~ Rapport de ZHPDiag v2013.12.14.22 - Nicolas Coolman (14/12/2013) ~ Lancé par MAYA (24/12/2013 18:00:28) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 26.0 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Ultimate, 32-bit (Build 7600) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : PMJBM Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système AVG 2014 v14.0.3658 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v4.06 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 45 ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2485 MB (26% free) System Restore: Activé (Enable) System drive C: has 90 GB (61%) free of 146 GB ---\\ Mode de connexion au système ~ Computer Name: MAYA-PC ~ User Name: MAYA ~ All Users Names: MAYA, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\MAYA\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\MAYA\AppData\Roaming\ ~ %Desktop% : C:\Users\MAYA\Desktop\ ~ %Favorites% : C:\Users\MAYA\Favorites\ ~ %LocalAppData% : C:\Users\MAYA\AppData\Local\ ~ %StartMenu% : C:\Users\MAYA\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 90 Go of 146 Go) D: Hard drive, Flash drive, Thumb drive (Free 94 Go of 117 Go) E: Hard drive, Flash drive, Thumb drive (Free 109 Go of 117 Go) F: Hard drive, Flash drive, Thumb drive (Free 85 Go of 85 Go) G: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified ~ Security Center: 47 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 06:33:07.) -- C:\Windows\Explorer.exe [2614784] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 04:38:00.) -- C:\Windows\System32\wininet.dll [1129472] [MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\Winlogon.exe [285696] [MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024] [MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392] [MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.187002CE05693C306F43C873F821381F] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/03/2011 - 06:44:01.) -- C:\Windows\system32\Drivers\ntfs.sys [1210240] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240] [MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06/09/2012 - 17:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/27 ~ Mes musiques (My Musics) : 1/881 ~ Mes Videos (My Videos) : 1/44 ~ Mes Favoris (My Favorites) : 1/18 ~ Mes Documents (My Documents) : 1/3 ~ Mon Bureau (My Desktop) : 1/35 ~ Menu demarrer (Programs) : 1/42 ~ Hidden Files: Scanned in 00mn 03s ---\\ Processus lancés [MD5.6E1902AC346AD1D75946822116AD3C1C] - (.SlimWare Utilities, Inc. - DriverUpdate.) -- C:\Program Files\DriverUpdate\DriverUpdate.exe [34199872] [PID.2852] [MD5.A7C69E9E571BC406BD9D39728E2122B2] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408] [PID.3124] [MD5.ED2F52A2A05103ED706B678AA28232BC] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.3156] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.3172] [MD5.93C0417670F41DA6A31CD4AC04F06D0A] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5708432] [PID.3332] [MD5.643F7A81B4FC27845886AB9650AD2C61] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [4956176] [PID.3344] [MD5.7E76C45E8674BC1F2BA00D83C701CDD0] - (...) -- C:\Program Files\AutorunRemover\AutorunRemover.exe [1971712] [PID.3508] [MD5.8ABADC0AD4E00A6BBB4B458200DBF536] - (.Visicom Media Inc. - Anti-phishing Domain Advisor (Powered by Pa.) -- C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe [235072] [PID.3520] =>Spyware.VMNToolbar [MD5.D1AB72DB2BEDD2F255D35DA3DA0D4B16] - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe [141824] [PID.3528] [MD5.1C5A81304F4B3A24914E10E339E3D51A] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\MAYA\AppData\Roaming\uTorrent\uTorrent.exe [900440] [PID.3652] =>P2P.BitTorrent [MD5.E0E7BD7828EA7B8721BE29375C0D04DF] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704] [PID.2592] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.3612] [MD5.0C2BC6FAA99E807D0DCB6B2210953A2C] - (.CyberGhost S.R.L. - CyberGhost VPN.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe [361072] [PID.556] [MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.2392] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.4552] [MD5.0DD74786D22EDFF0CE5B8E1B1E398618] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.3264] [MD5.CEED3CE0035F55A08EEEC34B5804723C] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.6136] [MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [269848] [PID.5428] [MD5.39DDFF08ACFE865BCB27AD3544671577] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20588704] [PID.5104] [MD5.32732CEDE2A1106B736EF3D84054EE04] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757376] [PID.2376] [MD5.090A189F4EEB3C0B76E97ACDB1A71C92] - (.Internet Download Manager, Tonec Inc. - Broker for reading of IDM settings.) -- C:\Program Files\Internet Download Manager\idmBroker.exe [69144] [PID.1260] [MD5.F2616FED761E6A681A18A3E2BD27EF04] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3825232] [PID.1888] [MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.3048] ~ Processes Running: Scanned in 00mn 02s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\MAYA\AppData\Roaming\Mozilla\Firefox\Profiles\097dq3sv.default-1384454677630\prefs.js C:\Users\MAYA\AppData\Roaming\Mozilla\Firefox\Profiles\097dq3sv.default-1384454677630\user.js M3 - MFPP: Plugins - [MAYA] -- C:\Users\MAYA\AppData\Roaming\Mozilla\Firefox\Profiles\097dq3sv.default-1384454677630\searchplugins\safeguard-secure-search.xml ~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080;https=localhost:8080;ftp=localhost:8080;socks=localhost:1080 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) O1 - Hosts: 127.0.0.3 www.anchorfree.net O1 - Hosts: 127.0.0.2 www.mefeedia.com ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 29 ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: 7-Data Recovery Suite.lnk . (.SharpNight Co,Ltd - 7-Data Recovery Suite.) -- C:\Program Files\7-Data Recovery Suite\7DataRecoverySuite.exe O4 - GS\Desktop [Public]: AutorunRemover.lnk . (...) -- C:\Program Files\AutorunRemover\AutorunRemover.exe O4 - GS\Desktop [Public]: Ayat.lnk . (...) -- C:\Program Files\Ayat\Ayat.exe O4 - GS\Desktop [Public]: DriverUpdate.lnk . (...) -- C:\Windows\Installer\{850A14FC-F410-47F7-94E4-38F4D3F270D4}\Icon.exe O4 - GS\Desktop [Public]: iCare data Recovery Software Professional.lnk . (.iCare Development Co., Ltd - iCare Data Recovery.) -- C:\Program Files\iCare Data Recovery Professional\iCare Data Recovery Professional.exe O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Desktop [Public]: Paragon Hard Disk Manager™ 12 Suite.lnk . (.Paragon Software Group - A part of Paragon System Utilities.) -- C:\Program Files\Paragon Software\Hard Disk Manager 12 Suite\program\launcher.exe O4 - GS\Desktop [Public]: Screen Recorder.lnk . (.ZD Soft - Screen Recorder.) -- C:\Program Files\ZD Soft\Screen Recorder\ScnRec.exe O4 - GS\Desktop [Public]: Ultraiso.lnk . (.EZB Systems, Inc. - UltraISO Premium.) -- C:\Program Files\UltraISO\UltraISO.exe O4 - GS\Program [Public]: Ayat.lnk . (...) -- C:\Program Files\Ayat\Ayat.exe O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [MAYA]: CyberGhost 5.lnk . (.CyberGhost S.R.L. - CyberGhost VPN.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe O4 - GS\QuickLaunch [MAYA]: Fake Webcam 7.2.lnk . (.Web Solution Mart - Pas de description.) -- C:\Program Files\Fake Webcam 7.2\7.2.0.0\FakeWebcam.exe O4 - GS\QuickLaunch [MAYA]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [MAYA]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\MAYA\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\TaskBar [MAYA]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [MAYA]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Program [MAYA]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [MAYA]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [MAYA]: CyberGhost 5.lnk . (.CyberGhost S.R.L. - CyberGhost VPN.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe O4 - GS\Desktop [MAYA]: Fake Webcam 7.2.lnk . (.Web Solution Mart - Pas de description.) -- C:\Program Files\Fake Webcam 7.2\7.2.0.0\FakeWebcam.exe O4 - GS\Desktop [MAYA]: Stellar Phoenix Windows Data Recovery - Professional.lnk . (.Stellar Information Systems Ltd. - Windows data Recovery.) -- C:\Program Files\Stellar Phoenix Windows Data Recovery\spwdrp.exe O4 - GS\Desktop [MAYA]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\MAYA\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Global Startup: 73 Legitimates Filtered in 00mn 02s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKLM\..\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe O4 - HKLM\..\Run: [AutorunRemover.exe] . (...) -- C:\Program Files\AutorunRemover\AutorunRemover.exe O4 - HKLM\..\Run: [MyStart Anti-phishing Domain Advisor] . (.Visicom Media Inc. - Anti-phishing Domain Advisor (Powered by Pa.) -- C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe =>Spyware.VMNToolbar O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.) O4 - HKLM\..\Run: [key1] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\MAYA\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\MAYA\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\MAYA\AppData\Roaming\newnext.me\nengine.dll O4 - HKCU\..\Run: [key1] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe O4 - HKCU\..\Run: [CyberGhost] . (.CyberGhost S.R.L. - CyberGhost VPN.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-1283673467-3664552359-1289771740-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\MAYA\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - HKUS\S-1-5-21-1283673467-3664552359-1289771740-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe O4 - HKUS\S-1-5-21-1283673467-3664552359-1289771740-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\MAYA\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-1283673467-3664552359-1289771740-1000\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\MAYA\AppData\Roaming\newnext.me\nengine.dll O4 - HKUS\S-1-5-21-1283673467-3664552359-1289771740-1000\..\Run: [key1] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe O4 - HKUS\S-1-5-21-1283673467-3664552359-1289771740-1000\..\Run: [CyberGhost] . (.CyberGhost S.R.L. - CyberGhost VPN.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office15\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: Cliquer pour appeler Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office15\ONBTTN~1.dll =>.Microsoft Corporation ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{3263BB1C-1860-46CC-A3E2-771E138CDBB3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{3263BB1C-1860-46CC-A3E2-771E138CDBB3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{3263BB1C-1860-46CC-A3E2-771E138CDBB3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AmiUpdXp.job [352] =>PUP.Software.Updater O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DriverUpdate Startup.job [392] [MD5.65C578E5FCEF8089DFD5D5C65F8CD3AB] [APT] [AmiUpdXp] (.Amonetizé Ltd.) -- C:\Users\MAYA\AppData\Local\SwvUpdater\Updater.exe [292392] =>PUP.Software.Updater [MD5.00000000000000000000000000000000] [APT] [PCFix] (...) -- C:\Program Files\PCFix\PCFix.exe (.not file.) [0] [MD5.29B81898034EF7692A242E49310E0411] [APT] [Trigger KMS Activation] (...) -- C:\Program Files\KMSnano\TriggerKMS.exe [54784] [MD5.00000000000000000000000000000000] [APT] [{5E9D3C88-FB2C-4D5B-A3E6-232EB251C04E}] (...) -- C:\Users\MAYA\Downloads\Programs\Aqsa2.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{96BBDF1A-E835-45F3-A269-DE550443A678}] (...) -- D:\copie-D\SWSetup\sp50704\Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{E7767D43-CD90-4443-BBB7-E239D66578D1}] (...) -- C:\Users\MAYA\Downloads\Programs\install-ek.exe (.not file.) [0] ~ Scheduled Task: 15 Legitimates Filtered in 00mn 07s ---\\ Logiciels installés (O42) O42 - Logiciel: Autorun Virus Remover 3.2 - (.Autorun Remover.) [HKLM] -- Autorun Virus Remover_is1 O42 - Logiciel: KMSnano 24 - (...) [HKLM] -- KMSnano 24_is1 O42 - Logiciel: ZD Soft Screen Recorder - (.ZD Soft.) [HKLM] -- {99C1BBB1-E4F2-43F6-A587-07BAF1F303FB} ~ Logic: 15 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\242b66c33cdb3ef101557abd8c8578df] [HKCU\Software\5cd8f17f4086744065eb0992a09e05a2] [HKCU\Software\APN PIP] [HKCU\Software\BIFROST1.2] [HKCU\Software\Bifrost] [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\ZD Soft] [HKCU\Software\iCarePro] [HKLM\Software\Bifrost] [HKLM\Software\Conduit] =>Toolbar.Conduit [HKLM\Software\Email Notifier] [HKLM\Software\key1] ~ Key Software: 246 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 03/11/2013 - 16:49:00 - [32,616] ----D C:\Program Files\DriverUpdate O43 - CFD: 23/12/2013 - 13:25:55 - [13,386] -SH-D C:\Program Files\KGB O43 - CFD: 14/11/2013 - 00:22:28 - [48,967] ----D C:\Program Files\KMSnano O43 - CFD: 27/11/2013 - 16:20:13 - [0,015] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup O43 - CFD: 08/12/2013 - 02:16:50 - [11,221] ----D C:\Program Files\ZD Soft O43 - CFD: 08/11/2013 - 17:26:59 - [0] ----D C:\ProgramData\createpart O43 - CFD: 08/11/2013 - 17:25:59 - [0] ----D C:\ProgramData\formatpart O43 - CFD: 23/12/2013 - 07:40:39 - [59,040] -SH-D C:\ProgramData\MPK O43 - CFD: 26/11/2013 - 16:52:35 - [0,442] ----D C:\Users\MAYA\AppData\Roaming\DefaultTab =>Adware.Bandoo O43 - CFD: 26/11/2013 - 18:11:37 - [0] ----D C:\Users\MAYA\AppData\Roaming\NaviFirmPlus O43 - CFD: 24/12/2013 - 14:23:53 - [1,228] ----D C:\Users\MAYA\AppData\Roaming\newnext.me O43 - CFD: 10/12/2013 - 21:07:08 - [1,224] ----D C:\Users\MAYA\AppData\Local\genienext O43 - CFD: 08/12/2013 - 02:49:34 - [73,071] ----D C:\Users\MAYA\AppData\Local\mystart_ad =>Spyware.VMNToolbar O43 - CFD: 10/12/2013 - 21:00:02 - [0,281] ----D C:\Users\MAYA\AppData\Local\SwvUpdater =>PUP.Software.Updater ~ Program Folder: 189 Legitimates Filtered in 00mn 37s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.4A308E930ADA5F8CE0118E7AF93A461F] - 10/12/2013 - 20:09:53 ---A- . (...) -- C:\Windows\spwdrp.INI [17] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/12/2013 - 23:53:58 RSHA- . (...) -- C:\IO.SYS [0] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/12/2013 - 23:53:58 RSHA- . (...) -- C:\MSDOS.SYS [0] O44 - LFC:[MD5.4B566DF45717B5492C7D0DFB42023D73] - 15/12/2013 - 00:03:40 ---A- . (...) -- C:\UsbFix [Scan 1] MAYA-PC.txt [11018] O44 - LFC:[MD5.67E8D90733EFDF05E266AB409458CF8C] - 15/12/2013 - 00:12:04 ---A- . (...) -- C:\UsbFix [Listing 1] MAYA-PC.txt [4230] O44 - LFC:[MD5.6D986E8AC4F570FF61B2A391F52A0341] - 18/12/2013 - 01:03:08 ---A- . (...) -- C:\Windows\System32\runkgb.lnk [857] O44 - LFC:[MD5.7187BDFE5B7668803D8EAFC78AF0A03B] - 18/12/2013 - 02:12:08 ---A- . (...) -- C:\PhysicalMBR.bin [512] O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 22/12/2013 - 16:59:18 ---A- . (...) -- C:\Windows\diagerr.xml [1908] O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 22/12/2013 - 16:59:18 ---A- . (...) -- C:\Windows\diagwrn.xml [1908] O44 - LFC:[MD5.C3704E99CB35FADEDDDABAA973A0959E] - 24/12/2013 - 14:21:06 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [13464] ~ Files: 23 Legitimates Filtered in 00mn 02s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.30384865C9AF82DB291E5C4F468E1AC6] - 13/12/2012 - 16:41:10 ---A- . (.Windows (R) Win 7 DDK provider - Explore Systems Virtual Audio Device.) -- C:\Windows\System32\Drivers\dfx11_1.sys [24424] O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624] O58 - SDL:[MD5.203BB2691E7D0088A2C1F9C39C15A9B7] - 28/11/2013 - 01:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [108000] O58 - SDL:[MD5.DFAA87E30868FE4CB7D335837A4BF39C] - 31/01/2013 - 10:50:58 ---A- . (.ManyCam LLC - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv.sys [22656] O58 - SDL:[MD5.D8C0B2EB928D57C928522EFF500C4BA8] - 11/10/2012 - 04:08:10 ---A- . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Windows\System32\Drivers\mcvidrv.sys [34432] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072] O58 - SDL:[MD5.C3704E99CB35FADEDDDABAA973A0959E] - 24/12/2013 - 14:21:06 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [13464] O58 - SDL:[MD5.432D9D823C4C26B6070C41BAD4404CE4] - 22/08/2013 - 13:40:22 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [35288] O58 - SDL:[MD5.3CC218CF2A6443478B0EF705B803C504] - 22/11/2012 - 23:15:04 ---A- . (.Windows (R) 2000 DDK provider - Image Mounter SCSI Port Driver.) -- C:\Windows\System32\Drivers\UimBus.sys [81232] O58 - SDL:[MD5.1EED8E78D92E81B08FC1823E63E0E447] - 25/05/2012 - 12:25:56 ---A- . (.e2eSoft - VCamSDK WDM Driver.) -- C:\Windows\System32\Drivers\VCam_WDM.sys [101688] O58 - SDL:[MD5.1C8A783E90C34D205596F1AB4A97E261] - 23/07/2008 - 23:29:16 ---A- . (...) -- C:\Windows\System32\Drivers\vsb.sys [15264] O58 - SDL:[MD5.3377DAA1CB8CAC46A538C236F5F3D58F] - 23/07/2008 - 23:29:16 ---A- . (...) -- C:\Windows\System32\Drivers\vserial.sys [47744] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 16 Legitimates Filtered in 00mn 05s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman O63 - Logiciel: OTL - (.OldTimer.) ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {C42F18FB-707D-437F-BBC7-D2510B9EE2B8} - (Search Here) - http://www.mysearchresults.com =>Adware.MyWebSearch ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.AA2B624BC9D1BC69C8CCD680847F2E58] [SPRF][13/12/2013] (...) -- C:\Users\MAYA\AppData\Local\Temp\6_Offer_4.exe [86800] [MD5.B5B2829B37336BB266B179700398B421] [SPRF][13/09/2013] (.Ask.com - Offercast - APN Install Manager.) -- C:\Users\MAYA\AppData\Local\Temp\AskPIP_FF_.exe [1021872] [MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][28/01/2013] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\MAYA\AppData\Local\Temp\AskSLib.dll [248008] [MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][26/11/2013] (...) -- C:\Users\MAYA\AppData\Local\Temp\BackupSetup.exe [10355400] [MD5.B90ADBFCE2AD70D9C4567E4EA9536997] [SPRF][03/11/2013] (.BitTorrent, Inc. - BitTorrent Sync.) -- C:\Users\MAYA\AppData\Local\Temp\BTSync.exe [1541736] =>P2P.BitTorrent [MD5.882B0EC8E60EBAB0FDFC33346CF30F5D] [SPRF][24/05/2013] (.@ - Manages Products.) -- C:\Users\MAYA\AppData\Local\Temp\DownloadManager.exe [1209912] [MD5.B5A37033E74B34BC0CA5937170BC4621] [SPRF][08/12/2013] (...) -- C:\Users\MAYA\AppData\Local\Temp\FH214C.tmp.exe [75303] [MD5.3DCDB0CDBFE5F1768921261E15F5ECD4] [SPRF][08/12/2013] (...) -- C:\Users\MAYA\AppData\Local\Temp\FHFE23.tmp.exe [47302] [MD5.AF01FFF439933511461B85CDCF19E9FF] [SPRF][22/11/2013] (...) -- C:\Users\MAYA\AppData\Local\Temp\ICReinstall_FFSetup3.2.1.0.exe [619176] [MD5.1ED275EEB0579A9C53723B91D05378EB] [SPRF][22/11/2013] (.AVG Secure Search - AVG Installer.) -- C:\Users\MAYA\AppData\Local\Temp\oi_{4C34D3D5-014A-4523-8F87-82963D012B14}.exe [4630552] =>Toolbar.AVGSearch [MD5.B69619C12460DBF1442F88A8A3137E76] [SPRF][22/12/2013] (...) -- C:\Users\MAYA\AppData\Local\Temp\skaype.exe [18200] [MD5.9857F7401EFF1DDFBA4123BA9D5EE08A] [SPRF][15/12/2013] (.The UPX Team http://upx.sf.net - UPX executable packer.) -- C:\Users\MAYA\AppData\Local\Temp\upx.exe [126464] [MD5.7E89844169E755775F09AA4724680281] [SPRF][15/11/2013] (...) -- C:\Users\MAYA\AppData\Local\Temp\vlc-2.1.1-win32.exe [24489269] [MD5.B91FE1536AB4D680DDD77469EA3FD4BF] [SPRF][13/12/2013] (...) -- C:\Users\MAYA\AppData\Local\Temp\vlc-2.1.2-win32.exe [24097311] [MD5.5280CBBAA2C019D3C0F58267F8F9C1A7] [SPRF][05/12/2013] (...) -- C:\Users\MAYA\AppData\Local\Temp\xuninst.exe [381952] [MD5.E8F562E7A6798F92B3BA2FA9EC91B40E] [SPRF][26/02/2011] (...) -- C:\Users\MAYA\AppData\Roaming\addons.dat [24728] [MD5.6C1BCF0B1297689C8C4C12CC70996A75] [SPRF][03/11/2013] (.Angryziber Software - Angry IP scanner.) -- C:\Users\MAYA\Desktop\ipscan221.exe [111104] [MD5.EF28ADBF18B384470ACD79435C17D2EB] [SPRF][12/12/2007] (...) -- C:\Users\MAYA\Desktop\Keygen.exe [51712] ~ Files: 26 Legitimates Filtered in 00mn 02s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "TCP Query User{9FE8BBCD-DA40-4068-8033-C995A1E4DF9F}C:\program files\your freedom\freedom.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\your freedom\freedom.exe (.not file.) O87 - FAEL: "UDP Query User{C85F27E1-9C51-47C5-81B9-4B95E9B2D1A4}C:\program files\your freedom\freedom.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\your freedom\freedom.exe (.not file.) O87 - FAEL: "{A4E6A184-D769-4DD6-AC38-7D2FACE8CC3A}" |In - Private - P6 - TRUE | .(...) -- C:\Users\MAYA\AppData\Local\Temp\Trojan.exe (.not file.) O87 - FAEL: "{C4CCFEAE-C97A-4AED-95BD-4BD5BF563B34}" |In - Private - P17 - TRUE | .(...) -- C:\Users\MAYA\AppData\Local\Temp\Trojan.exe (.not file.) O87 - FAEL: "{8F516E47-3291-4C27-A6C1-02898FCCC6E7}" |In - Private - P6 - TRUE | .(...) -- C:\Users\MAYA\AppData\Local\Temp\smdf.exe (.not file.) O87 - FAEL: "{5A2954D4-6967-4D0F-A2F7-826E4DCABCC2}" |In - Private - P17 - TRUE | .(...) -- C:\Users\MAYA\AppData\Local\Temp\smdf.exe (.not file.) O87 - FAEL: "TCP Query User{CB00344D-BCCF-458A-95D1-8EEADC042F22}C:\users\maya\desktop\bifrost 1.2.1d\bifrost.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\maya\desktop\bifrost 1.2.1d\bifrost.exe (.not file.) O87 - FAEL: "UDP Query User{C87B5749-DA13-4593-91BD-A946D5D99869}C:\users\maya\desktop\bifrost 1.2.1d\bifrost.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\maya\desktop\bifrost 1.2.1d\bifrost.exe (.not file.) O87 - FAEL: "TCP Query User{8F8B8D7B-3C37-4A9A-BBC3-684C5D5D1FA6}F:\bifrost 1.2.1d\bifrost.exe" | In - Public - P6 - TRUE | .(.Pas de propriétaire - Bifrost 1.2.1.) -- F:\bifrost 1.2.1d\bifrost.exe O87 - FAEL: "UDP Query User{3349913C-6698-42E7-A1DB-92CB3EB1014B}F:\bifrost 1.2.1d\bifrost.exe" | In - Public - P17 - TRUE | .(.Pas de propriétaire - Bifrost 1.2.1.) -- F:\bifrost 1.2.1d\bifrost.exe ~ Firewall: 218 Legitimates Filtered in 00mn 01s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "1BBB1C992F4E6F345A7870AB1F3F30BF" . (.ZD Soft Screen Recorder.) -- C:\Windows\Installer\{99C1BBB1-E4F2-43F6-A587-07BAF1F303FB}\MmDefaultProductIcon.5.1.0.ico.exe O90 - PUC: "CF41A058014F7F74494E834F3D2F074D" . (.DriverUpdate.) -- C:\Windows\Installer\{850A14FC-F410-47F7-94E4-38F4D3F270D4}\Icon.exe ~ Update Products: 45 Legitimates Filtered in 00mn 00s ---\\ Export de clés de registre aléatoires (O91) [HKCU\Software\242b66c33cdb3ef101557abd8c8578df]:2b3328e57676df442688f81f9824276a="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI [HKCU\Software\242b66c33cdb3ef101557abd8c8578df]:5546459fd68bf16831797d2aa2e7d569="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI [HKCU\Software\242b66c33cdb3ef101557abd8c8578df]:f8c065f4e758233f0d12dc9b8cf7a2ce="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI [HKCU\Software\5cd8f17f4086744065eb0992a09e05a2]:2b3328e57676df442688f81f9824276a="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNI ~ Export Key Software: Scanned in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.237EDD8CE7D73FD7AFD5D359A65C3E1A] [WIS][21/11/2013] (.UNKNOWN - Ayat.) -- C:\Windows\Installer\24f047.msi [29184] ~ WIS: 46 Legitimates Filtered in 00mn 07s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 01/01/2000 87968 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe SR - | Auto 09/09/2010 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 11/11/2013 3478544 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe SR - | Auto 24/09/2013 348008 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe SR - | Auto 17/12/2013 63600 | (CGVPNCliService) . (.CyberGhost S.R.L.) - C:\Program Files\CyberGhost 5\Service.exe SR - | Auto 03/12/2012 2571704 | (CodeMeter.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe SR - | Demand 14/05/2010 230968 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe SR - | Auto 15/02/2012 34872 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe SR - | Auto 22/03/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 18/03/2010 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 24/06/2010 315392 | (RtVOsdService) . (.Realtek Semiconductor Corp..) - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe SR - | Auto 18/03/2010 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 09s ---\\ Scan Additionnel (O88) Database Version : 13013 - (14/12/2013) Clés trouvées (Keys found) : 17 Valeurs trouvées (Values found) : 4 Dossiers trouvés (Folders found) : 5 Fichiers trouvés (Files found) : 8 [HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch [HKLM\Software\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}] =>PUP.Software.Updater [HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits [HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater [HKLM\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}] =>PUP.Software.Updater [HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Updater.AmiUpd] =>PUP.Software.Updater [HKLM\Software\Classes\Updater.AmiUpd.1] =>PUP.Software.Updater [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent [HKCU\Software\APN PIP] =>Toolbar.Ask [HKCU\Software\BIFROST1.2] =>Backdoor.Bifrose [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}] =>PUP.Software.Updater [HKCU\Software\InstallCore] =>Adware.InstallCore [HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox [HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask [HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:MyStart Anti-phishing Domain Advisor =>Spyware.VMNToolbar^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^ C:\Program Files\MyPC Backup =>PUP.MyPCBackup^ C:\Users\MAYA\AppData\Roaming\DefaultTab =>Adware.Bandoo^ C:\Users\MAYA\AppData\Local\mystart_ad =>Spyware.VMNToolbar^ C:\Users\MAYA\AppData\Local\SwvUpdater =>PUP.Software.Updater^ C:\ProgramData\MPK =>Keylogger.Agent C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe =>Spyware.VMNToolbar^ C:\Users\MAYA\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^ C:\Windows\Tasks\AmiUpdXp.job =>PUP.Software.Updater^ C:\Users\MAYA\AppData\Local\SwvUpdater\Updater.exe =>PUP.Software.Updater^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKLM\Software\Conduit] =>Toolbar.Conduit^ C:\Users\MAYA\AppData\Local\Temp\BTSync.exe =>P2P.BitTorrent^ C:\Users\MAYA\AppData\Local\Temp\oi_{4C34D3D5-014A-4523-8F87-82963D012B14}.exe =>Toolbar.AVGSearch^ ~ Additionnel Scan: 217934 Items scanned in 00mn 31s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/27985391-spyware-vmntoolbar =>Spyware.VMNToolbar ~ http://nicolascoolman.webs.com/apps/blog/show/32713686-pup-software-updater =>PUP.Software.Updater ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore ~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch ~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits =>PUP.ToparcadeHits ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox ~ MSI: 10 link(s) detected in 00mn 31s ~ 1068 Legitimates filtered by white list End of the scan (557 lines in 02mn 15s)(0)