop\Reload.bat [51]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{35A1071C-E0C4-49B0-BFA7-52C01F975617}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- D:\Applis\T-V\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{43695BD3-511F-4FFE-A136-4806F18129DE}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- D:\Applis\T-V\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "23C4347565D20073677A7A857BC0A060" . (.Ask Toolbar.) -- C:\windows\Installer\{57434C32-2D56-3700-76A7-A758B70C0A06}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 1 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.44D05F26969FD1BDA752EBD991EF2A4D] [WIS][04/04/2014] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\5796449.msi [464384] =>Toolbar.Avira
~ WIS: 1 Legitimates Filtered in 00mn 07s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 25/07/2012 311544 | (.AVQWindowsMonitorService) . (.Avanquest Software.) - C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe
SS - | Disabled 22/02/2014 3898360 | (afcdpsrv) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
SS - | Disabled 25/07/2012 80816 | (AQFileRestoreSrv) . (.Avanquest Software.) - C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe
SS - | Demand 22/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Disabled 25/07/2012 532952 | (Fix-It Task Manager) . (.Avanquest Software.) - C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe
SS - | Demand 03/06/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
SS - | Auto 12/11/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 12/11/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/12/2011 273168 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 16/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Demand 01/12/2012 890216 | (nvsvc) . (.NVIDIA Corporation.) - C:\windows\system32\nvvsvc.exe
SS - | Demand 02/05/2014 1141848 | (RealPlayer Cloud Service) . (.RealNetworks, Inc..) - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
SS - | Disabled 10/02/2013 3808960 | (SafeIPS) . (.SafeIP.) - D:\Applis\P-S\SafeIP\SafeIPs.exe
SS - | Demand 18/04/2013 737616 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 21/10/2013 3018800 | (SWUpdateService) . (.Samsung Electronics CO., LTD..) - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
SS - | Demand 01/03/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 08/12/2011 594704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
SR - | Auto 18/07/2013 1143368 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
SR - | Auto 05/12/2011 659968 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SR - | Auto 19/01/2015 77128 | (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 18/06/2012 1095616 | (Bluetooth Device Monitor) . (.Motorola Solutions, Inc..) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Auto 18/06/2012 1333184 | (Bluetooth Media Service) . (.Motorola Solutions, Inc..) - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
SR - | Auto 18/06/2012 1124288 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 25/01/2010 245760 | (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files (x86)\Browny02\BrYNSvc.exe
SR - | Auto 05/12/2011 135952 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 20/08/2004 28672 | C:\Program Files (x86)\FDD_FM~1\CZFMDSER.exe (CZFMDSER.EXE) . (...) - C:\Program Files (x86)\FDD + FMD Combo Reader\Czfmdser.exe
SR - | Auto 01/04/2011 2635088 | (Diskeeper) . (.Diskeeper Corporation.) - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
SR - | Auto 08/12/2011 618256 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 23/09/2011 79664 | (ExpressCache) . (.Diskeeper Corporation.) - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
SR - | Auto 13/01/2014 9216 | (FreemakeVideoCapture) . (.Ellora Assets Corp..) - D:\Applis\D-F\Freemake\CaptureLib\CaptureLibService.exe
SR - | Auto 19/11/2012 14904 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 27/07/2012 636952 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 23/08/2012 129824 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 27/01/2015 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 23/08/2012 165664 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 22/10/2012 277792 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 21/11/2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - D:\Applis\0-C\AM\MalwarebytesAnti-Malware\mbamscheduler.exe
SR - | Auto 21/11/2014 969016 | (MBAMService) . (.Malwarebytes Corporation.) - D:\Applis\0-C\AM\MalwarebytesAnti-Malware\mbamservice.exe
SR - | Auto 05/12/2012 143928 | (MCLIENT) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
SR - | Auto 21/09/2014 265040 | (N360) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe
SR - | Auto 01/03/2011 27648 | C:\windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 148752 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 16/05/2012 117760 | (RXAPI) . (.Rexx Language Association.) - C:\Program Files\ooRexx\rxapi.exe
SR - | Auto 13/02/2012 31624 | (SamsungDeviceConfigurationWinService) . (...) - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
SR - | Auto 04/02/2014 7151024 | (syncagentsrv) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
SR - | Auto 09/02/2015 5436176 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
SR - | Auto 22/10/2012 364832 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 20/05/2011 144712 | (VC10SecS) . (.H+H Software GmbH.) - D:\Applis\T-V\VCDv10\System\VC10SecS.exe
SR - | Auto 02/11/2013 1042808 | (WDBackup) . (.Western Digital Technologies, Inc..) - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
SR - | Auto 02/11/2013 270704 | (WDDriveService) . (.Western Digital Technologies, Inc..) - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 01/03/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (19/02/2015)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 5
[HKLM\Software\Google\Chrome\Extensions\jpnbcnjminaklpgemhabgehipdlpcono] =>Hijacker.FreehdsportTV^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{57434C32-2D56-3700-76A7-A758B70C0A06}] =>Toolbar.Avira^
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbcnjminaklpgemhabgehipdlpcono =>Hijacker.FreehdsportTV^
D:\Applis\T-V\VCDv10\System\VC10Tray.exe =>PUP.QuickStart^
[HKCU\Software\Beamrise] =>Hijacker.Beamrise^
[HKCU\Software\SecretSauce] =>Adware.SecretSauce^
[HKLM\Software\Wow6432Node\SecretSauce] =>Adware.SecretSauce^
C:\Windows\Installer\5796449.msi =>Toolbar.Avira^
~ Additionnel Scan: 378186 Items scanned in 00mn 29s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-quickstart =>PUP.QuickStart
http://nicolascoolman.fr/hijacker-freehdsporttv =>Hijacker.FreehdsportTV
http://www.nicolascoolman.fr/blog/ =>PUP.ApplianTechnologies
http://nicolascoolman.fr/hijacker-beamrise =>Hijacker.Beamrise
http://nicolascoolman.fr/adware-secretsauce =>Adware.SecretSauce
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
~ MSI: 6 link(s) detected in 00mn 00s
~ 1299 Legitimates filtered by white list
End of the scan (621 lines in 01mn 39s)(0.11)