cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par bibou (29/01/2014 16:48:50)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2008
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v3.17 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer
eMule

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 MUI
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6004 MB (64% free)
System Restore: Activé (Enable)
System drive C: has 243 GB (41%) free of 584 GB

---\\ Mode de connexion au système
~ Computer Name: BIBOU-PC
~ User Name: bibou
~ All Users Names: bibou, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\bibou\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\bibou\AppData\Roaming\
~ %Desktop% : C:\Users\bibou\Desktop\
~ %Favorites% : C:\Users\bibou\Favorites\
~ %LocalAppData% : C:\Users\bibou\AppData\Local\
~ %StartMenu% : C:\Users\bibou\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 243 Go of 584 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/63
~ Mes musiques (My Musics) : 1/234
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/30
~ Mes Documents (My Documents) : 1/1086
~ Mon Bureau (My Desktop) : 1/5553
~ Menu demarrer (Programs) : 1/72
~ Hidden Files: Scanned in 00mn 07s



---\\ Processus lancés
[MD5.9A44D5BBD020F904E18BD1BEAB49BEF2] - (.Orange - Executable Orange Inside.) -- C:\Users\bibou\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [1511424] [PID.1568]
[MD5.BB4CEE22CFE1C259F5C4279349EB879C] - (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe [149824] [PID.1592]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2464]
[MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.4788]
[MD5.FBFA45B2D8ABB107C79E0CA0F8ED0A6D] - (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe [200704] [PID.5092]
[MD5.9EDFB86FAA07BFED3C3D00211FAB6D82] - (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\ST2.exe [13446464] [PID.4312]
[MD5.DD24014C9B892A19E1B5E684AD6B2EAF] - (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe [1815976] [PID.4960]
[MD5.56D1890D74A8999F756E338210846AF1] - (.Dritek System Inc. - Launch Manager Keyboard Application.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1094736] [PID.1048]
[MD5.B569E48B3A30E24601FCE6C98501E383] - (.CyberLink Corp. - Acer Arcade Deluxe Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112] [PID.4528]
[MD5.A9F9D081518AC03A51C1195986076F42] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4192]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4796]
[MD5.1F0A97900FC718CE617A722BEF8580CD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.4220]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5832]
[MD5.0DD74786D22EDFF0CE5B8E1B1E398618] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.5296]
[MD5.5D60EE718D0C708D69DFF4B3336B68BF] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe [1862536] [PID.5344]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.5688]
[MD5.A9FF9831AB2BFFB1CCF849BDA19D06FD] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [528192] [PID.912]
[MD5.4D41D30E2FAB3307967C7A0B045DC874] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1320]
[MD5.D1EBE337782B1F32A52C0C80A98FC08B] - (.Cherished Technololgy LIMITED - IePlugin Service.) -- C:\ProgramData\IePluginService\PluginService.exe [508016] [PID.1712] =>Trojan.SProtector
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.2016]
[MD5.9D519AAA21E622DF7DF27041E0917499] - (.Pas de propriétaire - DedicarzService.) -- C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe [1966960] [PID.1616]
[MD5.5A78D672EAE975D40DE35CE6B650282B] - (.IObit - Advanced SystemCare 6 Monitor.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [703808] [PID.1640]
[MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [1150496] [PID.2120]
[MD5.7485FBCEF9136F530953575E2977859D] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.2384]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2416]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2440]
[MD5.14E66F603FB187713AEB02AD3B0390CF] - (.NewTech Infosystems, Inc. - Backup Manager Module.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62720] [PID.2572]
[MD5.3F6268A2EC33CD38CF75C880AF8DED42] - (.NewTech Infosystems, Inc. - NTI Backup Now 5 SchedulerSvc NT Service.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640] [PID.1468]
[MD5.831883B107684301F48ACE752C963984] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [66872] [PID.3404]
[MD5.E24106A5EAECDDFF00B25497049DD65F] - (...) -- C:\Windows\SysWOW64\PnkBstrB.exe [107832] [PID.3636]
[MD5.B5A4B7D779CF4070DF408DE18BD33B02] - (.Acer Incorporated - Raw Socket Service.) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952] [PID.3896]
[MD5.E5C796B621F6FBA8616511063D7F0FFE] - (.StarWind Software - StarWind iSCSI Target (Alcohol Edition).) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688] [PID.3564]
[MD5.70DDE3A86DBEB1D6C3C30AD687B1877A] - (.Acer - Acer Update Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160] [PID.3700]
[MD5.7548066DF68A8A1A56B043359F915F37] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.3644]
[MD5.765F2DD351BA064F657751D8D75E58C0] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.5788]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\bibou\AppData\Roaming\Mozilla\Firefox\Profiles\mtifsi7a.default\prefs.js
M3 - MFPP: Plugins - [bibou] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\awesomehp.xml =>PUP.Awesomehp
~ Firefox Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp
~ IE Browser: 23 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 23



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll
~ BHO: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [bibou]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [bibou]: Wakfu.lnk . (...) -- C:\Program Files (x86)\Wakfu\UpLauncher.exe
O4 - GS\Program [bibou]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [bibou]: Webplayer.lnk . (...) -- C:\Users\bibou\AppData\Roaming\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_3F7CDAE07E1639C4AEA7A8.exe
O4 - GS\Program [bibou]: WoW Mania.lnk . (.Blizzard Entertainment - Blizzard Launcher.) -- C:\Program Files (x86)\World of Warcraft 2.4.3\Launcher.exe
O4 - GS\SystemTools [bibou]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [bibou]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
~ Global Startup: 59 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [AmIcoSinglun64] . (.AlcorMicro Co., Ltd. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [PLFSetI] . (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (.not file.)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\bibou\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\steam.exe
O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\bibou\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager Keyboard Application.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [ArcadeDeluxeAgent] . (.CyberLink Corp. - Acer Arcade Deluxe Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [20131224] . (.AVAST Software - avast! Emergency Update.) -- C:\Program Files\AVAST Software\Avast\setup\emupdate\c9e652dc-fa65-4af9-b878-b1884dc5a40d.exe
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2894097615-3655390813-332587673-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-2894097615-3655390813-332587673-1000\..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (.not file.)
O4 - HKUS\S-1-5-21-2894097615-3655390813-332587673-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\bibou\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2894097615-3655390813-332587673-1000\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\steam.exe
O4 - HKUS\S-1-5-21-2894097615-3655390813-332587673-1000\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\bibou\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKUS\S-1-5-21-2894097615-3655390813-332587673-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Microsoft Lync add-on [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A0FFD5C-C2B8-4C4E-803A-2DFFD41BC084}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7A0FFD5C-C2B8-4C4E-803A-2DFFD41BC084}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7A0FFD5C-C2B8-4C4E-803A-2DFFD41BC084}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Dedicarz Service (Dedicarz Service) . (.Pas de propriétaire - DedicarzService.) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
O23 - Service: Updater Service (Updater Service) . (.Acer - Acer Update Service.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
~ Services: 27 Legitimates Filtered in 00mn 08s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Programme de mise … jour en ligne de Egis technology] (...) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Updater27096.exe] (...) -- C:\Users\bibou\AppData\Local\Updater27096\Updater27096.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [{16536A19-3A14-401C-8205-0C9EB133044B}] (...) -- C:\Users\bibou\Downloads\Visual Studio 2010 Pex 0.94.51023.0 Power Tools (x86) - (English)\en_visual_studio_2010_pex_0.94.51023.0_power_tools_x86_598803.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{614A9B65-AEA5-485A-AE7A-E73026ADA6E9}] (...) -- C:\Users\bibou\Desktop\Borderland\Borderlands.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8E1B9EBA-D7BF-4BD3-B152-32E738F331B5}] (...) -- C:\Users\bibou\Desktop\Visual studio\SetupUtility.exe (.not file.) [0]
[MD5.6865DC8C2D4C6318672878C9900A134C] [APT] [{A6F52960-6EF0-4DB1-9391-D35A3185BC7C}] (.http://csmania.ru.) -- C:\Users\bibou\Desktop\Jeux\Instalations de Jeux\Team fortress 2\TF2_full_client_01.10.07.exe [2632051]
[MD5.00000000000000000000000000000000] [APT] [{A81448B8-B614-42B5-A84A-518FF23F08D1}] (...) -- C:\Users\bibou\Desktop\Jeux\Instalations de Jeux\re-volt\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AAFC25A1-3C13-4EA5-8DF4-8EA360A6C7AF}] (...) -- C:\Users\bibou\Desktop\Visual studio\HelpSetup_x64.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DE9CEA0D-AFD0-46CB-95EF-5A8FEA20A60E}] (...) -- C:\Users\bibou\Desktop\Jeux\Instalations de Jeux\CoD\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EB2919AB-9651-468E-9D46-150C60B69DFF}] (...) -- C:\Users\bibou\Downloads\ChromeSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F6450176-D6A2-49F5-81F9-D44E8EA960EB}] (...) -- C:\Users\bibou\Desktop\Jeux\Instalations de Jeux\CoD\resources\redist\vcredist_x86.exe (.not file.) [0]
~ Scheduled Task: 38 Legitimates Filtered in 00mn 04s



---\\ Logiciels installés (O42)
O42 - Logiciel: IePluginService12.27.0.3326 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- IePlugins =>Trojan.SProtector
O42 - Logiciel: SupTab - (...) [HKLM][64Bits] -- SupTab
~ Logic: 29 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\PartyFrance]
[HKCU\Software\YoYoGames]
[HKLM\Software\SpeedBit]
[HKLM\Software\Wow6432Node\Acclaim]
[HKLM\Software\Wow6432Node\PCTools]
[HKLM\Software\Wow6432Node\Shortcut_Module]
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab]
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 485 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/11/2010 - 14:47:37 - [0] ----D C:\Program Files (x86)\Acclaim
O43 - CFD: 18/02/2013 - 05:39:11 - [4,634] ----D C:\Program Files (x86)\GUM2E23.tmp
O43 - CFD: 07/08/2011 - 21:05:52 - [0] ----D C:\Program Files (x86)\LimeWire
O43 - CFD: 09/09/2011 - 21:55:43 - [0] ----D C:\Program Files (x86)\PokerStars.FR
O43 - CFD: 17/12/2013 - 17:59:31 - [160,722] ----D C:\Program Files (x86)\Portable
O43 - CFD: 28/01/2014 - 20:53:24 - [0] ----D C:\Program Files (x86)\SDGi Europe
O43 - CFD: 28/01/2014 - 20:36:25 - [2,315] ----D C:\Program Files (x86)\SupTab
O43 - CFD: 16/06/2012 - 21:59:09 - [0] ----D C:\Program Files (x86)\Common Files\SpeedBit
O43 - CFD: 28/01/2014 - 20:36:25 - [0,484] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 18/06/2012 - 18:52:12 - [0] ----D C:\ProgramData\SpeedBit
O43 - CFD: 29/01/2014 - 07:17:46 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 24/03/2011 - 17:54:23 - [2,369] ----D C:\ProgramData\YoYoGames
O43 - CFD: 20/12/2013 - 16:02:27 - [0] ----D C:\Users\bibou\AppData\Roaming\openvr
O43 - CFD: 28/01/2014 - 21:49:12 - [0] ----D C:\Users\bibou\AppData\Roaming\Oxy
O43 - CFD: 24/11/2010 - 17:20:13 - [0,036] ----D C:\Users\bibou\AppData\Local\Ares
O43 - CFD: 03/05/2012 - 18:10:33 - [0,649] ----D C:\Users\bibou\AppData\Local\mcpatcher
O43 - CFD: 28/01/2014 - 20:54:02 - [7,031] ----D C:\Users\bibou\AppData\Local\Oxy
O43 - CFD: 09/09/2011 - 21:55:41 - [0] ----D C:\Users\bibou\AppData\Local\PokerStars.FR
O43 - CFD: 28/01/2014 - 20:53:24 - [0] ----D C:\Users\bibou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SDGi Europe
~ Program Folder: 336 Legitimates Filtered in 00mn 56s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.10EAE70181C6A85DE3EBD732A2666C0B] - 28/01/2014 - 22:55:54 ---A- . (...) -- C:\Shortcut_Module_28_01_2014_22_55_54.txt [7818]
~ Files: 26 Legitimates Filtered in 00mn 24s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{5ec0165d-8320-11e1-ad00-ef5af61c2813}\AutoRun\command. (...) -- E:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 13/12/2013 - 08:59:22 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.59787B95DD9CA44CB139D96863438587] - 13/12/2013 - 08:59:22 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [205320]
O58 - SDL:[MD5.46571ED73AE84469DCA53081D33CF3C8] - 28/01/2014 - 17:21:55 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.D6AB7C13FCDD2E4CAC35244D2C172D9A] - 26/01/2014 - 18:28:22 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.825E7A1F48FB8BCFBA27C178AAB4E275] - 02/11/2009 - 12:48:02 ---A- . (...) -- C:\Windows\System32\Drivers\TurboB.sys [13784]
O58 - SDL:[MD5.FB251567F41BC61988B26731DEC19E4B] - 15/02/2012 - 11:01:50 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [52736]
O58 - SDL:[MD5.AD12F5C7251BB8D575D560894E73CBBA] - 24/12/2010 - 10:43:40 ---A- . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\Windows\System32\Drivers\WsAudioDevice_383S(1).sys [29288]
~ Drivers: 18 Legitimates Filtered in 00mn 02s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\bibou\AppData\Local\Oxy\Application\oxy.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\Firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.DC95605AA80368AE49CD90DCCD565CC6] [SPRF][03/12/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][25/11/2010] (...) -- C:\Users\bibou\AppData\Roaming\wklnhst.dat [0]
[MD5.54DB2B8C60F04C5ADE6D711D47EABA75] [SPRF][28/01/2014] (...) -- C:\Users\bibou\Desktop\adwcleaner.exe [1166132]
[MD5.6F2EC3BC01C7F3D07D762C10FA93D85D] [SPRF][28/01/2014] (.Pas de propriétaire - Nettoyage des fichiers temporaires.) -- C:\Users\bibou\Desktop\SFTGC.exe [1052616]
~ Files: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{0F3229CE-FCEC-452F-8E42-A728501ADC15}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Unreal Tournament 3\Binaries\UT3.exe
O87 - FAEL: "{AEB59DC1-8AE8-4D13-B4DF-744385F72066}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Unreal Tournament 3\Binaries\UT3.exe
O87 - FAEL: "TCP Query User{4A5190B3-3AA4-4EAE-8167-A7AFDE9122F3}C:\users\bibou\appdata\local\temp\rarsfx1\hl.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\bibou\appdata\local\temp\rarsfx1\hl.exe (.not file.)
O87 - FAEL: "UDP Query User{69B8B165-1C2E-43DA-BE25-4ACF187AAFD3}C:\users\bibou\appdata\local\temp\rarsfx1\hl.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\bibou\appdata\local\temp\rarsfx1\hl.exe (.not file.)
O87 - FAEL: "TCP Query User{3B94AE20-9EC1-4178-962E-F9B0254B0F54}C:\users\bibou\appdata\local\temp\rarsfx0\hl.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\bibou\appdata\local\temp\rarsfx0\hl.exe (.not file.)
O87 - FAEL: "UDP Query User{A8D54E94-FCF0-4311-8E82-ABBB0123652A}C:\users\bibou\appdata\local\temp\rarsfx0\hl.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\bibou\appdata\local\temp\rarsfx0\hl.exe (.not file.)
O87 - FAEL: "{F03A7CE6-46ED-4D57-B0F5-F71CA8365885}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Team Fortress 2\RUN_TF2.exe (.not file.)
O87 - FAEL: "{8FFE6FCE-2899-4A27-9AD6-D49BFF39DF26}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Team Fortress 2\RUN_TF2.exe (.not file.)
O87 - FAEL: "{06B731D0-C734-4680-92C9-089F3D894C9B}" |In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Team Fortress 2\RUN_TF2.exe (.not file.)
O87 - FAEL: "{5562CEAB-7504-48CA-A160-739068BCE749}" |In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Team Fortress 2\RUN_TF2.exe (.not file.)
O87 - FAEL: "{B3C06A88-7C41-410C-8547-08FF839B0E1A}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ACID.exe
O87 - FAEL: "{0D3FABD8-E691-4C39-A332-DC0AFFE20977}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ACID.exe
O87 - FAEL: "{9320BC29-1867-4521-AFA3-A2ED55EDD7AD}" | In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ACID.exe
O87 - FAEL: "{C6FADE22-325A-42CF-B963-80246B814409}" | In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ACID.exe
O87 - FAEL: "{DD00A20D-67D5-45EB-8AE9-DDF5C3CD4061}" |In - Private - P6 - TRUE | .(...) -- C:\Users\bibou\AppData\Local\Temp\7zSDCB7.tmp\SymNRT.exe (.not file.)
O87 - FAEL: "{2FC71A5F-E1EF-4645-AD84-161739D19AD5}" |In - Private - P17 - TRUE | .(...) -- C:\Users\bibou\AppData\Local\Temp\7zSDCB7.tmp\SymNRT.exe (.not file.)
O87 - FAEL: "{F21D32FE-80B5-4211-BE19-7235FEA0D9DF}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\SDGi Europe\Dragon Nest Europe\DragonNest.exe (.not file.)
O87 - FAEL: "{F525B006-71EB-4056-94B0-3FDA9944EF80}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\SDGi Europe\Dragon Nest Europe\DragonNest.exe (.not file.)
O87 - FAEL: "{EB71F0EB-D3D6-4BAB-9AB1-E1DD98756465}" | In - Public - P6 - TRUE | .(...) -- C:\Users\bibou\AppData\Local\Oxy\Application\bin\oxy-downloader.exe
O87 - FAEL: "{73694779-F9A4-46F8-B320-1B687C32B727}" | In - Public - P17 - TRUE | .(...) -- C:\Users\bibou\AppData\Local\Oxy\Application\bin\oxy-downloader.exe
~ Firewall: 411 Legitimates Filtered in 00mn 03s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "90209AFBFFA76BD4E8B45E375057A17D" . (.Unreal Tournament 3.) -- C:\Windows\Installer\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\ARPPRODUCTICON.exe
~ Update Products: 217 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.D24949E5C6EC59F7F8664A657066994D] [WIS][05/11/2009] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\5cb70.msi [28160] =>Toolbar.Google
~ WIS: 224 Legitimates Filtered in 00mn 30s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 11/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 05/01/2012 75624 | (AxAutoMntSrv) . (.Alcohol Soft Development Team.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
SS - | Auto 06/03/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 06/03/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 18/06/2009 50432 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
SS - | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 29/06/2011 155344 | (Sony Ericsson PCCompanion) . (.Avanquest Software.) - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
SS - | Demand 27/01/2014 571816 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 02/11/2009 126352 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Demand 23/06/2013 24576 | (wampapache) . (.Apache Software Foundation.) - c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
SS - | Demand 23/06/2013 12867584 | (wampmysqld) . (...) - c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 25/02/2013 528192 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
SR - | Auto 28/03/2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SR - | Auto 10/12/2009 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 13/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 10/06/2013 1966960 | (Dedicarz Service) . (...) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
SR - | Auto 30/09/2009 844320 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
SR - | Auto 05/04/2012 8704 | (HiPatchService) . (.Hi-Rez Studios.) - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
SR - | Auto 05/06/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 14/01/2014 508016 | (IePluginService) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
SR - | Demand 31/05/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 01/10/2009 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 25/09/2009 62720 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
SR - | Auto 18/06/2009 144640 | (NTISchedulerSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 10/07/1658 0 | (PnkBstrB) . (...) - C:\Windows\system32\PnkBstrB.exe
SR - | Auto 10/07/2009 253952 | (RS_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
SR - | Auto 23/12/2009 370688 | (StarWindServiceAE) . (.StarWind Software.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
SR - | Auto 01/10/2009 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 04/07/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 32s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:[MD5.D6AB7C13FCDD2E4CAC35244D2C172D9A] - 26/01/2014 - 18:28:22 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
~ Emulateurs: Scanned in 00mn 32s



---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 17
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 5

[HKLM\SYSTEM\CurrentControlSet\Services\IePluginService] =>Trojan.SProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins] =>Trojan.SProtector^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange
[HKCU\Software\PartyFrance] =>Casino.OnlineGames
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211701196}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110211701196}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\WPM =>PUP.WpManager^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Windows\Installer\5cb70.msi =>Toolbar.Google^
~ Additionnel Scan: 556146 Items scanned in 00mn 31s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/40789592-trojan-sprotector =>Trojan.SProtector
~ http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ MSI: 7 link(s) detected in 00mn 31s



~ 1766 Legitimates filtered by white list
End of the scan (567 lines in 03mn 11s)(0)

Publicité


Signaler le contenu de ce document

Publicité