cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par Faical (29/01/2014 13:24:11)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 21.0
GCIE: Google Chrome v32.0.1700.76 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 6P6GT
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Internet Security v8.0.1489.0
Microsoft Security Client MUI Language Pack v2.1.1116.0
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.02 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3979 MB (46% free)
System Restore: Activé (Enable)
System drive C: has 119 GB (43%) free of 274 GB

---\\ Mode de connexion au système
~ Computer Name: FAICAL-HP
~ User Name: Faical
~ All Users Names: Faical, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Faical\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Faical\AppData\Roaming\
~ %Desktop% : C:\Users\Faical\Desktop\
~ %Favorites% : C:\Users\Faical\Favorites\
~ %LocalAppData% : C:\Users\Faical\AppData\Local\
~ %StartMenu% : C:\Users\Faical\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 119 Go of 274 Go)
E: Hard drive, Flash drive, Thumb drive (Free 2 Go of 2 Go)
F: CD-ROM drive (Free 0 Go of 4 Go)
G: Hard drive, Flash drive, Thumb drive (Free 3 Go of 22 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 40 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/07/2011 - 16:40:28.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.563C71A913CAC0C3DE5FFCD36EDB43A0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.05/04/2013 - 01:00:30.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.21/11/2010 - 03:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 03:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.16/04/2012 - 04:15:32.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 03:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.25/07/2011 - 16:43:19.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 03:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.25/07/2011 - 16:44:58.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 03:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 03:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 03:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.25/02/2011 - 06:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1236
~ Mes musiques (My Musics) : 1/88
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 1/697
~ Mon Bureau (My Desktop) : 1/46
~ Menu demarrer (Programs) : 1/47
~ Hidden Files: Scanned in 00mn 05s



---\\ Processus lancés
[MD5.6BDC6870E438E7AE807736C9CF585986] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3565432] [PID.3544]
[MD5.DA5FBAA5D62B4FD393947DE5EE8715BE] - (.Flux Software LLC - f.lux.) -- C:\Users\Faical\AppData\Local\FluxSoftware\Flux\flux.exe [1016712] [PID.1628]
[MD5.7AC622ED754E7628C97EE31BE4C72C91] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Faical\AppData\Roaming\uTorrent\uTorrent.exe [905296] [PID.4304] =>P2P.BitTorrent
[MD5.6BA8D86746935498D64CB5CF6286F2EB] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.1288]
[MD5.013789E5EBE3A33D5A2DEEBC5C604E76] - (.Hewlett-Packard - File Sanitizer for HP ProtectTools.) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe [12310616] [PID.5116]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.5132]
[MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.5148]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.5156]
[MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [268248] [PID.5320]
[MD5.78C09DF39B96DBE858809D2A9DF582A5] - (.DigitalPersona, Inc. - DigitalPersona Local Agent.) -- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe [1045328] [PID.5328]
[MD5.CBB55C7BED11FE4F995159BCA9904A29] - (.Somoto - FilesFrog.com Update Checker.) -- C:\Users\Faical\AppData\Local\FilesFrog Update Checker\update_checker.exe [208952] [PID.4152] =>Adware.MegaSearch
[MD5.3B0BA44D5691E00088B956394FDE64B6] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584] [PID.6088]
[MD5.CE4FA8A9D55E0031596387F7F59F2D4F] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.6828]
[MD5.253448B93A2FEC41B7F0054022B115FC] - (.Portrait Displays, Inc - PDI SDK COM Server for x64/x86 interop.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe [70960] [PID.3156]
[MD5.EA5B870671079786F335AC7C10846C4F] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [295584] [PID.6840]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.2436]
[MD5.C2009C6A452BD07B30D773349589B762] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [137960] [PID.2084]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.2488]
[MD5.F2E8CEFC8CF4D6454F4121C5FF93136A] - (.Microsoft Corporation. - BingBar Service.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [193696] [PID.2664]
[MD5.0668EBBE2973286CE3A7A1638E9508B9] - (.Hewlett-Packard - HPFSService Application.) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [372824] [PID.2760]
[MD5.0A9F0B8E8388C4D50B1264FC65E8AADA] - (.Hewlett-Packard Company - hpHotkeyMonitor Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440] [PID.2856]
[MD5.4E0B89D1F647166EC78FEF5430126EE0] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144] [PID.2932]
[MD5.0132C4FDA78D5EE802A0863DE8E0CE55] - (.Pas de propriétaire - McAfee Endpoint Encryption Agent Host Servi.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104] [PID.2992]
[MD5.B90E093E7A7250906F1054418B5339C0] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.3048]
[MD5.9E818B972F685B111EF7BD70E53FC3CD] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584] [PID.1480]
[MD5.37129177C863B186F02EDA329078C4B8] - (.ArcSoft, Inc. - ArcVCapture.) -- C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352] [PID.3140]
[MD5.918C73F0275D7813E6F01E100B39DBD9] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584] [PID.3192]
[MD5.E7C7829BA0395E48F8C8FE16B8832344] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [994176] [PID.3400]
[MD5.7DEC78C80C628E9D36883C06C3C07E3C] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.2728]
[MD5.CAF14AD24DFE1C4ABE0D7DFF1C68D4E0] - (...) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280] [PID.1004]
[MD5.23C20B19120BE3394EB7968ABD755A2D] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.3444]
[MD5.25F4EFE9D0624C7C7B0EC823DE901BF3] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.1832]
[MD5.68FA55F76E640CB0EC47D1998EA343B3] - (.Hewlett-Packard Development Company, L.P. - HP Connection Manager Service.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [1420160] [PID.5812]
~ Processes Running: Scanned in 00mn 11s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Faical\AppData\Roaming\Mozilla\Firefox\Profiles\sdphu30p.default\prefs.js
C:\Users\Faical\AppData\Roaming\Mozilla\Firefox\Profiles\sdphu30p.default\user.js
M3 - MFPP: Plugins - [Faical] -- C:\Users\Faical\AppData\Roaming\Mozilla\Firefox\Profiles\sdphu30p.default\searchplugins\babylon.xml =>PUP.Babylon
M3 - MFPP: Plugins - [Faical] -- C:\Users\Faical\AppData\Roaming\Mozilla\Firefox\Profiles\sdphu30p.default\searchplugins\BrowserProtect.xml =>Hijacker.Eazel
M3 - MFPP: Plugins - [Faical] -- C:\Users\Faical\AppData\Roaming\Mozilla\Firefox\Profiles\sdphu30p.default\searchplugins\delta.xml =>Toolbar.DeltaSearch
M2 - MFEP: prefs.js [Faical - sdphu30p.default\addon@Vonteera.com] [] Vonteera Safe ads v (..) =>Trojan.Vonteera
M2 - MFEP: prefs.js [Faical - sdphu30p.default\plugin@getwebcake.com] [] WebCake v1.00.01 (..) =>Adware.WebCake
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.6] - (...) -- C:\Program Files\VideoLAN\VLC\npvlc.dll (.not file.)
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com
~ IE Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 22



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: SearchNewTab [64Bits] - {9E9AC80B-E5FE-5CAD-E6E7-B050E1279DED} . (...) -- C:\ProgramData\SearchNewTab\51a5759b9c0c8.dll =>Adware.FastSaveApp
~ BHO: 13 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Bing Client Extensions.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll =>Toolbar.Bing
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: SRS Premium Sound.lnk . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\IDTNC64.cpl
O4 - GS\QuickLaunch [Faical]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Faical]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Faical]: Oracle VM VirtualBox.lnk . (...) -- C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe (.not file.)
O4 - GS\QuickLaunch [Faical]: QQPlayer.lnk . (. Tencent Inc - QQ Player.) -- C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe =>Adware.TencentAddressBar
O4 - GS\QuickLaunch [Faical]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Faical\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Faical]: Flvto Youtube Downloader.lnk . (...) -- C:\Users\Faical\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.exe =>PUP.Dealio
O4 - GS\TaskBar [Faical]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Faical]: HP Connection Manager.lnk . (.Hewlett-Packard Development Company, L.P. - HPConnectionManager.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
O4 - GS\TaskBar [Faical]: Lanceur d'applications Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Faical]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [Faical]: QQPlayer.lnk . (. Tencent Inc - QQ Player.) -- C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe =>Adware.TencentAddressBar
O4 - GS\TaskBar [Faical]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Faical\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Faical]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Faical]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Faical]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Faical]: Flvto Youtube Downloader.lnk . (...) -- C:\Users\Faical\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.exe =>PUP.Dealio
O4 - GS\Desktop [Faical]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Faical]: iPhone Backup Extractor.lnk . (.Reincubate Ltd - iPhone Backup Extractor.) -- C:\Users\Faical\AppData\Roaming\Reincubate\iPhone Backup Extractor\iPhoneBackupExtractor.exe
O4 - GS\Desktop [Faical]: Lanceur d'applications Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Faical]: QQPlayer.lnk . (. Tencent Inc - QQ Player.) -- C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe =>Adware.TencentAddressBar
O4 - GS\Desktop [Faical]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Faical\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 83 Legitimates Filtered in 00mn 03s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPPowerAssistant] . (.Hewlett-Packard Company, L.P. - DelayedAppStarter.) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [ultracopier] C:\Program Files (x86)\Supercopier\supercopier.exe (.not file.)
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [F.lux] . (.Flux Software LLC - f.lux.) -- C:\Users\Faical\AppData\Local\FluxSoftware\Flux\flux.exe
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Faical\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [PDF Complete] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files (x86)\PDF Complete\pdfsty.exe =>.PDF Complete Inc
O4 - HKLM\..\Wow6432Node\Run: [QLBController] . (.Hewlett-Packard Company - QLBController.) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [DTRun] . (.ArcSoft Inc. - ArcSoft TotalMedia Theatre.) -- c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Wow6432Node\Run: [HPConnectionManager] . (.Hewlett-Packard Development Company, L.P. - HPCMDelayStart Application.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Wow6432Node\Run: [File Sanitizer] . (.Hewlett-Packard - File Sanitizer for HP ProtectTools.) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\RunOnce: [20131224] . (.AVAST Software - avast! Emergency Update.) -- C:\Program Files\AVAST Software\Avast\setup\emupdate\a298bb4a-b7b6-4854-bde8-822d7af940ff.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3392307531-344351214-688455049-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3392307531-344351214-688455049-1001\..\Run: [ultracopier] C:\Program Files (x86)\Supercopier\supercopier.exe (.not file.)
O4 - HKUS\S-1-5-21-3392307531-344351214-688455049-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-3392307531-344351214-688455049-1001\..\Run: [F.lux] . (.Flux Software LLC - f.lux.) -- C:\Users\Faical\AppData\Local\FluxSoftware\Flux\flux.exe
O4 - HKUS\S-1-5-21-3392307531-344351214-688455049-1001\..\Run: [AdobeBridge] Clé orpheline
O4 - HKUS\S-1-5-21-3392307531-344351214-688455049-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Faical\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Clé orpheline
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{390638E0-B8B5-4AF0-8757-5CE878634886}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{390638E0-B8B5-4AF0-8757-5CE878634886}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{390638E0-B8B5-4AF0-8757-5CE878634886}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Zemana Ltd. - Zemana AntiLogger Free.) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(2).dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: McAfee Endpoint Encryption Agent (McAfee Endpoint Encryption Agent) . (.Pas de propriétaire - McAfee Endpoint Encryption Agent Host Servi.) - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: ZAtheros Bt&Wlan Coex Agent (ZAtheros Bt&Wlan Coex Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: 26 Legitimates Filtered in 00mn 21s



---\\ Tâches planifiées en automatique (O39)
[MD5.F64487396AB10165DC80BC15CF854D31] [APT] [EPUpdater] (...) -- C:\Users\Faical\AppData\Roaming\BabSolution\Shared\BabMaint.exe [10320] =>Hijacker.BabSolution
[MD5.CBB55C7BED11FE4F995159BCA9904A29] [APT] [SomotoUpdateCheckerAutoStart] (.Somoto.) -- C:\Users\Faical\AppData\Local\FilesFrog Update Checker\update_checker.exe [208952] =>Adware.MegaSearch
[MD5.9EC72B7CE86BCFD675DF4FEBAD15DBCA] [APT] [Volaro Update] (.Volaro.) -- C:\Program Files (x86)\Volaro\Updater\Updater.exe [280400] =>Trojan.Vonteera
[MD5.2426DD55AAA458DD20DF4B15B6BC87FB] [APT] [{4EA0DA0E-E107-49C6-B50A-8A9ED74D320E}] (.Tencent.) -- C:\Users\Faical\Downloads\Programs\QQPlayer_Setup_French.exe [30505302] =>Adware.TencentAddressBar
~ Scheduled Task: 25 Legitimates Filtered in 00mn 18s



---\\ Logiciels installés (O42)
O42 - Logiciel: ContinueToSave 1.74 - (...) [HKLM][64Bits] -- SP_e14dcdfa =>PUP.Offerware
O42 - Logiciel: SearchNewTab - (.SearchNewTab.) [HKLM][64Bits] -- {C670DCAE-E392-AA32-6F42-143C7FC4BDFD} =>Adware.FastSaveApp
O42 - Logiciel: Volaro Updater - (.Volaro.) [HKLM][64Bits] -- Volaro Updater =>Trojan.Vonteera
O42 - Logiciel: Vonteera - (.Vonteera.) [HKLM][64Bits] -- Vonteera =>Trojan.Vonteera
O42 - Logiciel: WebCake 3.00 - (.WebCake LLC.) [HKLM][64Bits] -- {C4ED781C-7394-4906-AAFF-D6AB64FF7C38} =>Adware.WebCake
~ Logic: 26 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\BI]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKCU\Software\Tencent] =>Adware.TencentAddressBar
[HKCU\Software\Volaro] =>Trojan.Vonteera
[HKCU\Software\iLivid] =>Adware.Bandoo
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\IVTUPDATE]
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.Mocaflix
[HKLM\Software\Wow6432Node\Tencent] =>Adware.TencentAddressBar
[HKLM\Software\Wow6432Node\Vontera]
~ Key Software: 358 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/05/2013 - 01:40:45 - [1,473] ----D C:\Program Files (x86)\ContinueToSave =>PUP.OfferWare
O43 - CFD: 28/05/2013 - 23:40:18 - [89,261] ----D C:\Program Files (x86)\Tencent =>Adware.TencentAddressBar
O43 - CFD: 24/07/2013 - 14:46:25 - [0,333] ----D C:\Program Files (x86)\Volaro =>Trojan.Vonteera
O43 - CFD: 29/08/2013 - 14:56:02 - [0,130] ----D C:\Program Files (x86)\VonteeraAddon =>Trojan.Vonteera
O43 - CFD: 08/06/2013 - 14:54:16 - [0,050] ----D C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio
O43 - CFD: 29/05/2013 - 02:03:33 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 30/09/2013 - 17:06:41 - [0,147] ----D C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch
O43 - CFD: 05/07/2013 - 01:47:58 - [0,001] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 29/05/2013 - 01:46:10 - [1,621] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 29/05/2013 - 01:42:43 - [0,179] ----D C:\ProgramData\SearchNewTab =>Adware.FastSaveApp
O43 - CFD: 09/06/2013 - 17:28:09 - [2,726] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 21/06/2013 - 02:21:22 - [0] ----D C:\ProgramData\Tencent =>Adware.TencentAddressBar
O43 - CFD: 13/06/2013 - 15:40:29 - [0] ----D C:\Users\Faical\AppData\Roaming\(48-60-BC-02-7C-1F)
O43 - CFD: 05/07/2013 - 01:47:06 - [1,248] ----D C:\Users\Faical\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 29/05/2013 - 02:03:33 - [0,030] ----D C:\Users\Faical\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 29/05/2013 - 01:43:34 - [0] ----D C:\Users\Faical\AppData\Roaming\NCdownloader
O43 - CFD: 21/06/2013 - 02:21:22 - [1,648] ----D C:\Users\Faical\AppData\Roaming\Tencent =>Adware.TencentAddressBar
O43 - CFD: 29/05/2013 - 14:35:53 - [0] -SH-D C:\Users\Faical\AppData\Local\ms-drivers
O43 - CFD: 12/06/2013 - 03:26:49 - [0] ----D C:\Users\Faical\AppData\Local\Win7UI
O43 - CFD: 28/05/2013 - 23:40:30 - [0,004] ----D C:\Users\Faical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent =>Adware.TencentAddressBar
O43 - CFD: 09/06/2013 - 17:27:30 - [0,002] ----D C:\Users\Faical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com =>Hijacker.TornTV
~ Program Folder: 219 Legitimates Filtered in 00mn 57s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.EE0DF911EA295B3A2A199EFD10C11393] - 29/01/2014 - 00:55:26 ---A- . (...) -- C:\Windows\QQPlayer.INI [30]
~ Files: 11 Legitimates Filtered in 00mn 12s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Faical\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 10 Legitimates Filtered in 00mn 05s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.518B8D447A1975AB46DA093A2E743256] - 13/03/2013 - 17:01:59 ---A- . (.ALWIL Software - avast! Filtering NDIS driver.) -- C:\Windows\System32\Drivers\aswNdis.sys [12368]
O58 - SDL:[MD5.5573AA70993A2BB81525B1C704B88763] - 09/05/2013 - 08:59:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336]
O58 - SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] - 27/06/2013 - 11:37:19 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] - 27/06/2013 - 11:37:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:[MD5.22F521108881DC59837F6FC614E0568F] - 27/06/2013 - 11:37:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [189936]
O58 - SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] - 27/06/2013 - 11:37:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 01:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 20:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.5801BB0B48B9D66A7462D7B807599A81] - 25/05/2013 - 15:00:14 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [168288]
O58 - SDL:[MD5.A02D6E45C344B313ECBF0790B22BFC29] - 27/07/2012 - 23:36:14 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [1862536]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 01:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.9F21BBDA0227A08C86175C2AB5F17F70] - 05/03/2012 - 15:04:18 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [536064]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 11:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:[MD5.16E18CED459B1824234890386EE66CD5] - 26/12/2013 - 09:40:32 ---A- . (.http://libusb-win32.sourceforge.net - LibUSB-Win32 - Kernel Driver.) -- C:\Windows\SysWOW64\drivers\libusb0.sys [52832]
~ Drivers: 17 Legitimates Filtered in 00mn 07s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("aol_toolbar.default.homepage.check", false);
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("aol_toolbar.default.search.check", false);
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.BabylonToolbar.prtkDS", 0); =>PUP.Babylon
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.BabylonToolbar.prtkHmpg", 0); =>PUP.Babylon
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.dfltLng", "fr");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.id", "ccdbd92200000000000022689dc021ba");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.instlDay", "15978");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.vrsn", "1.8.24.6");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.vrsnTs", "1.8.24.617:06:59");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta.vrsni", "1.8.24.6");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta_i.babExt", "");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta_i.babTrack", "affID=120661&tsp=5021");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("extensions.delta_i.srcExt", "ss");
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("sweetim.toolbar.previous.keyword.URL", ""); =>PUP.SweetIM
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*"); =>PUP.SweetIM
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1"); =>PUP.SweetIM
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1"); =>PUP.SweetIM
O69 - SBI: prefs.js [Faical - sdphu30p.default] user_pref("sweetim.toolbar.searchguard.enable", "false"); =>PUP.SweetIM
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (SearchGol) - http://www.searchgol.com =>Hijacker.SearchGol
O69 - SBI: SearchScopes [HKCU] {2fa28606-de77-4029-af96-b231e3b8f827} - (Ask.com) - http://eu.ask.com
O69 - SBI: SearchScopes [HKCU] {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} - (VenteeRo) - http://www.arabyonline.com
O69 - SBI: SearchScopes [HKCU] {84F79FA6-6602-4B39-A72A-939802F2DC46} - (Yahoo! Search) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {b7fca997-d0fb-4fe0-8afd-255e89cf9671} - (Yahoo) - http://fr.search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.2D10A980CC1539C4CA29387E82267B4D] [SPRF][26/01/2014] (.Somoto Ltd. - FLV Player.) -- C:\Users\Faical\AppData\Local\Temp\FLVPlayerSetup.exe [279752] =>Adware.MegaSearch
[MD5.0B62417DA5719B3EA1D343DA3431C97F] [SPRF][26/01/2014] (.Pas de propriétaire - Powered by BetterInstaller.) -- C:\Users\Faical\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe [167544] =>Adware.MegaSearch
[MD5.7F0FF18C2F544FFB90BE834D4FE9C944] [SPRF][10/12/2013] (.Ask.com - Offercast - APN Install Manager.) -- C:\Users\Faical\AppData\Local\Temp\PIPInstaller_PTV_.exe [1281456]
[MD5.3CF11F615A9BE0E9591B04F5BC39AD92] [SPRF][16/01/2014] (...) -- C:\Users\Faical\AppData\Local\Temp\unins000.exe [565587]
[MD5.7E4FB11FEF6A1CF6AEDA921123C35853] [SPRF][20/12/2013] (...) -- C:\Users\Faical\AppData\Local\Temp\utt14B9.tmp.bat [72]
[MD5.7270D51FDDBE983F7C365BC2F5817D8E] [SPRF][10/12/2013] (...) -- C:\Users\Faical\AppData\Local\Temp\uttC67B.tmp.bat [102]
[MD5.286F9816B311D6E8378434E8473BF3A9] [SPRF][02/01/2014] (...) -- C:\Users\Faical\AppData\Local\Temp\uttE965.tmp.bat [53]
[MD5.F6E958895B21EF466A614375D4811A9E] [SPRF][25/09/2013] (.深圳创想天空科技有限公司 - 简单易用的苹果设备管理软件.) -- C:\Users\Faical\Desktop\iTools 2013.exe [7158112]
~ Files: 10 Legitimates Filtered in 00mn 12s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{8DAF19A5-BABF-4766-BCA5-08A8CBF478A2}C:\program files (x86)\tencent\qqplayer\qqplayer.exe" | In - Private - P6 - TRUE | .(. Tencent Inc - QQ Player.) -- C:\program files (x86)\tencent\qqplayer\qqplayer.exe =>Adware.TencentAddressBar
O87 - FAEL: "UDP Query User{9FB89DDD-F527-4090-93EE-B007BF17E845}C:\program files (x86)\tencent\qqplayer\qqplayer.exe" | In - Private - P17 - TRUE | .(. Tencent Inc - QQ Player.) -- C:\program files (x86)\tencent\qqplayer\qqplayer.exe =>Adware.TencentAddressBar
O87 - FAEL: "{F8418AE0-D2F2-4392-AD3E-4BEF4B894D5A}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe (.not file.)
O87 - FAEL: "{A9ECED73-EED6-4A40-9D89-207B83E4CDDB}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe (.not file.)
O87 - FAEL: "{5729547A-F6C4-466A-B20F-65754DB1D154}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe (.not file.)
O87 - FAEL: "{132E75E1-D0ED-453D-B330-E9B302DF0B82}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe (.not file.)
~ Firewall: 229 Legitimates Filtered in 00mn 04s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "617DD6FF01B79624F991FF0BA74CDC59" . (.Bing Bar.) -- C:\windows\Installer\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 96 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SS - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Auto 16/12/2013 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
SS - | Demand 02/04/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 31/01/2012 477056 | (FLCDLOCK) . (.Hewlett-Packard Company.) - c:\windows\SysWOW64\flcdlock.exe
SS - | Auto 28/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 09/03/2012 117552 | (PdiService) . (.Portrait Displays, Inc..) - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
SS - | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 08/08/2012 211072 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 09/05/2013 137960 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Demand 16/12/2013 247968 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
SR - | Auto 31/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 15/03/2012 493904 | (DpHost) . (.DigitalPersona, Inc..) - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
SR - | Auto 14/03/2012 152992 | (HP Power Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
SR - | Auto 10/09/2011 86072 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Demand 15/03/2012 1420160 | (hpCMSrv) . (.Hewlett-Packard Development Company, L.P..) - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
SR - | Auto 22/03/2012 372824 | (HPFSService) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
SR - | Auto 14/03/2012 365440 | (hpHotkeyMonitor) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
SR - | Demand 14/03/2012 994176 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 16/03/2012 33560 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 01/03/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 07/03/2012 629984 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 28/03/2012 128280 | (Intel(R) ME Service) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 02/11/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 28/03/2012 165144 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 28/03/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 21/03/2012 1327104 | (McAfee Endpoint Encryption Agent) . (...) - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
SR - | Auto 28/04/2011 12784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
SR - | Auto 20/07/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 07/03/2012 1134584 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
SR - | Auto 05/03/2012 314880 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 05/04/2012 498352 | (uArcCapture) . (.ArcSoft, Inc..) - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
SR - | Auto 28/03/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 20/03/2012 2694224 | (vcsFPService) . (.Validity Sensors, Inc..) - C:\windows\system32\vcsFPService.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/08/2012 323584 | (ZAtheros Bt&Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

~ Services: Scanned in 00mn 41s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Faical at 29/01/2014 13:32:23
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Faical at 29/01/2014 13:32:25

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 48
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 22
Fichiers trouvés (Files found) : 15

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E9AC80B-E5FE-5CAD-E6E7-B050E1279DED}] =>Adware.FastSaveApp^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_e14dcdfa] =>PUP.Offerware^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}] =>Adware.FastSaveApp^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Volaro Updater] =>Trojan.Vonteera^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vonteera] =>Trojan.Vonteera^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}] =>Adware.WebCake^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>PUP.Babylon
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKCU\Software\AppDataLow\Software\Search Settings] =>PUP.Dealio
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKCU\Software\AppDataLow\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKLM\Software\Classes\AppID\VONTEERA.DLL] =>Trojan.Vonteera
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}] =>Adware.Browse2Save
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller] =>Adware.MegaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio
[HKCU\Software\BI] =>Adware.MegaSearch
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh] =>Adware.WebCake
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}] =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}] =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje] =>Hijacker.TornTV
[HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32] =>Adware.WebCake
[HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS] =>Adware.WebCake
[HKLM\Software\Classes\AppID\WebCakeIEClient.DLL] =>
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =>Toolbar.Bing^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\Faical\AppData\Roaming\Mozilla\Firefox\Profiles\sdphu30p.default\extensions\addon@Vonteera.com =>Trojan.Vonteera^
C:\Users\Faical\AppData\Roaming\Mozilla\Firefox\Profiles\sdphu30p.default\extensions\plugin@getwebcake.com =>Adware.WebCake^
C:\Program Files (x86)\ContinueToSave =>PUP.OfferWare^
C:\Program Files (x86)\Tencent =>Adware.TencentAddressBar^
C:\Program Files (x86)\Volaro =>Trojan.Vonteera^
C:\Program Files (x86)\VonteeraAddon =>Trojan.Vonteera^
C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch^
C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\SearchNewTab =>Adware.FastSaveApp^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\ProgramData\Tencent =>Adware.TencentAddressBar^
C:\Users\Faical\AppData\Roaming\BabSolution =>Hijacker.BabSolution^
C:\Users\Faical\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\Faical\AppData\Roaming\Tencent =>Adware.TencentAddressBar^
C:\Users\Faical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent =>Adware.TencentAddressBar^
C:\Users\Faical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com =>Hijacker.TornTV^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearchNewTab =>Adware.FastSaveApp
C:\Users\Faical\AppData\Local\Bundled software uninstaller =>Adware.MegaSearch
C:\Users\Faical\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Faical\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\Users\Faical\AppData\Local\FilesFrog Update Checker\update_checker.exe =>Adware.MegaSearch^
C:\Users\Faical\AppData\Roaming\BabSolution\Shared\BabMaint.exe =>Hijacker.BabSolution^
C:\Program Files (x86)\Volaro\Updater\Updater.exe =>Trojan.Vonteera^
C:\Users\Faical\Downloads\Programs\QQPlayer_Setup_French.exe =>Adware.TencentAddressBar^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\Tencent] =>Adware.TencentAddressBar^
[HKCU\Software\Volaro] =>Trojan.Vonteera^
[HKCU\Software\iLivid] =>Adware.Bandoo^
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^
[HKLM\Software\Wow6432Node\Tencent] =>Adware.TencentAddressBar^
C:\Users\Faical\AppData\Local\Temp\FLVPlayerSetup.exe =>Adware.MegaSearch^
C:\Users\Faical\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe =>Adware.MegaSearch^
~ Additionnel Scan: 358104 Items scanned in 01mn 46s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/31951367-trojan-vonteera =>Trojan.Vonteera
~ http://nicolascoolman.webs.com/apps/blog/show/27285539-adware-webcake =>Adware.WebCake
~ http://nicolascoolman.webs.com/apps/blog/show/26801402-adware-fastsaveapp =>Adware.FastSaveApp
~ http://nicolascoolman.webs.com/apps/blog/show/27668065-adware-tencentaddressbar =>Adware.TencentAddressBar
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/27332348-pup-offerware =>PUP.Offerware
~ http://nicolascoolman.webs.com/apps/blog/show/26607014-pup-1clickdownloader =>PUP.1ClickDownloader
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
~ http://nicolascoolman.webs.com/apps/blog/show/28486577-pup-mocaflix =>PUP.MocaFlix
~ http://nicolascoolman.webs.com/apps/blog/show/26907365-adware-installbrain =>Adware.InstallBrain
~ http://nicolascoolman.webs.com/apps/blog/show/27660150-hijacker-torntv =>Hijacker.TornTV
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/33216982-hijacker-searchgol =>Hijacker.SearchGol
~ http://nicolascoolman.webs.com/apps/blog/show/26627530-adware-browse2save =>Adware.Browse2Save
~ http://nicolascoolman.webs.com/apps/blog/show/26632189-adware-magnipic =>Adware.MagniPic
~ MSI: 25 link(s) detected in 01mn 46s



~ 1226 Legitimates filtered by white list
End of the scan (738 lines in 10mn 03s)(0)

Publicité


Signaler le contenu de ce document

Publicité