~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014) ~ Lancé par rhak (02/02/2014 20:15:39) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16750 MFIE: Mozilla Firefox 26.0 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8, 64-bit (Build 9200) Windows Server License Manager Script : OK ~ ion : Windows(R) Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : Q667T Windows License : OK ~ Windows Remaining Initializations Number : 999 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Avira Free Antivirus v14.0.2.286 Windows Defender W8 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer Qtrax Player v01.001.0001 =>P2P.Qtrax ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin ---\\ Informations sur le système ~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3658 MB (69% free) System Restore: Activé (Enable) System drive C: has 500 GB (54%) free of 914 GB ---\\ Mode de connexion au système ~ Computer Name: AVIATEURS ~ User Name: rhak ~ All Users Names: rhak, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\rhak\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\rhak\AppData\Roaming\ ~ %Desktop% : C:\Users\rhak\Desktop\ ~ %Favorites% : C:\Users\rhak\Favorites\ ~ %LocalAppData% : C:\Users\rhak\AppData\Local\ ~ %StartMenu% : C:\Users\rhak\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 500 Go of 914 Go) D: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280] [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608] [MD5.E7099336BF7531B6FCC920DCB5101259] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/10/2013 - 07:19:22.) -- C:\Windows\System32\wininet.dll [2241536] [MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120] [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408] [MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512] [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840] [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544] [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080] [MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784] [MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168] [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640] [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920] [MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688] [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776] [MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544] [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984] [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712] [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248] [MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936] ~ Generic Processes: Scanned in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/64 ~ Mes musiques (My Musics) : 9/183 ~ Mes Favoris (My Favorites) : 1/13 ~ Mes Documents (My Documents) : 1/403 ~ Mon Bureau (My Desktop) : 1/5184 ~ Menu demarrer (Programs) : 1/25 ~ Hidden Files: Scanned in 00mn 12s ---\\ Processus lancés [MD5.8F44A93C559B1079B175E871C4F2F820] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1179760] [PID.2160] [MD5.61E22A327D20737529E5DDAD904BDD7B] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [8704] [PID.3028] [MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.3432] [MD5.ABC13EE82ECC14C63709465BA9BCA0AD] - (.APN LLC. - Virtual New Tab Loader.) -- C:\Users\rhak\AppData\Local\VNT\vntldr.exe [202192] [PID.3500] =>Toolbar.Ask [MD5.82F5E8957DC64AD9C3E16C200E0A77EB] - (.IObit - Pas de description.) -- C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe [1551680] [PID.3568] [MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3860] [MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.3000] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\rhak\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [aaaaabcbmongicmdegkmmfgdickgnnob] Movies Toolbar v.29.1, (Désactivé) =>PUP.MoviesToolbar G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [pcoohmdcpejoeggdnihdfhohjgdbllgm] Avira SearchFree Toolbar plus Web Protection v.30.1, (Désactivé) =>Toolbar.Avira ~ Google Browser: 18 Legitimates Filtered in 00mn 04s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\rhak\AppData\Roaming\Mozilla\Firefox\Profiles\px7c1xs0.default\prefs.js M3 - MFPP: Plugins - [rhak] -- C:\Users\rhak\AppData\Roaming\Mozilla\Firefox\Profiles\px7c1xs0.default\searchplugins\recherche-alot.xml =>Adware.Comet M3 - MFPP: Plugins - [rhak] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\nationzoom.xml =>Hijacker.NationZoom M2 - MFEP: prefs.js [rhak - px7c1xs0.default\116] [] LyricsWoofer v1.116 (..) =>Adware.AddLyrics M2 - MFEP: prefs.js [rhak - px7c1xs0.default\133] [] LyricsWoofer v1.133 (..) =>Adware.AddLyrics ~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-4300-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll =>Toolbar.Ask ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Acheter en ligne.lnk . (...) -- C:\Program Files (x86)\Accessory Store\StartUrl.exe (.not file.) O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline O4 - GS\Desktop [Public]: Help.lnk . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.nationzoom.com =>Hijacker.NationZoom O4 - GS\Desktop [Public]: Start Menu 8.lnk . (.IObit - Pas de description.) -- C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe O4 - GS\Desktop [Public]: VideoPlayer.lnk . (.Tuguu SL - VAFPlayer.) -- C:\Program Files (x86)\VideoPlayer\VAFPlayer.exe =>PUP.VAFPlayer O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.nationzoom.com =>Hijacker.NationZoom O4 - GS\Program [Public]: Packard bell User's Manual.lnk . (...) -- C:\OEM\Preload\AutoRun\GUI\Packard Bell User's Manual\00\User_Manual.pdf O4 - GS\QuickLaunch [rhak]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\rhak\AppData\Local\Google\Chrome\Application\chrome.exe http://www.nationzoom.com =>Hijacker.NationZoom O4 - GS\QuickLaunch [rhak]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom O4 - GS\TaskBar [rhak]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\rhak\AppData\Local\Google\Chrome\Application\chrome.exe http://www.nationzoom.com =>Hijacker.NationZoom O4 - GS\TaskBar [rhak]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom O4 - GS\TaskBar [rhak]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.nationzoom.com =>Hijacker.NationZoom O4 - GS\TaskBar [rhak]: Packard Bell Device Fast-lane.lnk . (...) -- C:\Program Files (x86)\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneUI.exe (.not file.) O4 - GS\TaskBar [rhak]: Packard Bell Power Button.lnk . (...) -- C:\Program Files (x86)\Packard Bell\Packard Bell Power Management\ePowerButton.exe (.not file.) O4 - GS\Program [rhak]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom O4 - GS\Program [rhak]: Réseau.lnk - Clé orpheline O4 - GS\Desktop [rhak]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\rhak\AppData\Local\Google\Chrome\Application\chrome.exe http://www.nationzoom.com =>Hijacker.NationZoom ~ Global Startup: 45 Legitimates Filtered in 00mn 05s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\rhak\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\rhak\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKLM\..\Wow6432Node\Run: [LManager] Clé orpheline O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Wow6432Node\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask O4 - HKLM\..\Wow6432Node\Run: [VNT] . (.APN LLC. - Virtual New Tab Loader.) -- C:\Program Files (x86)\VNT\vntldr.exe =>Toolbar.Ask O4 - HKUS\S-1-5-21-2783746680-1812325964-1141313655-1001\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.exe O4 - HKUS\S-1-5-21-2783746680-1812325964-1141313655-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\rhak\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-2783746680-1812325964-1141313655-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\rhak\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc ~ Application: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{190B4768-F622-4F5A-9D88-CEE233DAD275}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{950D620C-1142-4D7D-BB59-746D221C1318}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{190B4768-F622-4F5A-9D88-CEE233DAD275}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{950D620C-1142-4D7D-BB59-746D221C1318}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) . (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Servi.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe ~ Services: 18 Legitimates Filtered in 00mn 07s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{24ADF543-52B6-4D18-B3E9-A3BC980620F7}] (...) -- C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe (.not file.) [0] =>PUP.Tarma ~ Scheduled Task: 13 Legitimates Filtered in 00mn 08s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (qkevreml) . (. - .) - C:\Windows\system32\drivers\qkevreml.sys (.not file.) ~ Drivers: 40 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Lollipop - (.Lollipop Network, S.L..) [HKCU][64Bits] -- lollipop_01291227 =>Adware.Lollipop O42 - Logiciel: Movies Toolbar for Firefox (Dist. by Bandoo Media, Inc.) - (.APN LLC.) [HKLM][64Bits] -- ilividmoviestoolbarhaFF =>PUP.MoviesToolbar ~ Logic: 27 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AskPartnerNetwork] [HKCU\Software\VNT] [HKLM\Software\AskPartnerNetwork] [HKLM\Software\Wow6432Node\AskPartnerNetwork] [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager ~ Key Software: 237 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 02/02/2014 - 17:04:28 - [12,262] ----D C:\Program Files (x86)\AskPartnerNetwork O43 - CFD: 02/02/2014 - 17:04:30 - [0,333] ----D C:\Program Files (x86)\VNT O43 - CFD: 02/02/2014 - 17:03:44 - [0] ----D C:\ProgramData\APN O43 - CFD: 02/02/2014 - 17:04:28 - [2,254] ----D C:\ProgramData\AskPartnerNetwork O43 - CFD: 02/02/2014 - 18:22:09 - [0,009] ----D C:\ProgramData\Datamngr =>PUP.Datamngr O43 - CFD: 07/01/2014 - 09:41:37 - [0,477] ----D C:\ProgramData\WPM =>PUP.WpManager O43 - CFD: 24/01/2013 - 02:10:49 - [0,764] ----D C:\Users\rhak\AppData\Roaming\lm O43 - CFD: 24/01/2013 - 22:41:21 - [0] ----D C:\Users\rhak\AppData\Local\Updater21810 =>PUP.CrossRider O43 - CFD: 02/02/2014 - 17:04:35 - [0,281] ----D C:\Users\rhak\AppData\Local\VNT ~ 197 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 346 Legitimates Filtered in 01mn 23s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.67FC5B9D0957C4FBB37376DE49A2B170] - 02/02/2014 - 09:05:06 ---A- . (...) -- C:\Windows\diagerr.xml [1890] O44 - LFC:[MD5.EB1C94CC9DC0FCFC670332D63881421F] - 02/02/2014 - 09:05:13 ---A- . (...) -- C:\Windows\diagwrn.xml [2544] ~ Files: 26 Legitimates Filtered in 01mn 06s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{351568ea-352b-11e2-be69-806e6f6e6963}\AutoRun\command. (...) -- D:\setup.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.E986F9B462326BA1D703D376801809FE] - 05/09/2012 - 10:31:46 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [319888] O58 - SDL:[MD5.0B3F6C8F93C5C25977EA5A8B2E656357] - 04/06/2013 - 08:15:02 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [103448] O58 - SDL:[MD5.EA8F41484CCC5BA6A1455C2AD3D1BE3C] - 04/06/2013 - 08:15:00 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203672] O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960] O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 12:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] ~ Drivers: 18 Legitimates Filtered in 00mn 02s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.4E41301AB03814EABE37FCF194B728A6] [SPRF][13/12/2013] (.Ask.com - Offercast - APN Install Manager.) -- C:\Users\rhak\AppData\Local\Temp\Offercast_AVIRAV7_.exe [1326512] [MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][23/10/2013] (...) -- C:\Users\rhak\AppData\Local\Temp\Quarantine.exe [344355] [MD5.E6ED90C29E3403FADAAE2CEDAA090E08] [SPRF][02/02/2014] (...) -- C:\Users\rhak\AppData\Local\Temp\uttE8F8.tmp.bat [100] ~ Files: 5 Legitimates Filtered in 00mn 02s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{37EDA7BA-0663-4D78-A9AD-1A12FD640A59}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM O87 - FAEL: "{D3EF6290-2D20-4F14-BADE-A82FF080048F}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM O87 - FAEL: "TCP Query User{EBB76623-8147-4C82-85E7-F564C459C4C5}C:\users\rhak\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\rhak\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb O87 - FAEL: "UDP Query User{4D2A45AF-A466-406C-B1A0-665ECD27C6A4}C:\users\rhak\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\rhak\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb O87 - FAEL: "TCP Query User{6C7B68B5-6403-4F69-B69D-9E2F93F85F31}C:\users\rhak\desktop\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\rhak\desktop\cacaoweb.exe (.not file.) =>PUP.CacaoWeb O87 - FAEL: "UDP Query User{4B25CD59-EE13-47D0-BAC3-D5CBB5D24C0C}C:\users\rhak\desktop\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\rhak\desktop\cacaoweb.exe (.not file.) =>PUP.CacaoWeb O87 - FAEL: "{8734DCB3-370F-4528-9AC9-8B36F25055C9}" |In - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\dfrg\btc-miner.exe (.not file.) O87 - FAEL: "{C34B9E56-5DC9-4683-9425-B261180C838F}" |Out - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\dfrg\btc-miner.exe (.not file.) O87 - FAEL: "{2B3B6A02-8B59-4CA1-9D51-69DDE32622BA}" |In - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\dfrg\minerd.exe (.not file.) O87 - FAEL: "{D3AEAB71-A436-47C5-809A-D265BD00898C}" |Out - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\dfrg\minerd.exe (.not file.) O87 - FAEL: "{CB039CAC-DFDE-4A9B-A921-E7B058D0A281}" |In - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe (.not file.) O87 - FAEL: "{36914055-0123-44AF-A620-B795F2870022}" |Out - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe (.not file.) O87 - FAEL: "{B9C09EFB-D844-4589-B1A3-76AB6E5393C7}" |In - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\Drivers\blds.exe (.not file.) O87 - FAEL: "{D5426E47-4014-49A7-9CFC-19195B130E4F}" |Out - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\Drivers\blds.exe (.not file.) O87 - FAEL: "{24FA96DB-63CE-4888-955A-DA44AA2EB560}" |In - None - P6 - TRUE | .(...) -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (.not file.) O87 - FAEL: "{0DA709FB-7250-445F-86E9-275F0CDEF060}" |In - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (.not file.) O87 - FAEL: "{FA941001-5FED-44D7-8013-55B2904B305A}" |Out - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (.not file.) O87 - FAEL: "{B192C58E-60B4-4939-98C7-98BAD7D99759}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity ~ Firewall: 251 Legitimates Filtered in 00mn 02s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "25946514D214736534007A857BC0A000" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-4300-A758B70C0A00}\ToolbarIcon.exe =>Toolbar.Avira ~ Update Products: 86 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.BBF4134424D0556F36DC086028750937] [WIS][24/01/2013] (.SweetIM Technologies Ltd. - SweetPacks bundle uninstaller.) -- C:\Windows\Installer\29194.msi [2579456] =>PUP.SweetIM [MD5.AC0D283E857F8CA4469DE3657175AFBA] [WIS][20/12/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\3138ff.msi [813568] =>Toolbar.Avira [MD5.0A23531B05648583E2675134C3F57419] [WIS][30/11/2013] (.The Software Group - Software Update Helper.) -- C:\Windows\Installer\92416.msi [45056] =>Adware.Boxore [MD5.E32A1A1B9CC600CF062E0E429925841A] [WIS][16/08/2013] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\9241e.msi [1974272] =>Adware.Boxore ~ WIS: 90 Legitimates Filtered in 00mn 14s ---\\ Scan Additionnel (O88) Database Version : 13030 - (25/01/2014) Clés trouvées (Keys found) : 13 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 10 Fichiers trouvés (Files found) : 7 [HKLM\Software\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob] =>PUP.MoviesToolbar^ [HKLM\Software\Google\Chrome\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm] =>Toolbar.Avira^ [HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^ [HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_01291227] =>Adware.Lollipop^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilividmoviestoolbarhaFF] =>PUP.MoviesToolbar^ [HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220222182210}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}] =>PUP.CrossRider [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-4300-7A786E7484D7} =>Toolbar.Ask^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^ C:\Users\rhak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob =>PUP.MoviesToolbar^ C:\Users\rhak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm =>Toolbar.Avira^ C:\Users\rhak\AppData\Roaming\Mozilla\Firefox\Profiles\px7c1xs0.default\extensions\116 =>Adware.AddLyrics^ C:\Users\rhak\AppData\Roaming\Mozilla\Firefox\Profiles\px7c1xs0.default\extensions\133 =>Adware.AddLyrics^ C:\ProgramData\Datamngr =>PUP.Datamngr^ C:\ProgramData\WPM =>PUP.WpManager^ C:\Users\rhak\AppData\Local\Updater21810 =>PUP.CrossRider^ C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask C:\Users\rhak\AppData\Local\Software =>Adware.Boxore C:\Users\rhak\AppData\Local\VNT\vntldr.exe =>Toolbar.Ask^ [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM^ [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^ C:\Windows\Installer\29194.msi =>PUP.SweetIM^ C:\Windows\Installer\3138ff.msi =>Toolbar.Avira^ C:\Windows\Installer\92416.msi =>Adware.Boxore^ C:\Windows\Installer\9241e.msi =>Adware.Boxore^ ~ Additionnel Scan: 228156 Items scanned in 00mn 49s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/33744863-pup-moviestoolbar =>PUP.MoviesToolbar ~ http://nicolascoolman.webs.com/apps/blog/show/26664342-adware-comet =>Adware.Comet ~ http://nicolascoolman.webs.com/apps/blog/show/38126906-hijacker-nationzoom =>Hijacker.NationZoom ~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics =>Adware.AddLyrics ~ http://nicolascoolman.webs.com/apps/blog/show/30392620-pup-vafplayer =>PUP.VAFPlayer ~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma ~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb =>PUP.CacaoWeb ~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore ~ MSI: 15 link(s) detected in 00mn 49s ~ 1145 Legitimates filtered by white list End of the scan (450 lines in 04mn 43s)(0)