Windows est lent au demarrage
Résolu/Fermé
yoyo5406
Messages postés
151
Date d'inscription
mardi 30 octobre 2012
Statut
Membre
Dernière intervention
1 juillet 2020
-
9 août 2014 à 20:51
yoyo5406 Messages postés 151 Date d'inscription mardi 30 octobre 2012 Statut Membre Dernière intervention 1 juillet 2020 - 10 août 2014 à 09:11
yoyo5406 Messages postés 151 Date d'inscription mardi 30 octobre 2012 Statut Membre Dernière intervention 1 juillet 2020 - 10 août 2014 à 09:11
A voir également:
- Windows est lent au demarrage
- Pc lent au démarrage - Guide
- Programme au démarrage windows 10 - Guide
- Problème démarrage windows 10 - Guide
- Reinitialiser pc au demarrage - Guide
- Forcer demarrage pc - Guide
14 réponses
Utilisateur anonyme
9 août 2014 à 20:56
9 août 2014 à 20:56
Bonsoir
Pour de plus amples informations, fait ceci stp
Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :
https://nicolascoolman.eu
Ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
Une fois le téléchargement achevé,
Double-clique sur l'icône pour lancer le programme. Sous Vista ; Seven ou Windows 8 clic droit « exécuter en tant que administrateur »
Dans la fenêtre ZHPDiag qui vient de s'ouvrir, clique sur "Configurer"
Clique sur la loupe en bas à gauche avec le signe plus pour lancer l'analyse.
Laisse l'outil travailler, il peut être assez long.
Un rapport s'ouvre. Ce rapport se trouve également sur ton bureau
Pour transmettre le rapport clique sur ce lien:
http://pjjoint.malekal.com/
Si problème utilise un des suivants
https://forums-fec.be/upload
https://www.cjoint.com/
Regarde sur le bureau
Sélectionne le fichier ZHPDiag.txt.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.com/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Merci
@+
Pour de plus amples informations, fait ceci stp
Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :
https://nicolascoolman.eu
Ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
Une fois le téléchargement achevé,
Double-clique sur l'icône pour lancer le programme. Sous Vista ; Seven ou Windows 8 clic droit « exécuter en tant que administrateur »
Dans la fenêtre ZHPDiag qui vient de s'ouvrir, clique sur "Configurer"
Clique sur la loupe en bas à gauche avec le signe plus pour lancer l'analyse.
Laisse l'outil travailler, il peut être assez long.
Un rapport s'ouvre. Ce rapport se trouve également sur ton bureau
Pour transmettre le rapport clique sur ce lien:
http://pjjoint.malekal.com/
Si problème utilise un des suivants
https://forums-fec.be/upload
https://www.cjoint.com/
Regarde sur le bureau
Sélectionne le fichier ZHPDiag.txt.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.com/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Merci
@+
yoyo5406
Messages postés
151
Date d'inscription
mardi 30 octobre 2012
Statut
Membre
Dernière intervention
1 juillet 2020
2
9 août 2014 à 22:06
9 août 2014 à 22:06
Merci beaucoup , voila le rapport :
https://pjjoint.malekal.com/files.php?id=20140809_j10t1213n11n14
https://pjjoint.malekal.com/files.php?id=20140809_j10t1213n11n14
Utilisateur anonyme
9 août 2014 à 22:08
9 août 2014 à 22:08
Re
Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Scanner] puis patiente le temps du scan.
Une fois le scan terminé clique sur le bouton [Nettoyer]
Patiente durant le nettoyage. Lis le message qui apparaît, puis clique sur Ok . Le PC va être redémarré automatiquement et le rapport s'ouvrira à la fin du redémarrage.
Poste le rapport
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
A lire :
Les programmes potentiellement indésirables :
https://www.malekal.com/adwares-pup-protection/
Les toolbars, c'est pas obligatoire ( par Malekal ) :https://forum.malekal.com/viewtopic.php?t=6173&start=
@+
Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Scanner] puis patiente le temps du scan.
Une fois le scan terminé clique sur le bouton [Nettoyer]
Patiente durant le nettoyage. Lis le message qui apparaît, puis clique sur Ok . Le PC va être redémarré automatiquement et le rapport s'ouvrira à la fin du redémarrage.
Poste le rapport
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
A lire :
Les programmes potentiellement indésirables :
https://www.malekal.com/adwares-pup-protection/
Les toolbars, c'est pas obligatoire ( par Malekal ) :https://forum.malekal.com/viewtopic.php?t=6173&start=
@+
yoyo5406
Messages postés
151
Date d'inscription
mardi 30 octobre 2012
Statut
Membre
Dernière intervention
1 juillet 2020
2
9 août 2014 à 22:20
9 août 2014 à 22:20
Le rapport de AdwCleaner :
# AdwCleaner v3.304 - Report created 09/08/2014 at 23:15:39
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Yoni - YONI-PC
# Running from : C:\Users\Yoni\Downloads\adwcleaner_3.304.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622
[#] Service Deleted : SystemkService
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\ProgramData\systemk
[!] Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Users\Yoni\AppData\Local\Conduit
Folder Deleted : C:\Users\Yoni\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Yoni\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\Yoni\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Yoni\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Yoni\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Yoni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
File Deleted : C:\END
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\SystemK
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\SystemK
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v36.0.1985.125
[ File : C:\Users\Yoni\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13437&tm=419&src=ds&p={searchTerms}
Deleted [Extension] : fjbbjfdilbioabojmcplalojlmdngbjl
*************************
AdwCleaner[R0].txt - [6201 octets] - [09/08/2014 23:15:08]
AdwCleaner[S0].txt - [5663 octets] - [09/08/2014 23:15:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5723 octets] ##########
Ca a l'air d'avoir marche car le redemarrage a dure 30 secondes LOL
Merci beaucoup !!!
# AdwCleaner v3.304 - Report created 09/08/2014 at 23:15:39
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Yoni - YONI-PC
# Running from : C:\Users\Yoni\Downloads\adwcleaner_3.304.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622
[#] Service Deleted : SystemkService
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\ProgramData\systemk
[!] Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Users\Yoni\AppData\Local\Conduit
Folder Deleted : C:\Users\Yoni\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Yoni\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\Yoni\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Yoni\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Yoni\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Yoni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
File Deleted : C:\END
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\SystemK
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\SystemK
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v36.0.1985.125
[ File : C:\Users\Yoni\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13437&tm=419&src=ds&p={searchTerms}
Deleted [Extension] : fjbbjfdilbioabojmcplalojlmdngbjl
*************************
AdwCleaner[R0].txt - [6201 octets] - [09/08/2014 23:15:08]
AdwCleaner[S0].txt - [5663 octets] - [09/08/2014 23:15:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5723 octets] ##########
Ca a l'air d'avoir marche car le redemarrage a dure 30 secondes LOL
Merci beaucoup !!!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
9 août 2014 à 22:23
9 août 2014 à 22:23
Re
Télécharge Malwaresbytes anti malware ici
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
--->> Installe le (choisis bien français ); ne modifie pas les paramètres d'installe
--->> Décoche la case Activer l'essai gratuit de Malwarebytes Anti-Malware Premium à la fin de l'installation
--->> /!\ Utilisateurs de Vista/7/8/8.1 : faire un clic droit sur le raccourci de MalwareBytes' Anti-Malware et choisir Exécuter en tant qu'administrateur
--->> Clique sur Mettre à jour dans le Tableau de bord afin de mettre à jour la base de données.
--->> Dans l'onglet Examen, sélectionnez Examen Menaces puis clique sur Examiner maintenant.
--->> Une fois le scan terminé, clique sur Tout mettre en quarantaine puis sur Appliquez les actions
--->> (Si un message demande de redémarrer le PC pour terminer la suppression, accepte)
--->> Le rapport est disponible dans Historique > Journaux de l'application. (Choisis bien le dernier en date
Tu sélectionnes le fichier et tu demandes l'affichage
En bas à gauche un bouton exporter ; tu cliques dessus et tu choisis fichier texte et tu choisis ensuite ou l'enregistrer pour ensuite pouvoir le poster dans ta prochaine réponse
Merci
@+
Télécharge Malwaresbytes anti malware ici
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
--->> Installe le (choisis bien français ); ne modifie pas les paramètres d'installe
--->> Décoche la case Activer l'essai gratuit de Malwarebytes Anti-Malware Premium à la fin de l'installation
--->> /!\ Utilisateurs de Vista/7/8/8.1 : faire un clic droit sur le raccourci de MalwareBytes' Anti-Malware et choisir Exécuter en tant qu'administrateur
--->> Clique sur Mettre à jour dans le Tableau de bord afin de mettre à jour la base de données.
--->> Dans l'onglet Examen, sélectionnez Examen Menaces puis clique sur Examiner maintenant.
--->> Une fois le scan terminé, clique sur Tout mettre en quarantaine puis sur Appliquez les actions
--->> (Si un message demande de redémarrer le PC pour terminer la suppression, accepte)
--->> Le rapport est disponible dans Historique > Journaux de l'application. (Choisis bien le dernier en date
Tu sélectionnes le fichier et tu demandes l'affichage
En bas à gauche un bouton exporter ; tu cliques dessus et tu choisis fichier texte et tu choisis ensuite ou l'enregistrer pour ensuite pouvoir le poster dans ta prochaine réponse
Merci
@+
yoyo5406
Messages postés
151
Date d'inscription
mardi 30 octobre 2012
Statut
Membre
Dernière intervention
1 juillet 2020
2
9 août 2014 à 22:42
9 août 2014 à 22:42
Malwarebytes Anti-Malware
www.malwarebytes.org
Date de l'examen: 8/9/2014
Heure de l'examen: 11:27:54 PM
Fichier journal: Rapport Malwaresbytes.txt
Administrateur: Oui
Version: 2.00.2.1012
Base de données Malveillants: v2014.08.09.06
Base de données Rootkits: v2014.08.04.01
Licence: Gratuite
Protection contre les malveillants: Désactivé(e)
Protection contre les sites Web malveillants: Désactivé(e)
Self-protection: Désactivé(e)
Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Yoni
Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 321561
Temps écoulé: 7 min, 35 sec
Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Désactivé(e)
Heuristics: Activé(e)
PUP: Activé(e)
PUM: Activé(e)
Processus: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Clés du Registre: 3
PUP.Optional.SystemK.A, HKLM\SOFTWARE\WOW6432NODE\SystemK, Mis en quarantaine, [e9a1d4f0ea9173c32124d504fd05de22],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cflheckfmhopnialghigdlggahiomebp, Mis en quarantaine, [b4d6dee6007b34026f1db62ba26042be],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK\General, Mis en quarantaine, [18723292abd00a2c9f7a74832cd69967],
Valeurs du Registre: 1
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK|browser, ie ff cr, Mis en quarantaine, [49419e2668139f9728f250a77e84ff01]
Données du Registre: 0
(No malicious items detected)
Dossiers: 3
PUP.Optional.Conduit.A, C:\Users\Yoni\AppData\Local\Temp\ct3289075, Mis en quarantaine, [6525a123cdae92a4ba76842f55ad14ec],
PUP.Optional.Conduit.A, C:\Users\Yoni\AppData\Local\Temp\TestIfExeExist\CT3289075, Mis en quarantaine, [5d2d0bb913688aac1fe3645658aa8878],
PUP.Optional.Conduit.A, C:\Users\Yoni\AppData\Local\Temp\TestIfExeExist\CT3289075\nativeMessaging, Mis en quarantaine, [5d2d0bb913688aac1fe3645658aa8878],
Fichiers: 1
PUP.Optional.OpenCandy, C:\Users\Yoni\AppData\Local\Temp\DTLite4491-0356.exe, Mis en quarantaine, [2169f1d3c3b8e056dbd664898282738d],
Secteurs physiques: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Date de l'examen: 8/9/2014
Heure de l'examen: 11:27:54 PM
Fichier journal: Rapport Malwaresbytes.txt
Administrateur: Oui
Version: 2.00.2.1012
Base de données Malveillants: v2014.08.09.06
Base de données Rootkits: v2014.08.04.01
Licence: Gratuite
Protection contre les malveillants: Désactivé(e)
Protection contre les sites Web malveillants: Désactivé(e)
Self-protection: Désactivé(e)
Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Yoni
Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 321561
Temps écoulé: 7 min, 35 sec
Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Désactivé(e)
Heuristics: Activé(e)
PUP: Activé(e)
PUM: Activé(e)
Processus: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Clés du Registre: 3
PUP.Optional.SystemK.A, HKLM\SOFTWARE\WOW6432NODE\SystemK, Mis en quarantaine, [e9a1d4f0ea9173c32124d504fd05de22],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cflheckfmhopnialghigdlggahiomebp, Mis en quarantaine, [b4d6dee6007b34026f1db62ba26042be],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK\General, Mis en quarantaine, [18723292abd00a2c9f7a74832cd69967],
Valeurs du Registre: 1
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK|browser, ie ff cr, Mis en quarantaine, [49419e2668139f9728f250a77e84ff01]
Données du Registre: 0
(No malicious items detected)
Dossiers: 3
PUP.Optional.Conduit.A, C:\Users\Yoni\AppData\Local\Temp\ct3289075, Mis en quarantaine, [6525a123cdae92a4ba76842f55ad14ec],
PUP.Optional.Conduit.A, C:\Users\Yoni\AppData\Local\Temp\TestIfExeExist\CT3289075, Mis en quarantaine, [5d2d0bb913688aac1fe3645658aa8878],
PUP.Optional.Conduit.A, C:\Users\Yoni\AppData\Local\Temp\TestIfExeExist\CT3289075\nativeMessaging, Mis en quarantaine, [5d2d0bb913688aac1fe3645658aa8878],
Fichiers: 1
PUP.Optional.OpenCandy, C:\Users\Yoni\AppData\Local\Temp\DTLite4491-0356.exe, Mis en quarantaine, [2169f1d3c3b8e056dbd664898282738d],
Secteurs physiques: 0
(No malicious items detected)
(end)
yoyo5406
Messages postés
151
Date d'inscription
mardi 30 octobre 2012
Statut
Membre
Dernière intervention
1 juillet 2020
2
9 août 2014 à 23:27
9 août 2014 à 23:27
~ Report of ZHPDiag v2014.8.9.115 - Nicolas Coolman (8/9/2014)
~ Launched by Yoni (8/10/2014 12:23:00 AM)
~ Web site address : https://nicolascoolman.eu
~ Web forum address : https://nicolascoolman.eu
~ Translated by
~ Version State : New version available
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program
---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v36.0.1985.125 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft Security Client v4.5.0216.0
Spybot - Search & Destroy v2.2.25
Windows Defender W7 (Deactivate)
---\\ System optimization software
CCleaner v4.12
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 14 ActiveX
Adobe Reader XI
Java 7 Update 55
---\\ Information on the system
~ Processor: AMD64 Family 21 Model 1 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8173.2 MB (65% free)
System Restore: Activé (Enable)
System drive C: has 31 GB (28%) free of 112 GB
---\\ Connection to the system mode
~ Computer Name: YONI-PC
~ User Name: Yoni
~ All Users Names: Yoni, Guest, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Yoni\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Yoni\AppData\Roaming\
~ %Desktop% : C:\Users\Yoni\Desktop\
~ %Favorites% : C:\Users\Yoni\Favorites\
~ %LocalAppData% : C:\Users\Yoni\AppData\Local\
~ %StartMenu% : C:\Users\Yoni\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 31 Go of 112 Go)
D: CD-ROM drive (Free 0 Go of 0 Go)
E: Hard drive, Flash drive, Thumb drive (Free 152 Go of 466 Go)
I: Hard drive, Flash drive, Thumb drive (Free 110 Go of 111 Go)
J: Hard drive, Flash drive, Thumb drive (Free 1140 Go of 2676 Go)
L: Hard drive, Flash drive, Thumb drive (Free 88 Go of 1397 Go)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn AMs
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 8:19:30 AM.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/14/2009 - 3:39:52 AM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/19/2014 - 12:58:27 AM.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Windows Logon Application.) (.3/4/2014 - 11:43:50 AM.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.11/20/2010 - 3:27:26 PM.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.5/30/2014 - 8:45:52 AM.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 3:52:21 AM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 1:19:47 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 11:19:21 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 11:26:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 12:43:43 PM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.7/14/2009 - 1:19:57 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 2:10:03 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 4:40:40 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 11:23:20 AM.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT File System Driver.) (.1/24/2014 - 4:37:55 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.7/14/2009 - 2:00:41 AM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/20/2010 - 12:52:35 PM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/20/2010 - 1:06:41 PM.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 2:09:09 AM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 11:21:56 AM.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.11/20/2010 - 3:34:02 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn AMs
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/321
~ Mes musiques (My Musics) : 1/225
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/13
~ Mon Bureau (My Desktop) : 1/866
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn AMs
---\\ Process running
[MD5.05470C684B62C2F86325D8685E4513CB] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104] [PID.4448]
[MD5.208270C9AD3E82F6ABAC870F950E5F0D] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe [13246272] [PID.4540]
[MD5.3C28E91A1EC070E85581CD18AF030A0F] - (.RemoteMouse.net - Remote Mouse.) -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [1200640] [PID.4368]
[MD5.3433CF435F84B24965A8202118F41A7A] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe [1322832] [PID.4088] =>P2P.BitTorrent
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.6824]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.7756]
[MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.7820]
[MD5.8FE3F8F7D706379201ADA76BECC6ACFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8088576] [PID.7548]
[MD5.D2230317777033CD0456990BFC4994E5] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936] [PID.952]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2012]
[MD5.6B73E94F9FE82D45781B8C8A09483082] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.2036]
[MD5.28A30DEBE0C7E223BCBBECCD6B059779] - (.Leap Motion, Inc. - Leap Motion Service.) -- C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc.exe [4378928] [PID.1944]
[MD5.45D6780D0525D7BC29E2E3605CA73C18] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608] [PID.2228]
[MD5.17BA037B7292E53B060BA4BBBB6EEC65] - (.Popcorn Time - Popcorn Time Updater.) -- C:\Program Files (x86)\Popcorn Time\PopcornTimeUpdater.exe [210944] [PID.2424]
[MD5.E3D78F6FE54B27DE451E350AC908E8B4] - (.Ralink Technology, Corp. - RalinkRegistryWriter.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [391472] [PID.2448]
[MD5.98EF79CC2B07398AC525F9EA1AE0366F] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880] [PID.2660]
[MD5.5CEF407E235885DB5421DF79C843F2DF] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [5052224] [PID.1628]
[MD5.08E2C72275EEB2E74575D8176CC08EA6] - (.VMware, Inc. - VMware NAT Service.) -- C:\Windows\SysWOW64\vmnat.exe [437976] [PID.2876]
[MD5.C50B1A397F35908EEA98C964E77A6A97] - (.Western Digital Technologies, Inc. - WD Drive Service.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312] [PID.2732]
[MD5.14BF6B3AB327D519ED007CDDC56F6900] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272] [PID.3120]
[MD5.820EBE67AB99F033FDE25B2692157991] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416] [PID.3500]
[MD5.D07589E4434BD14E192ACED6C398B0CB] - (.VMware, Inc. - VMware Authorization Service.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [86744] [PID.3528]
[MD5.C04DA837FBC636DC88A2ACAEDB4E95F6] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\Windows\SysWOW64\vmnetdhcp.exe [359128] [PID.3548]
[MD5.75600442AF2C8303FC7199E360334873] - (.Western Digital Technologies, Inc. - WD Backup Engine.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808] [PID.3604]
[MD5.81BC96818A1A718342B5A03BA34AED2A] - (...) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384] [PID.3652]
[MD5.74E25070B7D39D01D4C9C8A5760C73BE] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe [229696] [PID.4952]
[MD5.885EFCCE95E428EEFF4957DDEAD7A4C1] - (.Popcorn Time - Popcorn Time Setup.) -- C:\Windows\TEMP\setC753.tmp.exe [301988] [PID.5956]
~ Processes Running: Scanned in 01mn AMs
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Yoni\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] https://www.default-search.net/ =>Hijacker.Browsers
G2 - GCE: Preference [User Data\Default] [agibflpbghgmiinfaefgnldmfajdance] Assassin's Creed IV Black Flag v.1.2 (Activé)
G2 - GCE: Preference [User Data\Default] [cflheckfmhopnialghigdlggahiomebp] uTorrentControl_v6 v.10.26.7.19, (Désactivé) =>PUP.UTorrentControl
G2 - GCE: Preference [User Data\Default] [fkepacicchenbjecpbpbclokcabebhah] iCloud Bookmarks v.1.2.12 (Activé)
G2 - GCE: Preference [User Data\Default] [gjndloejlcbpkholmagjbddfkjmmploh] IP Address v.1.10, (Désactivé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 26 Legitimates Filtered in 12mn AMs
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 21
---\\ Other User Links (O4)
O4 - GS\QuickLaunch [Yoni]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 08mn AMs
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Remote Mouse] . (.RemoteMouse.net - Remote Mouse.) -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [AdobeBridge] Orphan key
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1530979289-3737580495-1892298145-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-1530979289-3737580495-1892298145-1000\..\Run: [Remote Mouse] . (.RemoteMouse.net - Remote Mouse.) -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
O4 - HKUS\S-1-5-21-1530979289-3737580495-1892298145-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-21-1530979289-3737580495-1892298145-1000\..\Run: [AdobeBridge] Orphan key
O4 - HKUS\S-1-5-21-1530979289-3737580495-1892298145-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn AMs
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~4\Office15\ONBttnIE.dll (.not file.)
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~4\Office15\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn AMs
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E716000-4FFE-4AFC-983C-63D1D090CA17}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0D574F5-7100-466D-A9B5-6ABD7D253908}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{7E716000-4FFE-4AFC-983C-63D1D090CA17}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0D574F5-7100-466D-A9B5-6ABD7D253908}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{7E716000-4FFE-4AFC-983C-63D1D090CA17}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0D574F5-7100-466D-A9B5-6ABD7D253908}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{EB94A8F6-BCC8-4C43-BC2A-F9B42E0C468F}: DhcpNameServer = 192.168.81.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F269D02F-CD25-41F6-B26A-99AE6D4E81F4}: DhcpNameServer = 192.168.184.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{EB94A8F6-BCC8-4C43-BC2A-F9B42E0C468F}: DhcpDomain = localdomain
O17 - HKLM\System\CS2\Services\Tcpip\..\{F269D02F-CD25-41F6-B26A-99AE6D4E81F4}: DhcpDomain = localdomain
~ Domain: Scanned in 00mn AMs
---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Leap Service (LeapService) . (.Leap Motion, Inc. - Leap Motion Service.) - C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc.exe
O23 - Service: (Popcorn Time Updater) . (.Popcorn Time - Popcorn Time Updater.) - C:\Program Files (x86)\Popcorn Time\PopcornTimeUpdater.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 26 Legitimates Filtered in 05mn AMs
---\\ Session Manager Key (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x64) . (...) -- c:\program files (x86)\settings manager\systemk\x64\sysapcrt.dll =>PUP.SystemK
O36 - AppCertDlls: (x86) . (...) -- c:\program files (x86)\settings manager\systemk\sysapcrt.dll =>PUP.SystemK
~ Keys: Scanned in 00mn AMs
---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [DriverToolkit Autorun] (...) -- C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4F11C0BE-F2E4-4EA5-9A56-8B936C6F29BA}] (...) -- C:\Users\Yoni\Downloads\ccsetup412.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: DriverToolkit Autorun - (...) -- C:\Windows\Tasks\DriverToolkit Autorun.job [356]
O39 - APT: DriverToolkit Autorun - (...) -- C:\Windows\System32\Tasks\DriverToolkit Autorun [356]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [890]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [894]
~ Scheduled Task: 16 Legitimates Filtered in 02mn AMs
---\\ Software installed (O42)
O42 - Logiciel: Popcorn Time - (.Popcorn Time.) [HKLM][64Bits] -- Popcorn Time_is1
O42 - Logiciel: SqliteBrowser3 - (.oldsch00l.) [HKLM][64Bits] -- SqliteBrowser3
~ Logic: 22 Legitimates Filtered in 00mn AMs
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Flow Studio]
[HKCU\Software\RTimage]
[HKCU\Software\SOG]
[HKCU\Software\int3]
[HKCU\Software\sqlitebrowser]
[HKLM\Software\Wow6432Node\Debian]
[HKLM\Software\Wow6432Node\oldsch00l]
~ Key Software: 289 Legitimates Filtered in 00mn AMs
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 7/2/2014 - 12:12:22 AM - [] ----D C:\Program Files (x86)\Leap Motion
O43 - CFD: 6/18/2014 - 10:42:07 AM - [] ----D C:\Program Files (x86)\Popcorn Time
O43 - CFD: 8/1/2014 - 3:29:22 PM - [] ----D C:\Program Files (x86)\SqliteBrowser3
O43 - CFD: 4/22/2014 - 2:19:20 PM - [] ----D C:\ProgramData\Leap Motion
O43 - CFD: 8/9/2014 - 11:17:48 PM - [] ----D C:\ProgramData\systemk =>PUP.SystemK
O43 - CFD: 5/27/2014 - 11:03:31 PM - [0] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 3/30/2014 - 7:40:08 PM - [] ----D C:\Users\Yoni\AppData\Roaming\AirspaceApps
O43 - CFD: 3/30/2014 - 7:23:24 PM - [] ----D C:\Users\Yoni\AppData\Roaming\Leap Motion
O43 - CFD: 6/11/2014 - 5:28:16 PM - [] ----D C:\Users\Yoni\AppData\Local\23E91766-F511-4816-8A0F-FB0497A81F3D.aplzod
O43 - CFD: 5/18/2014 - 5:40:49 PM - [] ----D C:\Users\Yoni\AppData\Local\Airspace
O43 - CFD: 3/30/2014 - 7:40:06 PM - [] ----D C:\Users\Yoni\AppData\Local\AirspaceApps
O43 - CFD: 6/24/2014 - 3:22:26 PM - [0] ----D C:\Users\Yoni\AppData\Local\pangu
O43 - CFD: 7/25/2014 - 4:34:55 AM - [] ----D C:\Users\Yoni\AppData\Local\Slingshot
O43 - CFD: 3/30/2014 - 7:22:20 PM - [] ----D C:\Users\Yoni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Leap Motion
~ Program Folder: 187 Legitimates Filtered in 00mn AMs
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{edb08ced-b910-11e3-bd15-005056c00008}\AutoRun\command. (...) -- I:\OriginInstaller.exe (.not file.)
~ Keys: Scanned in 00mn AMs
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Leap Control Panel [Key] . (.Leap Motion, Inc. - Leap Motion Control Panel.) -- C:\Program Files (x86)\Leap Motion\Core Services\LeapControlPanel.exe
O53 - SMSR:HKLM\...\startupreg\Lycosa [Key] . (...) -- C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\RzWizard [Key] . (...) -- C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 24 Legitimates Filtered in 02mn AMs
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn AMs
---\\ System Drivers List (SDL) (O58)
O58 - SDL:7/14/2009 - 3:47:48 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:7/17/2013 - 1:23:50 PM ---A- . (.Etron Technology Inc - Etron eXtensible Hub Driver..) -- C:\Windows\System32\Drivers\EtronHub3.sys [65408]
O58 - SDL:7/17/2013 - 1:23:46 PM ---A- . (.Etron Technology Inc - Etron eXtensible Host Controller Driver..) -- C:\Windows\System32\Drivers\EtronXHCI.sys [94208]
O58 - SDL:6/10/2009 - 10:31:59 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:9/29/2010 - 7:45:22 PM ---A- . (.Windows (R) Win 7 DDK provider - Filter Driver for HID-KMDF Interface.) -- C:\Windows\System32\Drivers\hidkmdf.sys [6656]
O58 - SDL:7/27/2014 - 11:46:57 PM ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [381440]
O58 - SDL:7/14/2009 - 3:45:55 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:3/18/2013 - 3:51:08 PM ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:9/30/2010 - 11:16:34 PM ---A- . (.Windows (R) Win 7 DDK provider - HID mini driver for USB Fx2 Device.) -- C:\Windows\System32\Drivers\VKbms.sys [13312]
~ Drivers: 79 Legitimates Filtered in 00mn AMs
---\\ Last modified or created user files (O61)
O61 - LFC: 8/9/2014 - 12:25:06 AM ---A- . (...) -- C:\Users\Yoni\Desktop\adwcleaner_3.304.exe [1366203]
~ 2668 Fichiers temporaires (Temporary files)
~ 11 Fichiers cookies (Cookies files)
~ Files: 14 Legitimates Filtered in 17mn AMs
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} - (default-search.net) - https://www.default-search.net/ =>Hijacker.Browsers
~ Keys: Scanned in 00mn AMs
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.9D46D72131D0E36A79D4819F08EA0E0B] [SPRF][8/9/2014] (...) -- C:\Users\Yoni\Desktop\adwcleaner_3.304.exe [1366203]
~ Files: 1 Legitimates Filtered in 00mn AMs
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{02DA0EEB-DA5C-41FC-8083-F227D3867CCD}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{4C5FB0D2-DDC0-4D3B-A53E-F7C2A83031C1}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 02mn AMs
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 126 Legitimates Filtered in 00mn AMs
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 7/9/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 3/30/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 3/30/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 8/1/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 7/6/2012 1863680 | (RaMediaServer) . (.Ralink.) - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
SS - | Auto 4/3/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 2/19/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 7/14/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/21/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 6/12/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 8/30/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 6/26/2014 4378928 | (LeapService) . (.Leap Motion, Inc..) - C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc.exe
SR - | Auto 4/1/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 3/11/2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 7/25/2014 1720608 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 7/25/2014 18956064 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 7/2/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 5/22/2014 210944 | (Popcorn Time Updater) . (.Popcorn Time.) - C:\Program Files (x86)\Popcorn Time\PopcornTimeUpdater.exe
SR - | Auto 6/26/2013 391472 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
SR - | Auto 6/26/2013 452912 | (RalinkRegistryWriter64) . (.Ralink Technology, Corp..) - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
SR - | Auto 10/15/2013 3921880 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 9/20/2013 1042272 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 9/13/2013 171416 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 7/2/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 8/6/2014 5052224 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 4/14/2014 86744 | (VMAuthdService) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe =>.VMware, Inc
SR - | Auto 7/10/1658 0 | (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\system32\vmnetdhcp.exe
SR - | Auto 2/27/2014 906432 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
SR - | Auto 7/10/1658 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe
SR - | Auto 4/14/2014 14407384 | (VMwareHostd) . (...) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe =>.VMware, Inc
SR - | Auto 6/2/2014 1042808 | (WDBackup) . (.Western Digital Technologies, Inc..) - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
SR - | Auto 6/2/2014 296312 | (WDDriveService) . (.Western Digital Technologies, Inc..) - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
SR - | Demand 7/10/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 7/14/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 07mn AMs
---\\ Search Master Boot Record Infection (MBR)(O80)
Run by Yoni at 8/10/2014 12:25:50 AM
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn AMs
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Yoni at 8/10/2014 12:25:52 AM
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 02mn AMs
---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:7/27/2014 - 11:46:57 PM ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [381440]
~ Emulateurs: Scanned in 02mn AMs
---\\ Scan Additionnel (O88)
Database Version : 13026 - (8/9/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1
[HKLM\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp] =>PUP.UTorrentControl^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}] =>Adware.Bandoo^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\Yoni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp =>PUP.UTorrentControl^
C:\ProgramData\systemk =>PUP.SystemK^
C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 412136 Items scanned in 30mn AMs
---\\ Additional information about modules
~ https://nicolascoolman.eu =>.Google Chrome, Start,Search,Extensions (G0,G1,G2)
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Auto loading programs from Registry and folders (O4)
~ https://nicolascoolman.eu =>.MountPoints2 Shell Key (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn AMs
---\\ Summary of the detections found on your workstation
https://nicolascoolman.eu =>Hijacker.Browsers
https://nicolascoolman.eu =>PUP.SystemK
https://nicolascoolman.eu =>Adware.Bandoo
~ MSI: 3 link(s) detected in 00mn AMs
~ 846 Legitimates filtered by white list
End of the scan (514 lines in 22mn AMs)(0)
VOILA .
~ Launched by Yoni (8/10/2014 12:23:00 AM)
~ Web site address : https://nicolascoolman.eu
~ Web forum address : https://nicolascoolman.eu
~ Translated by
~ Version State : New version available
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program
---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v36.0.1985.125 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft Security Client v4.5.0216.0
Spybot - Search & Destroy v2.2.25
Windows Defender W7 (Deactivate)
---\\ System optimization software
CCleaner v4.12
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 14 ActiveX
Adobe Reader XI
Java 7 Update 55
---\\ Information on the system
~ Processor: AMD64 Family 21 Model 1 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8173.2 MB (65% free)
System Restore: Activé (Enable)
System drive C: has 31 GB (28%) free of 112 GB
---\\ Connection to the system mode
~ Computer Name: YONI-PC
~ User Name: Yoni
~ All Users Names: Yoni, Guest, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Yoni\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Yoni\AppData\Roaming\
~ %Desktop% : C:\Users\Yoni\Desktop\
~ %Favorites% : C:\Users\Yoni\Favorites\
~ %LocalAppData% : C:\Users\Yoni\AppData\Local\
~ %StartMenu% : C:\Users\Yoni\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 31 Go of 112 Go)
D: CD-ROM drive (Free 0 Go of 0 Go)
E: Hard drive, Flash drive, Thumb drive (Free 152 Go of 466 Go)
I: Hard drive, Flash drive, Thumb drive (Free 110 Go of 111 Go)
J: Hard drive, Flash drive, Thumb drive (Free 1140 Go of 2676 Go)
L: Hard drive, Flash drive, Thumb drive (Free 88 Go of 1397 Go)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn AMs
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 8:19:30 AM.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.7/14/2009 - 3:39:52 AM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/19/2014 - 12:58:27 AM.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Windows Logon Application.) (.3/4/2014 - 11:43:50 AM.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.11/20/2010 - 3:27:26 PM.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.5/30/2014 - 8:45:52 AM.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 3:52:21 AM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 1:19:47 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 11:19:21 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 11:26:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 12:43:43 PM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.7/14/2009 - 1:19:57 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 2:10:03 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 4:40:40 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 11:23:20 AM.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT File System Driver.) (.1/24/2014 - 4:37:55 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.7/14/2009 - 2:00:41 AM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/20/2010 - 12:52:35 PM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/20/2010 - 1:06:41 PM.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 2:09:09 AM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 11:21:56 AM.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.11/20/2010 - 3:34:02 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn AMs
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/321
~ Mes musiques (My Musics) : 1/225
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/13
~ Mon Bureau (My Desktop) : 1/866
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn AMs
---\\ Process running
[MD5.05470C684B62C2F86325D8685E4513CB] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104] [PID.4448]
[MD5.208270C9AD3E82F6ABAC870F950E5F0D] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe [13246272] [PID.4540]
[MD5.3C28E91A1EC070E85581CD18AF030A0F] - (.RemoteMouse.net - Remote Mouse.) -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [1200640] [PID.4368]
[MD5.3433CF435F84B24965A8202118F41A7A] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe [1322832] [PID.4088] =>P2P.BitTorrent
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.6824]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.7756]
[MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.7820]
[MD5.8FE3F8F7D706379201ADA76BECC6ACFE] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8088576] [PID.7548]
[MD5.D2230317777033CD0456990BFC4994E5] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936] [PID.952]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2012]
[MD5.6B73E94F9FE82D45781B8C8A09483082] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.2036]
[MD5.28A30DEBE0C7E223BCBBECCD6B059779] - (.Leap Motion, Inc. - Leap Motion Service.) -- C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc.exe [4378928] [PID.1944]
[MD5.45D6780D0525D7BC29E2E3605CA73C18] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608] [PID.2228]
[MD5.17BA037B7292E53B060BA4BBBB6EEC65] - (.Popcorn Time - Popcorn Time Updater.) -- C:\Program Files (x86)\Popcorn Time\PopcornTimeUpdater.exe [210944] [PID.2424]
[MD5.E3D78F6FE54B27DE451E350AC908E8B4] - (.Ralink Technology, Corp. - RalinkRegistryWriter.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [391472] [PID.2448]
[MD5.98EF79CC2B07398AC525F9EA1AE0366F] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880] [PID.2660]
[MD5.5CEF407E235885DB5421DF79C843F2DF] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [5052224] [PID.1628]
[MD5.08E2C72275EEB2E74575D8176CC08EA6] - (.VMware, Inc. - VMware NAT Service.) -- C:\Windows\SysWOW64\vmnat.exe [437976] [PID.2876]
[MD5.C50B1A397F35908EEA98C964E77A6A97] - (.Western Digital Technologies, Inc. - WD Drive Service.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312] [PID.2732]
[MD5.14BF6B3AB327D519ED007CDDC56F6900] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272] [PID.3120]
[MD5.820EBE67AB99F033FDE25B2692157991] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416] [PID.3500]
[MD5.D07589E4434BD14E192ACED6C398B0CB] - (.VMware, Inc. - VMware Authorization Service.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [86744] [PID.3528]
[MD5.C04DA837FBC636DC88A2ACAEDB4E95F6] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\Windows\SysWOW64\vmnetdhcp.exe [359128] [PID.3548]
[MD5.75600442AF2C8303FC7199E360334873] - (.Western Digital Technologies, Inc. - WD Backup Engine.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808] [PID.3604]
[MD5.81BC96818A1A718342B5A03BA34AED2A] - (...) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384] [PID.3652]
[MD5.74E25070B7D39D01D4C9C8A5760C73BE] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe [229696] [PID.4952]
[MD5.885EFCCE95E428EEFF4957DDEAD7A4C1] - (.Popcorn Time - Popcorn Time Setup.) -- C:\Windows\TEMP\setC753.tmp.exe [301988] [PID.5956]
~ Processes Running: Scanned in 01mn AMs
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Yoni\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] https://www.default-search.net/ =>Hijacker.Browsers
G2 - GCE: Preference [User Data\Default] [agibflpbghgmiinfaefgnldmfajdance] Assassin's Creed IV Black Flag v.1.2 (Activé)
G2 - GCE: Preference [User Data\Default] [cflheckfmhopnialghigdlggahiomebp] uTorrentControl_v6 v.10.26.7.19, (Désactivé) =>PUP.UTorrentControl
G2 - GCE: Preference [User Data\Default] [fkepacicchenbjecpbpbclokcabebhah] iCloud Bookmarks v.1.2.12 (Activé)
G2 - GCE: Preference [User Data\Default] [gjndloejlcbpkholmagjbddfkjmmploh] IP Address v.1.10, (Désactivé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 26 Legitimates Filtered in 12mn AMs
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 21
---\\ Other User Links (O4)
O4 - GS\QuickLaunch [Yoni]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 08mn AMs
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Remote Mouse] . (.RemoteMouse.net - Remote Mouse.) -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [AdobeBridge] Orphan key
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1530979289-3737580495-1892298145-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-1530979289-3737580495-1892298145-1000\..\Run: [Remote Mouse] . (.RemoteMouse.net - Remote Mouse.) -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
O4 - HKUS\S-1-5-21-1530979289-3737580495-1892298145-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) -- C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-21-1530979289-3737580495-1892298145-1000\..\Run: [AdobeBridge] Orphan key
O4 - HKUS\S-1-5-21-1530979289-3737580495-1892298145-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn AMs
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~4\Office15\ONBttnIE.dll (.not file.)
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~4\Office15\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn AMs
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E716000-4FFE-4AFC-983C-63D1D090CA17}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0D574F5-7100-466D-A9B5-6ABD7D253908}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{7E716000-4FFE-4AFC-983C-63D1D090CA17}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0D574F5-7100-466D-A9B5-6ABD7D253908}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{7E716000-4FFE-4AFC-983C-63D1D090CA17}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0D574F5-7100-466D-A9B5-6ABD7D253908}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{EB94A8F6-BCC8-4C43-BC2A-F9B42E0C468F}: DhcpNameServer = 192.168.81.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F269D02F-CD25-41F6-B26A-99AE6D4E81F4}: DhcpNameServer = 192.168.184.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{EB94A8F6-BCC8-4C43-BC2A-F9B42E0C468F}: DhcpDomain = localdomain
O17 - HKLM\System\CS2\Services\Tcpip\..\{F269D02F-CD25-41F6-B26A-99AE6D4E81F4}: DhcpDomain = localdomain
~ Domain: Scanned in 00mn AMs
---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Leap Service (LeapService) . (.Leap Motion, Inc. - Leap Motion Service.) - C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc.exe
O23 - Service: (Popcorn Time Updater) . (.Popcorn Time - Popcorn Time Updater.) - C:\Program Files (x86)\Popcorn Time\PopcornTimeUpdater.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 26 Legitimates Filtered in 05mn AMs
---\\ Session Manager Key (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x64) . (...) -- c:\program files (x86)\settings manager\systemk\x64\sysapcrt.dll =>PUP.SystemK
O36 - AppCertDlls: (x86) . (...) -- c:\program files (x86)\settings manager\systemk\sysapcrt.dll =>PUP.SystemK
~ Keys: Scanned in 00mn AMs
---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [DriverToolkit Autorun] (...) -- C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4F11C0BE-F2E4-4EA5-9A56-8B936C6F29BA}] (...) -- C:\Users\Yoni\Downloads\ccsetup412.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: DriverToolkit Autorun - (...) -- C:\Windows\Tasks\DriverToolkit Autorun.job [356]
O39 - APT: DriverToolkit Autorun - (...) -- C:\Windows\System32\Tasks\DriverToolkit Autorun [356]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [890]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [894]
~ Scheduled Task: 16 Legitimates Filtered in 02mn AMs
---\\ Software installed (O42)
O42 - Logiciel: Popcorn Time - (.Popcorn Time.) [HKLM][64Bits] -- Popcorn Time_is1
O42 - Logiciel: SqliteBrowser3 - (.oldsch00l.) [HKLM][64Bits] -- SqliteBrowser3
~ Logic: 22 Legitimates Filtered in 00mn AMs
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Flow Studio]
[HKCU\Software\RTimage]
[HKCU\Software\SOG]
[HKCU\Software\int3]
[HKCU\Software\sqlitebrowser]
[HKLM\Software\Wow6432Node\Debian]
[HKLM\Software\Wow6432Node\oldsch00l]
~ Key Software: 289 Legitimates Filtered in 00mn AMs
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 7/2/2014 - 12:12:22 AM - [] ----D C:\Program Files (x86)\Leap Motion
O43 - CFD: 6/18/2014 - 10:42:07 AM - [] ----D C:\Program Files (x86)\Popcorn Time
O43 - CFD: 8/1/2014 - 3:29:22 PM - [] ----D C:\Program Files (x86)\SqliteBrowser3
O43 - CFD: 4/22/2014 - 2:19:20 PM - [] ----D C:\ProgramData\Leap Motion
O43 - CFD: 8/9/2014 - 11:17:48 PM - [] ----D C:\ProgramData\systemk =>PUP.SystemK
O43 - CFD: 5/27/2014 - 11:03:31 PM - [0] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 3/30/2014 - 7:40:08 PM - [] ----D C:\Users\Yoni\AppData\Roaming\AirspaceApps
O43 - CFD: 3/30/2014 - 7:23:24 PM - [] ----D C:\Users\Yoni\AppData\Roaming\Leap Motion
O43 - CFD: 6/11/2014 - 5:28:16 PM - [] ----D C:\Users\Yoni\AppData\Local\23E91766-F511-4816-8A0F-FB0497A81F3D.aplzod
O43 - CFD: 5/18/2014 - 5:40:49 PM - [] ----D C:\Users\Yoni\AppData\Local\Airspace
O43 - CFD: 3/30/2014 - 7:40:06 PM - [] ----D C:\Users\Yoni\AppData\Local\AirspaceApps
O43 - CFD: 6/24/2014 - 3:22:26 PM - [0] ----D C:\Users\Yoni\AppData\Local\pangu
O43 - CFD: 7/25/2014 - 4:34:55 AM - [] ----D C:\Users\Yoni\AppData\Local\Slingshot
O43 - CFD: 3/30/2014 - 7:22:20 PM - [] ----D C:\Users\Yoni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Leap Motion
~ Program Folder: 187 Legitimates Filtered in 00mn AMs
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{edb08ced-b910-11e3-bd15-005056c00008}\AutoRun\command. (...) -- I:\OriginInstaller.exe (.not file.)
~ Keys: Scanned in 00mn AMs
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Leap Control Panel [Key] . (.Leap Motion, Inc. - Leap Motion Control Panel.) -- C:\Program Files (x86)\Leap Motion\Core Services\LeapControlPanel.exe
O53 - SMSR:HKLM\...\startupreg\Lycosa [Key] . (...) -- C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\RzWizard [Key] . (...) -- C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 24 Legitimates Filtered in 02mn AMs
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn AMs
---\\ System Drivers List (SDL) (O58)
O58 - SDL:7/14/2009 - 3:47:48 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:7/17/2013 - 1:23:50 PM ---A- . (.Etron Technology Inc - Etron eXtensible Hub Driver..) -- C:\Windows\System32\Drivers\EtronHub3.sys [65408]
O58 - SDL:7/17/2013 - 1:23:46 PM ---A- . (.Etron Technology Inc - Etron eXtensible Host Controller Driver..) -- C:\Windows\System32\Drivers\EtronXHCI.sys [94208]
O58 - SDL:6/10/2009 - 10:31:59 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:9/29/2010 - 7:45:22 PM ---A- . (.Windows (R) Win 7 DDK provider - Filter Driver for HID-KMDF Interface.) -- C:\Windows\System32\Drivers\hidkmdf.sys [6656]
O58 - SDL:7/27/2014 - 11:46:57 PM ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [381440]
O58 - SDL:7/14/2009 - 3:45:55 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:3/18/2013 - 3:51:08 PM ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:9/30/2010 - 11:16:34 PM ---A- . (.Windows (R) Win 7 DDK provider - HID mini driver for USB Fx2 Device.) -- C:\Windows\System32\Drivers\VKbms.sys [13312]
~ Drivers: 79 Legitimates Filtered in 00mn AMs
---\\ Last modified or created user files (O61)
O61 - LFC: 8/9/2014 - 12:25:06 AM ---A- . (...) -- C:\Users\Yoni\Desktop\adwcleaner_3.304.exe [1366203]
~ 2668 Fichiers temporaires (Temporary files)
~ 11 Fichiers cookies (Cookies files)
~ Files: 14 Legitimates Filtered in 17mn AMs
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} - (default-search.net) - https://www.default-search.net/ =>Hijacker.Browsers
~ Keys: Scanned in 00mn AMs
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.9D46D72131D0E36A79D4819F08EA0E0B] [SPRF][8/9/2014] (...) -- C:\Users\Yoni\Desktop\adwcleaner_3.304.exe [1366203]
~ Files: 1 Legitimates Filtered in 00mn AMs
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{02DA0EEB-DA5C-41FC-8083-F227D3867CCD}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{4C5FB0D2-DDC0-4D3B-A53E-F7C2A83031C1}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 02mn AMs
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 126 Legitimates Filtered in 00mn AMs
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 7/9/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 3/30/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 3/30/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 8/1/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 7/6/2012 1863680 | (RaMediaServer) . (.Ralink.) - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
SS - | Auto 4/3/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 2/19/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 7/14/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/21/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 6/12/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 8/30/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 6/26/2014 4378928 | (LeapService) . (.Leap Motion, Inc..) - C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc.exe
SR - | Auto 4/1/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 3/11/2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 7/25/2014 1720608 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 7/25/2014 18956064 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 7/2/2014 935368 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 5/22/2014 210944 | (Popcorn Time Updater) . (.Popcorn Time.) - C:\Program Files (x86)\Popcorn Time\PopcornTimeUpdater.exe
SR - | Auto 6/26/2013 391472 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
SR - | Auto 6/26/2013 452912 | (RalinkRegistryWriter64) . (.Ralink Technology, Corp..) - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
SR - | Auto 10/15/2013 3921880 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 9/20/2013 1042272 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 9/13/2013 171416 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 7/2/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 8/6/2014 5052224 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 4/14/2014 86744 | (VMAuthdService) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe =>.VMware, Inc
SR - | Auto 7/10/1658 0 | (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\system32\vmnetdhcp.exe
SR - | Auto 2/27/2014 906432 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
SR - | Auto 7/10/1658 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe
SR - | Auto 4/14/2014 14407384 | (VMwareHostd) . (...) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe =>.VMware, Inc
SR - | Auto 6/2/2014 1042808 | (WDBackup) . (.Western Digital Technologies, Inc..) - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
SR - | Auto 6/2/2014 296312 | (WDDriveService) . (.Western Digital Technologies, Inc..) - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
SR - | Demand 7/10/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 7/14/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 07mn AMs
---\\ Search Master Boot Record Infection (MBR)(O80)
Run by Yoni at 8/10/2014 12:25:50 AM
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn AMs
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Yoni at 8/10/2014 12:25:52 AM
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 02mn AMs
---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:7/27/2014 - 11:46:57 PM ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [381440]
~ Emulateurs: Scanned in 02mn AMs
---\\ Scan Additionnel (O88)
Database Version : 13026 - (8/9/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1
[HKLM\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp] =>PUP.UTorrentControl^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}] =>Adware.Bandoo^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\Yoni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp =>PUP.UTorrentControl^
C:\ProgramData\systemk =>PUP.SystemK^
C:\Users\Yoni\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 412136 Items scanned in 30mn AMs
---\\ Additional information about modules
~ https://nicolascoolman.eu =>.Google Chrome, Start,Search,Extensions (G0,G1,G2)
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Auto loading programs from Registry and folders (O4)
~ https://nicolascoolman.eu =>.MountPoints2 Shell Key (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn AMs
---\\ Summary of the detections found on your workstation
https://nicolascoolman.eu =>Hijacker.Browsers
https://nicolascoolman.eu =>PUP.SystemK
https://nicolascoolman.eu =>Adware.Bandoo
~ MSI: 3 link(s) detected in 00mn AMs
~ 846 Legitimates filtered by white list
End of the scan (514 lines in 22mn AMs)(0)
VOILA .
Utilisateur anonyme
9 août 2014 à 23:30
9 août 2014 à 23:30
Re
Pour transmettre le rapport clique sur ce lien :
http://pjjoint.malekal.com/
Si problème utilise un des suivants
https://forums-fec.be/upload
https://www.cjoint.com/
Clique sur Parcourir et cherche le fichier : Nom_complet_du_fichier (Fichier demandé )
Clique sur Ouvrir.
Clique sur "Envoyer le fichier".
Un lien de cette forme :
http://pjjoint.malekal.com/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
@+
Pour transmettre le rapport clique sur ce lien :
http://pjjoint.malekal.com/
Si problème utilise un des suivants
https://forums-fec.be/upload
https://www.cjoint.com/
Clique sur Parcourir et cherche le fichier : Nom_complet_du_fichier (Fichier demandé )
Clique sur Ouvrir.
Clique sur "Envoyer le fichier".
Un lien de cette forme :
http://pjjoint.malekal.com/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
@+
yoyo5406
Messages postés
151
Date d'inscription
mardi 30 octobre 2012
Statut
Membre
Dernière intervention
1 juillet 2020
2
9 août 2014 à 23:37
9 août 2014 à 23:37
Utilisateur anonyme
9 août 2014 à 23:43
9 août 2014 à 23:43
Re
Utilisation de l'outil ZHPFix :
* Copie tout le texte présent dans l'encadré ci-dessous (tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
Script ZHPFix
[G1 - GCS: Preference [User Data\Default] https://www.default-search.net/
G2 - GCE: Preference [User Data\Default] [cflheckfmhopnialghigdlggahiomebp] uTorrentControl_v6 v.10.26.7.19, (Désactivé)
O36 - AppCertDlls: (x64) . (...) -- c:\program files (x86)\settings manager\systemk\x64\sysapcrt.dll
O36 - AppCertDlls: (x86) . (...) -- c:\program files (x86)\settings manager\systemk\sysapcrt.dll
O43 - CFD: 8/9/2014 - 11:17:48 PM - [] ----D C:\ProgramData\systemk
O43 - CFD: 5/27/2014 - 11:03:31 PM - [0] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} - (default-search.net) - https://www.default-search.net/
[HKLM\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp]
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}]
C:\Users\Yoni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
C:\ProgramData\systemk
[MD5.98EF79CC2B07398AC525F9EA1AE0366F] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880] [PID.2660]
[MD5.14BF6B3AB327D519ED007CDDC56F6900] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272] [PID.3120]
[MD5.820EBE67AB99F033FDE25B2692157991] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416] [PID.3500]
[MD5.885EFCCE95E428EEFF4957DDEAD7A4C1] - (.Popcorn Time - Popcorn Time Setup.) -- C:\Windows\TEMP\setC753.tmp.exe [301988] [PID.5956]
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
[MD5.00000000000000000000000000000000] [APT] [DriverToolkit Autorun] (...) -- C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe (.not file.) [0]
SR - | Auto 10/15/2013 3921880 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 9/20/2013 1042272 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 9/13/2013 171416 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
ShortcutFix
EmptyPrefetch
FirewallRAZ
Emptytemp
EmptyCLSID
--------------------------------------------------------------------------------------------
Lance ZHPFix à partir du raccourci sur ton Bureau (si tu es sous Windows Vista ou Windows 7 ou 8, fais le par un clic-droit --> Exécuter en tant qu'administrateur)
Cliquer sur le bouton Importer. Le contenu du Presse-papier vient se coller dans la zone de saisie de ZHPFix
NB (W8) : Dans certains cas le script se colle automatiquement dans la zone de script et ne nécessite pas de cliquer sur le bouton "IMPORTER".
* Clique sur le bouton GO pour lancer le nettoyage.
-> laisse travailler l'outil et ne touche à rien ...
-> S'il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !
Une fois terminé, un nouveau rapport s'affiche : poste le contenu de ce dernier dans ta prochaine réponse ...
Ce rapport est copié sur le bureau
( ce rapport est en outre sauvegardé dans ce dossier :
- Pour XP : C:\Documents and Settings\username\Local Settings\Application Data\ZHP
- Depuis Vista : C:\Users\username\AppData\Roaming\ZHP\ZHPFix [R1].txt)
@+
Utilisation de l'outil ZHPFix :
* Copie tout le texte présent dans l'encadré ci-dessous (tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
Script ZHPFix
[G1 - GCS: Preference [User Data\Default] https://www.default-search.net/
G2 - GCE: Preference [User Data\Default] [cflheckfmhopnialghigdlggahiomebp] uTorrentControl_v6 v.10.26.7.19, (Désactivé)
O36 - AppCertDlls: (x64) . (...) -- c:\program files (x86)\settings manager\systemk\x64\sysapcrt.dll
O36 - AppCertDlls: (x86) . (...) -- c:\program files (x86)\settings manager\systemk\sysapcrt.dll
O43 - CFD: 8/9/2014 - 11:17:48 PM - [] ----D C:\ProgramData\systemk
O43 - CFD: 5/27/2014 - 11:03:31 PM - [0] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} - (default-search.net) - https://www.default-search.net/
[HKLM\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp]
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}]
C:\Users\Yoni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
C:\ProgramData\systemk
[MD5.98EF79CC2B07398AC525F9EA1AE0366F] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880] [PID.2660]
[MD5.14BF6B3AB327D519ED007CDDC56F6900] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272] [PID.3120]
[MD5.820EBE67AB99F033FDE25B2692157991] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416] [PID.3500]
[MD5.885EFCCE95E428EEFF4957DDEAD7A4C1] - (.Popcorn Time - Popcorn Time Setup.) -- C:\Windows\TEMP\setC753.tmp.exe [301988] [PID.5956]
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
[MD5.00000000000000000000000000000000] [APT] [DriverToolkit Autorun] (...) -- C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe (.not file.) [0]
SR - | Auto 10/15/2013 3921880 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 9/20/2013 1042272 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 9/13/2013 171416 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
ShortcutFix
EmptyPrefetch
FirewallRAZ
Emptytemp
EmptyCLSID
--------------------------------------------------------------------------------------------
Lance ZHPFix à partir du raccourci sur ton Bureau (si tu es sous Windows Vista ou Windows 7 ou 8, fais le par un clic-droit --> Exécuter en tant qu'administrateur)
Cliquer sur le bouton Importer. Le contenu du Presse-papier vient se coller dans la zone de saisie de ZHPFix
NB (W8) : Dans certains cas le script se colle automatiquement dans la zone de script et ne nécessite pas de cliquer sur le bouton "IMPORTER".
* Clique sur le bouton GO pour lancer le nettoyage.
-> laisse travailler l'outil et ne touche à rien ...
-> S'il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !
Une fois terminé, un nouveau rapport s'affiche : poste le contenu de ce dernier dans ta prochaine réponse ...
Ce rapport est copié sur le bureau
( ce rapport est en outre sauvegardé dans ce dossier :
- Pour XP : C:\Documents and Settings\username\Local Settings\Application Data\ZHP
- Depuis Vista : C:\Users\username\AppData\Roaming\ZHP\ZHPFix [R1].txt)
@+
yoyo5406
Messages postés
151
Date d'inscription
mardi 30 octobre 2012
Statut
Membre
Dernière intervention
1 juillet 2020
2
9 août 2014 à 23:49
9 août 2014 à 23:49
Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Yoni at 8/10/2014 12:45:19 AM
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Recycle Bin emptied (03mn AMs)
Prefetcher emptied
Repair of browser shortcuts
========== Registry keys ==========
REMOVES: SearchScopes :{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
REMOVES:* HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
REMOVES: Service: SDWSCService
REMOVES: Service: SDScannerService
REMOVES: Service: SDUpdateService
========== Registry values ==========
ABSENT value Domain Profile: FirewallRaz :
REMOVES: FirewallRaz (Private) : TCP Query User{6DFA7E78-420F-4323-9EF2-EA1705C72B8E}C:\program files\slingshot\slingshot.exe
REMOVES: FirewallRaz (Private) : UDP Query User{9FBECFD9-7869-4E4E-8921-25F9B6D96750}C:\program files\slingshot\slingshot.exe
REMOVES: FirewallRaz (Public) : {E0B8BCD2-4151-49A1-8116-0F983693F345}
REMOVES: FirewallRaz (Public) : {D32F647A-39DC-478D-9100-6A752093519C}
REMOVES: FirewallRaz (Private) : TCP Query User{A5D0DAE0-9145-4ECA-9E1F-AFCA8AE6BD6F}C:\program files (x86)\sopcast\sopcast.exe
REMOVES: FirewallRaz (Private) : UDP Query User{659D1EF4-6201-494D-887D-1573F959553C}C:\program files (x86)\sopcast\sopcast.exe
REMOVES: FirewallRaz (Public) : {D236E3FD-989E-4851-8ABF-173030FA3B2E}
REMOVES: FirewallRaz (Public) : {0575E43F-A952-466E-8A5E-2DD527338A63}
========== Folders ==========
No folders empty CLSID Local user
========== Files ==========
REMOVES: c:\users\yoni\appdata\local\google\chrome\user data\default\preferences
REMOVES Reboot: c:\program files (x86)\spybot - search & destroy 2\sdwscsvc.exe
REMOVES: c:\program files (x86)\spybot - search & destroy 2\sdwscsvc.exe
Deletes temporary Windows (2666) (1,492,098,571 octets)
========== Scheduled task ==========
REMOVES: DriverToolkit Autorun
========== Other ==========
NON-TREATY [G1 - GCS: Preference [User Data\Default] https://www.default-search.net/
========== Summary ==========
5 : Registry keys
9 : Registry values
1 : Folders
4 : Files
1 : Scheduled task
1 : Other
End of clean in 09mn AMs
========== Path to file report ==========
C:\Users\Yoni\AppData\Roaming\ZHP\ZHPFix[R1].txt - 8/10/2014 12:45:22 AM [2299]
Fichier d'export Registre :
Run by Yoni at 8/10/2014 12:45:19 AM
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Recycle Bin emptied (03mn AMs)
Prefetcher emptied
Repair of browser shortcuts
========== Registry keys ==========
REMOVES: SearchScopes :{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
REMOVES:* HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
REMOVES: Service: SDWSCService
REMOVES: Service: SDScannerService
REMOVES: Service: SDUpdateService
========== Registry values ==========
ABSENT value Domain Profile: FirewallRaz :
REMOVES: FirewallRaz (Private) : TCP Query User{6DFA7E78-420F-4323-9EF2-EA1705C72B8E}C:\program files\slingshot\slingshot.exe
REMOVES: FirewallRaz (Private) : UDP Query User{9FBECFD9-7869-4E4E-8921-25F9B6D96750}C:\program files\slingshot\slingshot.exe
REMOVES: FirewallRaz (Public) : {E0B8BCD2-4151-49A1-8116-0F983693F345}
REMOVES: FirewallRaz (Public) : {D32F647A-39DC-478D-9100-6A752093519C}
REMOVES: FirewallRaz (Private) : TCP Query User{A5D0DAE0-9145-4ECA-9E1F-AFCA8AE6BD6F}C:\program files (x86)\sopcast\sopcast.exe
REMOVES: FirewallRaz (Private) : UDP Query User{659D1EF4-6201-494D-887D-1573F959553C}C:\program files (x86)\sopcast\sopcast.exe
REMOVES: FirewallRaz (Public) : {D236E3FD-989E-4851-8ABF-173030FA3B2E}
REMOVES: FirewallRaz (Public) : {0575E43F-A952-466E-8A5E-2DD527338A63}
========== Folders ==========
No folders empty CLSID Local user
========== Files ==========
REMOVES: c:\users\yoni\appdata\local\google\chrome\user data\default\preferences
REMOVES Reboot: c:\program files (x86)\spybot - search & destroy 2\sdwscsvc.exe
REMOVES: c:\program files (x86)\spybot - search & destroy 2\sdwscsvc.exe
Deletes temporary Windows (2666) (1,492,098,571 octets)
========== Scheduled task ==========
REMOVES: DriverToolkit Autorun
========== Other ==========
NON-TREATY [G1 - GCS: Preference [User Data\Default] https://www.default-search.net/
========== Summary ==========
5 : Registry keys
9 : Registry values
1 : Folders
4 : Files
1 : Scheduled task
1 : Other
End of clean in 09mn AMs
========== Path to file report ==========
C:\Users\Yoni\AppData\Roaming\ZHP\ZHPFix[R1].txt - 8/10/2014 12:45:22 AM [2299]
Utilisateur anonyme
10 août 2014 à 09:05
10 août 2014 à 09:05
Bonjour
Met à jour Java.
On finalise
1) Vide la quarantaine de Malwaresbytes
2) Télécharge DelFix de Xplode
Lance le.
Tu as 5 choix :
Réactiver l'UAC
Supprimer les outils de désinfection (cocher par défaut)
Effectuer une sauvegarde du registre
Purger la restauration de système
Réinitialisation des paramètres usine
Tu coches ceux qui sont en gras ci-dessus
et tu exécutes
Le rapport se trouve ici généralement
C:\DelFix.txt
Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html
@+
Met à jour Java.
On finalise
1) Vide la quarantaine de Malwaresbytes
2) Télécharge DelFix de Xplode
Lance le.
Tu as 5 choix :
Réactiver l'UAC
Supprimer les outils de désinfection (cocher par défaut)
Effectuer une sauvegarde du registre
Purger la restauration de système
Réinitialisation des paramètres usine
Tu coches ceux qui sont en gras ci-dessus
et tu exécutes
Le rapport se trouve ici généralement
C:\DelFix.txt
Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html
@+
yoyo5406
Messages postés
151
Date d'inscription
mardi 30 octobre 2012
Statut
Membre
Dernière intervention
1 juillet 2020
2
10 août 2014 à 09:11
10 août 2014 à 09:11
Merci beaucoup pour ton aide .
