cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.4.19.35 - Nicolas Coolman (2014-04-19)
~ Lancé par Utilisateur (2014-04-20 13:06:58)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16659 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : RMV82
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Kaspersky Internet Security v14.0.0.4651
Malwarebytes Anti-Malware version 1.75.0.1300
SUPERAntiSpyware v5.0.1108
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.12 =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8174 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 408 GB (44%) free of 919 GB

---\\ Mode de connexion au système
~ Computer Name: DENIS
~ User Name: Utilisateur
~ All Users Names: Utilisateur, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Utilisateur\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Utilisateur\AppData\Roaming\
~ %Desktop% : C:\Users\Utilisateur\Desktop\
~ %Favorites% : C:\Users\Utilisateur\Favorites\
~ %LocalAppData% : C:\Users\Utilisateur\AppData\Local\
~ %StartMenu% : C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 408 Go of 919 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.2011-02-25 - 01:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009-07-13 - 20:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2014-02-28 - 22:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2010-11-20 - 22:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010-11-20 - 22:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2013-09-27 - 20:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-13 - 20:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-13 - 18:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 22:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.2009-07-13 - 18:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-13 - 19:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-26 - 21:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-20 - 22:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2014-01-23 - 21:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009-07-13 - 19:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2010-11-20 - 22:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-13 - 19:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.2010-11-20 - 22:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/197
~ Mes musiques (My Musics) : 1/442
~ Mes Videos (My Videos) : 2/4
~ Mes Favoris (My Favorites) : 1/534
~ Mes Documents (My Documents) : 2/13190
~ Mon Bureau (My Desktop) : 6/9591
~ Menu demarrer (Programs) : 1/105
~ Hidden Files: Scanned in 00mn 04s



---\\ Processus lancés
[MD5.AD7E89D547F133D178EA7B4C3CB1B134] - (.Pas de propriétaire - AccuWeather.com desktop weather widget.) -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760] [PID.2992]
[MD5.8943465BEFA91044227D42E84ECB8280] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048] [PID.3036]
[MD5.B96D82EA7BC9A842028559968E9570D4] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [1004864] [PID.4060]
[MD5.E8B7FD67DA14A7BE57A5CB80E3139E60] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [309704] [PID.3820] =>Toolbar.Google
[MD5.4738DC864215B00B886E27A8D18CC326] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.4156]
[MD5.3A3BEA53F039CE2E997A918E26E30B1D] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [808152] [PID.2188]
[MD5.A1C1669580EF1D8F54D7EAFF527AB6A9] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8219648] [PID.6012]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1856]
[MD5.4FFEF08A63B8D6BDDF4487A7BFE8416D] - (.Acronis - File Level CDP Manager Service.) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3808248] [PID.2080]
[MD5.0D2F8F4055903A762AD46204E5A42E86] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512] [PID.2248]
[MD5.CCAD2AAE36E24346488B0F54A049DE78] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [79136] [PID.2380]
[MD5.7BBF467A0D1853B1A6796ABDC3A60F81] - (.Seagate Technology LLC - Seagate Dashboard.) -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000] [PID.2468]
[MD5.E1974A92AC0914A3859359A0A8C82C68] - (.SoftThinks SAS - SoftThinks Agent Service.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe [689472] [PID.1948]
[MD5.6241810294275CEA59EBA9733080E5EE] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720] [PID.1976]
[MD5.9E3A069B85D240C9FA7FC43C9245043D] - (.Acronis - TrueImage Sync Agent Service.) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7093272] [PID.4364]
[MD5.E59AFB64C2F6E0C99350E1C944C75088] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [762192] [PID.3868]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js
C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\rs0jgsaa.default\prefs.js
C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\rs0jgsaa.default\user.js
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com
~ IE Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 6



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{F9BBF004-6E40-4019-8214-C43A37E1D058} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: ePUBee DRM Removal.lnk . (...) -- C:\Windows\Installer\{642A2F98-4BF5-4844-9614-899DDBA0C01A}\_573741F2D44ED2667451EB.exe
O4 - GS\Desktop [Public]: Kobo.lnk . (...) -- C:\Program Files (x86)\Kobo\Kobo.exe
O4 - GS\Desktop [Public]: Le collectionneur de recettes.lnk . (...) -- C:\Program Files (x86)\Le collectionneur de recettes\collectionneurderecettes.exe
O4 - GS\Program [Public]: Cozi Family Calendar.lnk . (.Cozi Group, Inc. - Cozi Express.) -- C:\Program Files (x86)\Cozi Express\CoziExpress.exe
O4 - GS\Program [Public]: Documentation d'aide de Dell.lnk . (...) -- C:\Program Files (x86)\Dell Inc\Dell Edoc Viewer\EDocs.exe (.not file.)
O4 - GS\QuickLaunch [Utilisateur]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Utilisateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Utilisateur]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Utilisateur]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [Utilisateur]: WinAce Archiver.lnk . (.e-merge GmbH - WinAce Archiver v2.69.) -- C:\Program Files (x86)\WinAce\winace.exe
O4 - GS\Desktop [Utilisateur]: Outcast.lnk . (...) -- C:\Program Files (x86)\Outcast\Outcast.exe
O4 - GS\Desktop [Utilisateur]: Play Arx Fatalis.lnk . (...) -- C:\Users\Utilisateur\AppData\Roaming\Microsoft\Installer\{96443F45-13E2-11D6-AC87-00D0B7A9E540}\Icon96443F453.exe
~ Global Startup: 65 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Utilisateur]: SharePort Utility.lnk . (...) -- C:\Program Files (x86)\D-Link\SharePort Utility\Connect.exe (.not file.)
O4 - HKLM\..\Run: [RunDLLEntry_THXCfg] . (.Creative Technology Ltd. - Pas de description.) -- C:\Windows\system32\THXCfg64.dll
O4 - HKLM\..\Run: [RunDLLEntry_EptMon] . (.Creative Technology Ltd. - Pas de description.) -- C:\Windows\system32\EptMon64.dll
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [AccuWeatherWidget] . (.Pas de propriétaire - AccuWeather.com desktop weather widget.) -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
O4 - HKLM\..\Wow6432Node\Run: [NUSB3MON] . (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [SpUninstallCleanUp] Clé orpheline
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier virtuel [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kbrd.ico
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: Analyse des liens [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8BA3758-E74A-4BA5-B1EB-C61656913B36}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D8BA3758-E74A-4BA5-B1EB-C61656913B36}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D8BA3758-E74A-4BA5-B1EB-C61656913B36}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GoToAssist . (.Citrix Online, a division of Citrix Systems - Citrix Online GoToAssist Corporate.) -- C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: D-Link SharePort Helper (D-Link SharePort Helper) . (...) - C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
~ Services: 16 Legitimates Filtered in 00mn 05s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [4830] (...) -- C:\Users\Utilisateur\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) [0] =>Trojan.Keygen
[MD5.00000000000000000000000000000000] [APT] [{04C87E90-AC26-411C-A999-8E94CDD3860F}] (...) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{051746B6-CC8F-49C8-A5C8-1F82A4CEC904}] (...) -- D:\Autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{05537563-A397-4912-80D4-A98896F53335}] (...) -- D:\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{246013BB-9828-495D-B2FF-A6DDF742D134}] (...) -- C:\SIERRA\Mask\Mask.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2E17F18F-CF65-4D27-9BB9-02B7F5BAC0A0}] (...) -- J:\Autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3F7B6D33-33EC-491B-93A7-885601CADEEB}] (...) -- C:\SIERRA\Mask\Mask.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{47105F54-3C35-41BA-9F39-2AD51A34F0A4}] (...) -- D:\INSTALL.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{53AD7031-4539-4306-B992-754B00D15A18}] (...) -- C:\Program Files (x86)\Psygnosis\Drakan\Drakan.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{78A7E56E-C9A5-4A29-AF2B-064C8A918EF8}] (...) -- D:\INSTALL.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7CCCAD59-467E-4C3E-8E0C-02F5C5FC5926}] (...) -- D:\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7F2CDBE6-440F-4B1B-BB7C-2BF2E4403D7C}] (...) -- C:\Program Files (x86)\Psygnosis\Drakan\Drakan.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{80D320CD-A1A4-4588-87BB-3E868566DD65}] (...) -- C:\SIERRA\Mask\Mask.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{83B5BC58-E14B-489B-ACA0-AC6DF26213FE}] (...) -- C:\Users\Utilisateur\AppData\Local\Temp\Temp1_DVDFabDVDCopy_new.zip\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{86202473-BC97-438B-AC4D-1379F3EF7B85}] (...) -- D:\SETUP\SETUP95.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A2625244-B2DD-42E8-A1F2-E7AE33900ECF}] (...) -- D:\INSTALL.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A4B2F0ED-E2EE-4755-8821-5F2F20530F7E}] (...) -- C:\Users\Utilisateur\Downloads\Readiris Pro 10 + Crack\Crack.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A684664A-A861-43CC-8567-C363AC5261C6}] (...) -- I:\autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BCEEC74F-E1A3-4970-A550-64561EB9DECE}] (...) -- D:\SETUP\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BD9CE44D-2B5D-456F-A42A-7EFE06FE3D7E}] (...) -- D:\SETUP\INSTALL\SETUP95.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C70886F6-6468-4D71-AB7C-0F9830754ED3}] (...) -- C:\Users\Utilisateur\Desktop\vkaraokeFR.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D942E7B1-5E35-4E8D-ABF2-F6B1446CDA54}] (...) -- D:\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F181A03A-E971-4429-BCCA-C4F7A50B3D10}] (...) -- C:\Program Files (x86)\Psygnosis\Drakan\Drakan.exe (.not file.) [0]
O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [268]
~ Scheduled Task: 43 Legitimates Filtered in 00mn 07s



---\\ Logiciels installés (O42)
O42 - Logiciel: Content Manager - (.Magellan.) [HKLM][64Bits] -- {B64BC516-2406-43AE-A21A-1E387A2343B1}
O42 - Logiciel: Le collectionneur de recettes 1.8.0 - (.Robert Lebel.) [HKLM][64Bits] -- {9D38CBBA-6627-4606-962F-3B21D7AD4AF0}_is1
O42 - Logiciel: Mega World Smash - (...) [HKLM][64Bits] -- {585ED094-195D-4E6D-A065-7E12E8AEA24B}
O42 - Logiciel: Outcast - (...) [HKLM][64Bits] -- Outcast
O42 - Logiciel: Outcast Patch - (...) [HKLM][64Bits] -- {523113E0-ABFD-11D3-BE74-0000E20392C2}
O42 - Logiciel: coverXP (remove only) - (...) [HKLM][64Bits] -- coverXP
~ Logic: 23 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Condut]
[HKCU\Software\IGearSettings]
[HKCU\Software\IM]
[HKCU\Software\LeCollectionneurDeRecettes]
[HKCU\Software\Mixi.DJ]
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\StartSearch] =>PUP.StartSearch
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\WEDLMNGR] =>PUP.weDownloadManager
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\coverXP]
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Appeal]
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\LeCollectionneurDeRecettes]
[HKLM\Software\Wow6432Node\Paretologic] =>PUP.Paretologic
[HKLM\Software\Wow6432Node\SProtector] =>PUP.Mocaflix
[HKLM\Software\Wow6432Node\Surreal]
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
~ Key Software: 397 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2013-08-26 - 15:54:11 - [] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 2012-04-27 - 21:12:32 - [] ----D C:\Program Files (x86)\Content Manager
O43 - CFD: 2012-03-19 - 17:00:57 - [] ----D C:\Program Files (x86)\coverXP
O43 - CFD: 2013-11-13 - 20:37:09 - [] ----D C:\Program Files (x86)\ePUBee
O43 - CFD: 2013-05-03 - 21:52:46 - [0] ----D C:\Program Files (x86)\GUM1880.tmp
O43 - CFD: 2014-01-02 - 15:34:05 - [] ----D C:\Program Files (x86)\Le collectionneur de recettes
O43 - CFD: 2013-03-25 - 10:14:54 - [0] ----D C:\Program Files (x86)\MagniPic =>Adware.MagniPic
O43 - CFD: 2013-12-09 - 14:48:44 - [] ----D C:\Program Files (x86)\Outcast
O43 - CFD: 2014-01-01 - 10:16:33 - [0] ----D C:\Program Files (x86)\suruf and keep =>Adware.SurfAndKeep
O43 - CFD: 2013-02-20 - 00:52:32 - [0] ----D C:\Program Files (x86)\TornTV.com =>Hijacker.TornTV
O43 - CFD: 2014-01-01 - 10:16:49 - [] ----D C:\ProgramData\acdd4ebb1ebad339
O43 - CFD: 2012-05-27 - 21:39:09 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 2013-03-23 - 21:57:35 - [] ----D C:\ProgramData\CLSoft LTD
O43 - CFD: 2013-09-25 - 13:58:21 - [0] ----D C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch
O43 - CFD: 2013-12-29 - 20:47:08 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 2013-03-23 - 22:09:32 - [] ----D C:\ProgramData\MaagniPico =>Adware.MagniPic
O43 - CFD: 2014-01-01 - 20:44:55 - [0] ----D C:\ProgramData\suruf and keep =>Adware.SurfAndKeep
O43 - CFD: 2014-01-03 - 00:26:42 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 2013-03-30 - 11:44:01 - [] ----D C:\Users\Utilisateur\AppData\Roaming\.ePUBee
O43 - CFD: 2013-12-12 - 14:27:56 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\12472
O43 - CFD: 2014-01-28 - 12:37:25 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\13410
O43 - CFD: 2013-12-11 - 16:18:30 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\14134
O43 - CFD: 2013-12-12 - 13:32:58 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\1702
O43 - CFD: 2013-12-11 - 20:51:57 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\2176
O43 - CFD: 2014-01-22 - 12:29:18 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\22879
O43 - CFD: 2013-12-12 - 12:34:21 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\22985
O43 - CFD: 2013-12-12 - 13:54:33 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\5931
O43 - CFD: 2013-12-12 - 13:55:53 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\6192
O43 - CFD: 2013-12-11 - 15:52:40 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\8158
O43 - CFD: 2013-12-12 - 14:11:26 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\9239
O43 - CFD: 2013-12-12 - 14:14:33 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\9850
O43 - CFD: 2013-04-26 - 11:31:59 - [] ----D C:\Users\Utilisateur\AppData\Roaming\BD2A2F2D-E282-485F-90C6-F81819043CAC
O43 - CFD: 2014-02-05 - 14:48:48 - [] ----D C:\Users\Utilisateur\AppData\Roaming\com.inm.fusion.PixtorioViewer
O43 - CFD: 2014-02-05 - 14:48:48 - [] ----D C:\Users\Utilisateur\AppData\Roaming\com.inm.fusion.PixtorioViewer.744790F1545733D757EA034B675902690507C2E8.1
O43 - CFD: 2013-08-26 - 15:30:22 - [0] ----D C:\Users\Utilisateur\AppData\Local\Conduit
O43 - CFD: 2014-01-02 - 15:34:19 - [] ----D C:\Users\Utilisateur\AppData\Local\Le collectionneur de recettes
O43 - CFD: 2013-12-09 - 16:38:18 - [] ----D C:\Users\Utilisateur\AppData\Local\WhiteListing
O43 - CFD: 2012-03-19 - 17:00:52 - [] ----D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\coverXP
O43 - CFD: 2012-02-09 - 11:32:52 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mes Jeux
O43 - CFD: 2014-01-18 - 11:16:18 - [] ----D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilitaire
~ 6 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 323 Legitimates Filtered in 00mn 00s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro35.sys . (.Pas de propriétaire - Hitman Pro 3.5 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro35.sys
~ CSB: 14 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{10d67948-8c62-11e1-aa48-782bcbaac6a8}\AutoRun\command. (...) -- K:\Setup.exe (.not file.)
O51 - MPSK:{a54e2e40-7b2b-11e1-b007-806e6f6e6963}\AutoRun\command. (...) -- I:\AutoRunMorrowind.exe (.not file.)
~ Keys: Scanned in 00mn 03s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\HP Software Update [Key] . (...) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (.not file.) =>.Hewlett-Packard Co
O53 - SMSR:HKLM\...\startupreg\Uniblue SpeedUpMyPC [Key] . (...) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe (.not file.) =>PUP.SpeedUpMyPC
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (...) -- C:\Program Files (x86)\uTorrent\uTorrent.exe (.not file.) =>P2P.µTorrent
~ SMSR Keys: 21 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.46571ED73AE84469DCA53081D33CF3C8] - 2012-08-28 - 12:45:40 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 2009-07-13 - 20:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 2009-06-10 - 15:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.63C0BE20A6DB9824951E5C2D4116503C] - 2011-11-17 - 18:19:32 ---A- . (.Pas de propriétaire - Hitman Pro 3.5 Support Driver.) -- C:\Windows\System32\Drivers\hitmanpro35.sys [23112]
O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 2009-06-10 - 15:37:19 ---A- . (...) -- C:\Windows\System32\Drivers\secdrv.sys [23040]
O58 - SDL:[MD5.A15860E920B02C9A7CE8F3A6C2FF1E3A] - 2012-08-28 - 12:18:18 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [560184]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 2009-07-13 - 20:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.20A4A4513E50F84B662E106EB27F5AEB] - 2010-05-27 - 01:54:00 ---A- . (.silex technology, Inc. - SXUPTP Driver.) -- C:\Windows\System32\Drivers\sxuptp.sys [291336]
O58 - SDL:[MD5.91BC8C886ED6DE9AC8598E7F464A2A9B] - 2011-12-12 - 18:42:59 ---A- . (...) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS [20128]
~ Drivers: 19 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://isearch.babylon.com =>PUP.Babylon
O69 - SBI: SearchScopes [HKCU] {55604068-B123-43F6-AD1D-3CED2421838F} - (AVG Secure Search) - http://isearch.avg.com =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {77E4C0F3-4BF9-4FDB-BD80-9E72F0692FAB} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {7BFC52FC-6D49-4B06-BBED-AE118F8454FF} - (Somoto V.1 Customized Web Search) - http://search.conduit.com =>Adware.MegaSearch
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (Privitize VPN) - http://searchou.com =>Hijacker.PrivitizeVPN
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.8BE247DC8D170AF31BC80147D53685A4] [SPRF][2012-09-28] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF][2011-08-21] (...) -- C:\Users\Utilisateur\AppData\Roaming\inst.exe [99384]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "89F2A2465FB44484694198D9BD0A0CA1" . (.ePUBee DRM Removal.) -- C:\Windows\Installer\{642A2F98-4BF5-4844-9614-899DDBA0C01A}\_853F67D554F05449430E7E.exe
~ Update Products: 197 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.CAC92727C33BEC0A79965C61BBB1C82F] [WIS][2011-07-19] (.Igor Pavlov - 7-Zip (x64 edition) Package.) -- C:\Windows\Installer\1e8098e.msi [1376768]
~ WIS: 200 Legitimates Filtered in 00mn 22s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerApp_RASAPI32 =>PUP.Manager
HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerApp_RASMANCS =>PUP.Manager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32 =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FileCure_RASAPI32 =>PUP.FileCure
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FileCure_RASMANCS =>PUP.FileCure
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\googletoolbarinstaller_en64_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\googletoolbarinstaller_en64_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarManager_B6E98F0202354167_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarManager_B6E98F0202354167_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32 =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS =>Adware.Bloson
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MixiDJ_V16ToolbarHelper_RASAPI32 =>Toolbar.MixiDJ
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MixiDJ_V16ToolbarHelper_RASMANCS =>Toolbar.MixiDJ
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PrivitizeVPN_1_RASAPI32 =>Hijacker.PrivitizeVPN
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PrivitizeVPN_1_RASMANCS =>Hijacker.PrivitizeVPN
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PrivitizeVPN_RASAPI32 =>Hijacker.PrivitizeVPN
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PrivitizeVPN_RASMANCS =>Hijacker.PrivitizeVPN
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tiger savings-bg_RASAPI32 =>PUP.SpecialSavings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tiger savings-bg_RASMANCS =>PUP.SpecialSavings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Tiger Savings_RASAPI32 =>PUP.SpecialSavings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Tiger Savings_RASMANCS =>PUP.SpecialSavings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent programe_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent programe_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS =>Adware.Yontoo
~ BTK: 474 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
[HKCR\CLSID\{D9311D3D-7761-A389-C110-87BFC4FA3AE4}] (YoutubeAdblocker) =>PUP.Multiplug
~ BCK: 4845 Legitimates Filtered in 00mn 03s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2014-04-13 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 2011-06-24 1045256 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 2011-07-03 13160 | (GoToAssist) . (.Citrix Online, a division of Citrix Systems.) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
SS - | Auto 2012-09-14 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2012-09-14 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2012-09-14 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 1658-07-10 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Demand 2007-01-05 774144 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 2006-12-23 262144 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Demand 2010-11-25 1116656 | (RoxMediaDB12OEM) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
SS - | Auto 2010-11-25 219632 | (RoxWatch12) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
SS - | Auto 2013-03-01 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 2010-11-08 74392 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

SR - | Auto 2012-09-07 140672 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE64.exe
SR - | Auto 2013-02-15 1144496 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
SR - | Auto 2013-12-21 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 2013-04-26 3808248 | (afcdpsrv) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
SR - | Auto 2013-12-06 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 2013-10-12 214512 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
SR - | Auto 2010-05-27 49152 | (D-Link SharePort Helper) . (...) - C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe
SR - | Auto 2013-11-21 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 2007-12-05 79136 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 2013-07-18 762192 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 2013-10-18 16000 | (Seagate Dashboard Services) . (.Seagate Technology LLC.) - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
SR - | Auto 2010-08-20 689472 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
SR - | Auto 2013-03-20 7093272 | (syncagentsrv) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
SR - | Auto 2009-07-13 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 1658-07-10 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 2009-07-13 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 04s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:[MD5.A15860E920B02C9A7CE8F3A6C2FF1E3A] - 2012-08-28 - 12:18:18 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [560184]
~ Emulateurs: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (2014-04-19)
Clés trouvées (Keys found) : 35
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 14
Fichiers trouvés (Files found) : 19

[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Uniblue SpeedUpMyPC] =>PUP.SpeedUpMyPC^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.µTorrent^
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\SProtector] =>PUP.AdvancedSystemProtector
[HKCU\Software\StartSearch] =>Hijacker.Agent
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\I Want This_RASAPI32] =>Adware.GamePlayLabs
[HKLM\Software\Wow6432Node\Microsoft\Tracing\I Want This_RASMANCS] =>Adware.GamePlayLabs
[HKCU\Software\Mixi.DJ] =>Toolbar.MixiDJ
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\Wow6432Node\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\askpartnercobrandingtool_rasapi32] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\askpartnercobrandingtool_rasmancs] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271167}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271167}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271167}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Program Files (x86)\MagniPic =>Adware.MagniPic^
C:\Program Files (x86)\suruf and keep =>Adware.SurfAndKeep^
C:\Program Files (x86)\TornTV.com =>Hijacker.TornTV^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\DSearchLink =>Toolbar.DeltaSearch^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\MaagniPico =>Adware.MagniPic^
C:\ProgramData\suruf and keep =>Adware.SurfAndKeep^
C:\Program Files (x86)\Conduit =>Toolbar.Conduit
C:\Users\Utilisateur\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\Utilisateur\AppData\LocalLow\BabylonToolbar =>PUP.Babylon
C:\Users\Utilisateur\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Utilisateur\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\rs0jgsaa.default\Extensions\ffxtlbr@babylon.com =>PUP.Babylon
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe =>Toolbar.Google^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\WEDLMNGR] =>PUP.weDownloadManager^
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\Paretologic] =>PUP.Paretologic^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
[HKCR\CLSID\{D9311D3D-7761-A389-C110-87BFC4FA3AE4}] (YoutubeAdblocker) =>PUP.Multiplug^
C:\Users\Utilisateur\AppData\Local\Temp\nsm4D5C.exe =>Toolbar.Conduit
C:\Users\Utilisateur\AppData\Local\Temp\nsr47FD.exe =>Toolbar.Conduit
C:\Users\Utilisateur\AppData\Local\Temp\nsu941A.exe =>Toolbar.Conduit
C:\Users\Utilisateur\AppData\Local\Temp\nsw594C.exe =>Toolbar.Conduit
C:\Users\Utilisateur\AppData\Local\Temp\nsw741E.exe =>Toolbar.Conduit
~ Additionnel Scan: 341541 Items scanned in 00mn 14s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/29626487-hijacker-office =>Hijacker.Office
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.webs.com/apps/blog/show/30068076-pup-paretologic =>PUP.Paretologic
http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch =>PUP.StartSearch
http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
http://nicolascoolman.webs.com/apps/blog/show/32930303-pup-wedownloadmanager =>PUP.weDownloadManager
http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/28486577-pup-mocaflix =>PUP.Mocaflix
http://nicolascoolman.webs.com/apps/blog/show/26632189-adware-magnipic =>Adware.MagniPic
http://nicolascoolman.webs.com/apps/blog/show/35582793-adware-surfandkeep =>Adware.SurfAndKeep
http://nicolascoolman.webs.com/apps/blog/show/27660150-hijacker-torntv =>Hijacker.TornTV
http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
http://nicolascoolman.webs.com/apps/blog/show/27068497-hijacker-privitizevpn =>Hijacker.PrivitizeVPN
http://nicolascoolman.webs.com/apps/blog/show/34213529-pup-manager =>PUP.Manager
http://nicolascoolman.webs.com/apps/blog/show/32755958-adware-bloson =>Adware.Bloson
http://nicolascoolman.webs.com/apps/blog/show/28493995-pup-filecure =>PUP.FileCure
http://nicolascoolman.webs.com/apps/blog/show/26686441-pup-specialsavings =>PUP.SpecialSavings
http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>PUP.Wajam
http://nicolascoolman.webs.com/apps/blog/show/26811836-adware-yontoo =>Adware.Yontoo
http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits =>PUP.ToparcadeHits
http://nicolascoolman.webs.com/apps/blog/show/26630283-pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://nicolascoolman.webs.com/apps/blog/show/26820943-adware-gameplaylabs =>Adware.GamePlayLabs
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong
~ MSI: 27 link(s) detected in 00mn 00s



~ 1488 Legitimates filtered by white list
End of the scan (691 lines in 01mn 57s)(0)

Publicité


Signaler le contenu de ce document

Publicité