cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par Administrateur (28/01/2014 17:40:21)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
GCIE: Google Chrome v32.0.1700.76

---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2013
McAfee Security Scan Plus v2.0.181.2

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer
eMule

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6 - Français

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Sans échec (Fail-safe boot)
Total RAM: 1023 MB (79% free)
System Restore: Activé (Enable)
System drive C: has 8 GB (19%) free of 39 GB

---\\ Mode de connexion au système
~ Computer Name: FIANDRIN-1411F4
~ User Name: Administrateur
~ All Users Names: Val, SUPPORT_388945a0, HelpAssistant, Anais-Marie, Administrateur,
~ Unselected Option: O45
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Application Data\
~ %Desktop% : C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Bureau\
~ %Favorites% : C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 8 Go of 39 Go)
D: Hard drive, Flash drive, Thumb drive (Free 5 Go of 5 Go)
E: Hard drive, Flash drive, Thumb drive (Free 32 Go of 39 Go)
F: Hard drive, Flash drive, Thumb drive (Free 39 Go of 39 Go)
G: Hard drive, Flash drive, Thumb drive (Free 28 Go of 39 Go)
H: Hard drive, Flash drive, Thumb drive (Free 39 Go of 39 Go)
I: Hard drive, Flash drive, Thumb drive (Free 26 Go of 33 Go)
J: CD-ROM drive (Not Inserted)
K: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.E9C2CF196F769DE332181121B37518E7] - (.Microsoft Corporation - Internet Extensions for Win32.) (.01/11/2012 - 13:17:51.) -- C:\WINDOWS\system32\wininet.dll [916992]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.5681BEC3C245ADE8FBCE545CA5ADD6C2] - (....) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 0/0
~ Mes musiques (My Musics) : 0/0
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 0/2
~ Mes Documents (My Documents) : 0/0
~ Mon Bureau (My Desktop) : 0/3
~ Menu demarrer (Programs) : 1/16
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8339968] [PID.1352]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@google.com/npPicasa2,version=2.0.0] - (...) -- C:\Program Files\Picasa2\npPicasa2.dll (.not file.)
~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.babylon.com =>PUP.Babylon
~ IE Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} . (.SimplyGen - Complitly - Helps you search the web.) -- C:\Documents and Settings\Val\Application Data\Complitly\Complitly.dll =>Adware.PredictAd
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\ConduitEngine\prxConduitEngine.dll =>Toolbar.Conduit
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} . (.Wajam - Wajam Internet Explorer Add-on.) -- C:\Program Files\Wajam\IE\wajam.dll =>PUP.Wajam
~ BHO: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Conduit Engine - [HKLM]{30F9B915-B755-4826-820B-08FBA6BD249D} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\ConduitEngine\prxConduitEngine.dll =>Toolbar.Conduit
O3 - Toolbar: barre d'outils Orange - [HKLM]{c9a6357b-25cc-4bcf-96c1-78736985d412} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll =>.Microsoft Corporation
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: UltraDefrag.lnk . (.UltraDefrag Development Team - UltraDefrag GUI interface.) -- C:\Program Files\UltraDefrag\ultradefrag.exe
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [Val]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Anais-Marie]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 23 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Program [AllUsers]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
O4 - GS\Program [AllUsers]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office 2000 component.) -- C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - GS\Program [Val]: Assistance Livebox.lnk . (...) -- C:\Program Files\Orange\Assistance Livebox\AssistanceLivebox.exe
O4 - GS\Program [Val]: OpenOffice.org 3.2.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - GS\Program [Anais-Marie]: OpenOffice.org 3.2.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] . (.Windows (R) Server 2003 DDK provider - High Definition Audio Property Page Shortcu.) -- C:\WINDOWS\system32\HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] Clé orpheline
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper Module.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] . (.Hewlett-Packard - hpgs2wnd.) -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\Run: [NPSStartup] Clé orpheline
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] . (.Sony Ericsson Mobile Communications AB - Application Launcher.) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-789336058-746137067-725345543-500\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{99775155-1744-47EA-A159-44B63ED85CD2}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{99775155-1744-47EA-A159-44B63ED85CD2}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{99775155-1744-47EA-A159-44B63ED85CD2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ALOT Update Service (AlotService) . (.Inuvo Inc. - ALOT Update Service.) - C:\Documents and Settings\Val\Application Data\alotservice\alotservice.exe =>Adware.Comet
O23 - Service: WajamUpdater (WajamUpdater) . (.Wajam - Auto-updater.) - C:\Program Files\Wajam\Updater\WajamUpdater.exe =>PUP.Wajam
~ Services: 12 Legitimates Filtered in 00mn 04s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Anais-Marie.job [430]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\ReclaimerUpdateXML_Anais-Marie.job [426]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Anais-Marie.job [436]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\WavePadReminder.job [272]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 00s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (AFD) . (...) - C:\WINDOWS\system32\drivers\afd.sys
~ Drivers: 67 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Complitly - (.Complitly.) [HKLM] -- {4FFBB818-B13C-11E0-931D-B2664824019B}_is1 =>Adware.PredictAd
O42 - Logiciel: Conduit Engine - (.Conduit Ltd..) [HKLM] -- conduitEngine =>Toolbar.Conduit
O42 - Logiciel: ITE IT8212 ATA RAID Controller - (...) [HKLM] -- {FC6AAE10-A081-42C7-9CD3-ED1D80C30941}
O42 - Logiciel: Sam - (...) [HKLM] -- {8E4CF4E6-062E-11D8-BCF1-005004748D87}
~ Logic: 28 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ConduitEngine] =>Toolbar.Conduit
[HKLM\Software\AskBarDis]
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\SimplyGen] =>Adware.PredictAd
[HKLM\Software\Wajam] =>PUP.Wajam
~ Key Software: 272 Legitimates Filtered in 00mn 02s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/02/2012 - 20:21:19 - [1,597] ----D C:\Program Files\Complitly =>Adware.PredictAd
O43 - CFD: 09/01/2013 - 22:24:49 - [1,218] ----D C:\Program Files\Conduit
O43 - CFD: 25/04/2011 - 18:20:28 - [8,055] ----D C:\Program Files\ConduitEngine =>Toolbar.Conduit
O43 - CFD: 04/11/2009 - 20:33:23 - [0,306] ----D C:\Program Files\Fast Browser Search =>PUP.FbSearch
O43 - CFD: 27/01/2014 - 21:03:25 - [0,001] RS-AD C:\Program Files\FlashGuard
O43 - CFD: 11/06/2011 - 21:32:18 - [0,001] ----D C:\Program Files\HBLite =>Adware.HotBar
O43 - CFD: 24/02/2012 - 17:29:15 - [0,746] ----D C:\Program Files\Wajam =>PUP.Wajam
O43 - CFD: 21/02/2012 - 20:19:57 - [0] ----D C:\Documents and Settings\All Users\Application Data\Babylon =>PUP.Babylon
O43 - CFD: 12/06/2011 - 11:21:19 - [1,300] ----D C:\Documents and Settings\All Users\Application Data\HBLiteSA =>Adware.HotBar
O43 - CFD: 31/12/2008 - 20:22:29 - [0,487] ----D C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
O43 - CFD: 27/01/2014 - 17:18:49 - [0] ----D C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Local Settings\Application Data\Conduit
O43 - CFD: 27/01/2014 - 17:17:48 - [3,727] ----D C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Local Settings\Application Data\ConduitEngine =>Toolbar.Conduit
~ Program Folder: 148 Legitimates Filtered in 00mn 22s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0A109C9A8D01B3BC07362F01282EBF6B] - 27/01/2014 - 21:02:53 ---A- . (...) -- C:\autorun.inf [102]
O44 - LFC:[MD5.7AB8E9B64487F38A26903CFF25C14016] - 28/01/2014 - 17:06:14 ---A- . (...) -- C:\WINDOWS\system32\ativvaxx.cap [60452]
O44 - LFC:[MD5.CA759C382815C300A5FFF3F7A1317ABD] - 28/01/2014 - 17:34:54 ---A- . (...) -- C:\WINDOWS\wiadebug.log [216]
O44 - LFC:[MD5.F87184E0C2500EB8B2594A005A630324] - 28/01/2014 - 17:34:55 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.BF36731B1C0CAFB0BFC0966A50B6D9DC] - 28/01/2014 - 17:34:58 ---A- . (...) -- C:\alotserviceruntime.log [8520348] =>Adware.Comet
O44 - LFC:[MD5.826466F4201A35C4FA04F7524C0582F6] - 28/01/2014 - 17:40:05 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [541464]
~ Files: 23 Legitimates Filtered in 00mn 15s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.5681BEC3C245ADE8FBCE545CA5ADD6C2] - 17/08/2011 - 14:49:54 ---A- . (...) -- C:\WINDOWS\system32\Drivers\afd.sys [138496]
O58 - SDL:[MD5.D48659BB24C48345D926ECB45C1EBDF5] - 13/08/2004 - 03:56:20 R--A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\WINDOWS\system32\Drivers\ASACPI.sys [5810]
O58 - SDL:[MD5.DE91D0D73C3E61E6826D98FAC2FAC729] - 27/04/2004 - 08:26:47 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ASUSHWIO.SYS [5824]
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 27/01/2014 - 20:54:16 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 27/01/2014 - 20:54:16 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.A2C08CFE1D549283CDAFD3FD67F3ABEE] - 21/10/2004 - 11:56:08 R--A- . (.C-Media Inc. - C-Media Audio WDM Driver.) -- C:\WINDOWS\system32\Drivers\cmudax.sys [1275584]
O58 - SDL:[MD5.6216FD7FD227DE454238A702B218CEC7] - 07/06/2011 - 10:13:36 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\WINDOWS\system32\Drivers\dgderdrv.sys [20032]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/04/2008 - 17:36:05 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.C53360C1932904FE89C6BE55378628CB] - 01/06/2004 - 10:19:44 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\WINDOWS\system32\Drivers\iteraid.sys [24971]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 05/08/2004 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 21/12/2008 - 19:18:01 ---A- . (...) -- C:\WINDOWS\system32\Drivers\StarOpen.sys [5632]
O58 - SDL:[MD5.C1CA131F4E3ED63D6BC89A35FFAD4CDA] - 07/11/2008 - 14:23:30 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\system32\Drivers\usbaapl.sys [32000]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.790A4CA68F44BE35967B3DF61F3E4675] - 31/03/2009 - 08:39:36 ---A- . (...) -- C:\WINDOWS\system32\FsUsbExDisk.Sys [36608]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 5 Legitimates Filtered in 00mn 04s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 27/01/2014 - 17:41:33 ---A- . (...) -- C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Favoris\Liens\Sites suggérés.url [236]
O61 - LFC: 27/01/2014 - 17:41:33 ---A- . (...) -- C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Local Settings\Application Data\ConduitEngine\MyStuffApps\MyStuffAppsOrder.xml [45] =>Toolbar.Conduit
O61 - LFC: 27/01/2014 - 17:41:33 ---A- . (...) -- C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat [6896]
O61 - LFC: 27/01/2014 - 17:41:33 -SHA- . (...) -- C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\PrivacIE\index.dat [16384]
O61 - LFC: 28/01/2014 - 17:41:32 ---A- . (...) -- C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Application Data\ZHP\Log.txt [21177] =>.Nicolas Coolman
O61 - LFC: 28/01/2014 - 17:41:33 ---A- . (...) -- C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Application Data\ZHP\TestsZHPDiag.txt [3719] =>.Nicolas Coolman
O61 - LFC: 28/01/2014 - 17:41:33 ---A- . (...) -- C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Bureau\ZHPDiag.lnk [1523] =>.Nicolas Coolman
O61 - LFC: 28/01/2014 - 17:41:33 ---A- . (...) -- C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Bureau\ZHPFix.lnk [1628] =>.Nicolas Coolman
O61 - LFC: 28/01/2014 - 17:41:33 -SHA- . (...) -- C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\IETldCache\index.dat [262144]
~ 2 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 28 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
~ Legacy: 131 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - http://search.live.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche dans la clé de registre Feature Controls (IFC) (O81)
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS

~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
E:\Sauv données\drivers\nero6316\Nero_Burning_ROM_Enterprise_Edition_v6[1].3.1.6\Keygen.exe
E:\Sauv données\drivers\nero6316\Nero_Burning_ROM_Enterprise_Edition_v6[1].3.1.6_by_Revenge\keygen.exe
E:\Sauv données\drivers\winrar\KeyGen.exe
~ Files: Scanned in 03mn 07s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Administrateur at 28/01/2014 17:45:52

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
1 nt!IofCallDriver[0x804E13B9] >> \Device\Harddisk0\DR0[0x867A69C0]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 12 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Administrateur at 28/01/2014 17:45:54

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 76
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 10
Fichiers trouvés (Files found) : 4

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] =>Adware.PredictAd^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>PUP.Wajam^
[HKLM\SYSTEM\CurrentControlSet\Services\AlotService] =>Adware.Comet^
[HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater] =>PUP.Wajam^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1] =>Adware.PredictAd^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine] =>Toolbar.Conduit^
[HKLM\Software\Classes\TypeLib\{01bcb858-2f62-4f06-a8f4-48f927c15333}] =>Adware.PredictAd
[HKLM\Software\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}] =>Toolbar.Wajam
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] =>Adware.PredictAd
[HKLM\Software\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] =>Adware.PredictAd
[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =>Toolbar.Wajam
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
[HKLM\Software\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>Toolbar.Wajam
[HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>Toolbar.Wajam
[HKLM\Software\Classes\AppID\{442f13bc-2031-42d5-9520-437f65271153}] =>Adware.PredictAd
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}] =>Toolbar.Wajam
[HKLM\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange
[HKLM\Software\Classes\CLSID\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange
[HKLM\Software\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}] =>Parasite.Pugi
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{cf739809-1c6c-47c0-85b9-569dbb141420}] =>Toolbar.AskBarDis
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam
[HKLM\Software\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\Complitly.DLL] =>Adware.PredictAd
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FileConverter_1.5 Toolbar] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WiseConvert_1.5 Toolbar] =>Toolbar.Conduit
[HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit
[HKLM\Software\Classes\S] =>Toolbar.Agent
[HKLM\Software\Classes\SearchBar.Client] =>Toolbar.Agent
[HKLM\Software\Classes\suggestmeyes.suggestmeyesbho] =>Adware.PredictAd
[HKLM\Software\Classes\suggestmeyes.suggestmeyesbho.1] =>Adware.PredictAd
[HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
[HKLM\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp] =>Toolbar.Wajam
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] =>Toolbar.Wajam
[HKCU\Software\conduitEngine] =>Toolbar.Conduit
[HKLM\Software\conduitEngine] =>Toolbar.Conduit
[HKLM\Software\SimplyGen] =>Adware.PredictAd
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
[HKLM\Software\AskBarDis] =>Toolbar.AskBarDis
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Classes\AppID\priam_bho.DLL] =>Toolbar.Wajam
[HKLM\Software\Classes\AppID\secman.DLL] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Classes\CLSID\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLM\Software\Google\Chrome\Extensions\dhjcejipifajofgbcbclmfohjnbflgjd] =>Toolbar.NCHBar
[HKLM\Software\Classes\Toolbar.CT2494504] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2801939] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3008653] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3241952] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3242339] =>Toolbar.Conduit
[HKLM\Software\Classes\wajam.WajamBHO] =>PUP.Wajam
[HKLM\Software\Classes\wajam.WajamBHO.1] =>PUP.Wajam
[HKLM\Software\Classes\wajam.WajamDownloader] =>PUP.Wajam
[HKLM\Software\Classes\wajam.WajamDownloader.1] =>PUP.Wajam
[HKLM\Software\Classes\AppID\wajam.DLL] =>PUP.Wajam
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{30F9B915-B755-4826-820B-08FBA6BD249D} =>Toolbar.Conduit^
C:\Program Files\Complitly =>Adware.PredictAd^
C:\Program Files\ConduitEngine =>Toolbar.Conduit^
C:\Program Files\Fast Browser Search =>PUP.FbSearch^
C:\Program Files\HBLite =>Adware.HotBar^
C:\Program Files\Wajam =>PUP.Wajam^
C:\Documents and Settings\All Users\Application Data\Babylon =>PUP.Babylon^
C:\Documents and Settings\All Users\Application Data\HBLiteSA =>Adware.HotBar^
C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Local Settings\Application Data\ConduitEngine =>Toolbar.Conduit^
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Documents and Settings\Administrateur.FIANDRIN-1411F4.000\Local Settings\Application Data\Conduit =>Toolbar.Conduit
[HKCU\Software\ConduitEngine] =>Toolbar.Conduit^
[HKLM\Software\Babylon] =>PUP.Babylon^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wajam] =>PUP.Wajam^
~ Additionnel Scan: 266242 Items scanned in 00mn 35s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad =>Adware.PredictAd
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>PUP.Wajam
~ http://nicolascoolman.webs.com/apps/blog/show/26664342-adware-comet =>Adware.Comet
~ http://nicolascoolman.webs.com/apps/blog/show/27629963-pup-fbsearch =>PUP.Fbsearch
~ http://nicolascoolman.webs.com/apps/blog/show/26834113-adware-hotbar =>Adware.Hotbar
~ http://nicolascoolman.webs.com/apps/blog/show/26611908-rootkit-tdss =>Rootkit.TDSS
~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke =>PUP.WhiteSmoke
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/26632288-parasite-pugi =>Parasite.Pugi
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ MSI: 14 link(s) detected in 00mn 35s



~ 895 Legitimates filtered by white list
End of the scan (585 lines in 06mn 09s)(3)

Publicité


Signaler le contenu de ce document

Publicité