cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.5.11.60 - Nicolas Coolman (11-5-2014)
~ Lancé par younes (11-5-2014 22:35:04)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Blog d'analyse software : http://nicolascoolman.byethost7.com/wordpress/
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16384
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Norton Internet Security v20.4.0.40
Windows Defender W8

---\\ Logiciels d'optimisation du système
RegCure Pro v3.2.1.0 =>Rogue.RegCurePro

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Java 7 Update 55

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3912 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 298 GB (66%) free of 446 GB

---\\ Mode de connexion au système
~ Computer Name: HORYOU
~ User Name: younes
~ All Users Names: younes, HomeGroupUser$, Gast, Administrator,
~ Unselected Option: O61
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\younes\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\younes\AppData\Roaming\
~ %Desktop% : C:\Users\younes\Desktop\
~ %Favorites% : C:\Users\younes\Favorites\
~ %LocalAppData% : C:\Users\younes\AppData\Local\
~ %StartMenu% : C:\Users\younes\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 298 Go of 446 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.928791755FDDEA721B053535EF84FA17] - (.Microsoft Corporation - Windows Verkenner.) (.26-7-2012 - 05:49:13.) -- C:\Windows\Explorer.exe [2380440]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.26-7-2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.3DA7E6053DB9BE3EADC70CE20B1FB92B] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.26-7-2012 - 04:07:56.) -- C:\Windows\System32\wininet.dll [2246656]
[MD5.93AB226C07A9789B2EC7B41F73602F76] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.26-7-2012 - 04:08:50.) -- C:\Windows\System32\Winlogon.exe [516608]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.26-7-2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.9E975BDC89C83900B2C534C4E1B018F8] - (.Microsoft Corporation - Ondersteunend functiestuurprogramma van WinSock.) (.26-7-2012 - 06:26:47.) -- C:\Windows\system32\Drivers\AFD.sys [561152]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26-7-2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26-7-2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26-7-2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26-7-2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.8D6810577E9C4F56DCB8E9BACAC7287B] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.26-7-2012 - 03:27:36.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.26-7-2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26-7-2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.1EEAA5A62E8C49DDF58798F06F78BFFA] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26-7-2012 - 03:23:25.) -- C:\Windows\system32\Drivers\MRxSmb.sys [368128]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26-7-2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.4A7EEA9C4AD5CBFDA3C0E5B821C99CAD] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.26-7-2012 - 06:26:46.) -- C:\Windows\system32\Drivers\ntfs.sys [1934064]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.26-7-2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26-7-2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP-apparaatredirector.) (.26-7-2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26-7-2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.26-7-2012 - 05:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes musiques (My Musics) : 1/7
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 1/6
~ Mon Bureau (My Desktop) : 2/886
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.EB11CD296594C6FDE57C9407F239BFBC] - (.IObit - Advanced SystemCare 7 Monitor.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [781088] [PID.2868]
[MD5.1B38F4C2BCDB133B757E22BEB61FB3FC] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1176176] [PID.2020]
[MD5.723DB99F24FBDCC8DE746D5689B20E79] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\younes\AppData\Roaming\uTorrent\uTorrent.exe [1266520] [PID.3568] =>P2P.BitTorrent
[MD5.EDBBDEBE0FDF577A647216C452773A90] - (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2288928] [PID.3316]
[MD5.F5ED26AB8BDD951BFAC8BBD0D68BA3E9] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992] [PID.3756]
[MD5.CC78200C3ECFFA178E78308A0E160D80] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\younes\AppData\Local\Akamai\netsession_win.exe [4672920] [PID.3152]
[MD5.A0251ED3ABBA7ACC84416738C8282ACA] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616] [PID.3728]
[MD5.79C28DDF889C26FDD6162F796FD49BC4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.3980]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.1064]
[MD5.17D9622BFE68386E8C647C4C7F8FEA3E] - (.Citrix Systems, Inc. - Citrix FTA, URL Redirector.) -- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992] [PID.4300]
[MD5.0C2F9B66D80EE02A51D0CB15E2F61864] - (.Pas de propriétaire - Real-time Protector.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe [1214240] [PID.5608]
[MD5.1BF9D6476061B31CD7FC2BF848529A56] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368] [PID.5964]
[MD5.2AA1A680119A0F3528BB5F16C176F4F4] - (.IObit - Driver Booster.) -- C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [3775808] [PID.2768]
[MD5.20334A7FA17A850ABEB5BB0C131D81A6] - (...) -- C:\Program Files (x86)\TOP TV\rtmpgw.exe [196096] [PID.5788]
[MD5.D07C1C698247639A15A5C8EED4D63A56] - (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [4469536] [PID.8328]
[MD5.4593394B063EA7447F864444DB48C4AB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7874048] [PID.9404]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\younes\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://istart.webssearches.com =>Hijacker.WebsSearches
G0 - GCSP: Preference [User Data\Default][HomePage] http://istart.webssearches.com =>Hijacker.WebsSearches
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Winkel v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [hbcennhacfaagdopikcegfcobcadeocj] Ebay Shopping Assistant by Spigot v.1.1 (Désactivé) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [icdlfehblmklkikfigmjhbmmpmkmpooj] Domain Error Assistant v.1.4 (Désactivé) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [majjphhgppkndjjkmhhnbgafooenebhd] MediaPlayerplus v.1.26.30, (Activé) =>PUP.CrossRider
G2 - GCE: Preference [User Data\Default] [mhkaekfpcppmmioggniknbnbdbcigpkk] Slick Savings v.2.5 (Désactivé) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick Start v.3.2.3, (Activé) =>PUP.QuickStart
G2 - GCE: Preference [User Data\Default] [pfndaklgolladniicklehhancnlgocpp] Amazon Shopping Assistant by Spigot v.1.0 (Désactivé) =>PUP.Dealio

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 23 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M0 - MFSP: prefs.js [younes - p2krjf3y.default] http://istart.webssearches.com =>Hijacker.WebsSearches
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>Hijacker.WebsSearches
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
O1 - Hosts: 74.208.10.249 gs.apple.com
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 23



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll =>PUP.SupTab
O2 - BHO: Linkey [64Bits] - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} Clé orpheline =>PUP.LinkeySearch
O2 - BHO: Ads Removal [64Bits] - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} . (.Adblock - Helps you remove browser ads!.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
~ BHO: 19 Legitimates Filtered in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O4 - GS\Desktop [Public]: Koop online.lnk . (...) -- C:\Program Files (x86)\Accessory Store\StartUrl.exe (.not file.)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O4 - GS\QuickLaunch [younes]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O4 - GS\QuickLaunch [younes]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O4 - GS\QuickLaunch [younes]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\younes\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [younes]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O4 - GS\TaskBar [younes]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O4 - GS\TaskBar [younes]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O4 - GS\Program [younes]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O4 - GS\Program [younes]: RegCure Pro (2).lnk . (.ParetoLogic, Inc. - RegCure Pro.) -- C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe =>Rogue.RegCurePro
O4 - GS\Program [younes]: RegCure Pro.lnk . (.ParetoLogic, Inc. - RegCure Pro.) -- C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe =>Rogue.RegCurePro
O4 - GS\Desktop [younes]: Internet Explore.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches
O4 - GS\Desktop [younes]: RegCure Pro.lnk . (.ParetoLogic, Inc. - RegCure Pro.) -- C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe =>Rogue.RegCurePro
O4 - GS\Desktop [younes]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\younes\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 16 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio configuratie.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\younes\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\younes\AppData\Local\Akamai\netsession_win.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [Norton Online Backup] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe =>.Symantec Corporation
O4 - HKLM\..\Wow6432Node\Run: [IObit Malware Fighter] . (.IObit - IObit Malware Fighter.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [PDF Complete] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files (x86)\PDF Complete\pdfsty.exe =>.PDF Complete Inc
O4 - HKLM\..\Wow6432Node\Run: [ConnectionCenter] . (.Citrix Systems, Inc. - Citrix Connection Center.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
O4 - HKLM\..\Wow6432Node\Run: [Redirector] . (.Citrix Systems, Inc. - Citrix FTA, URL Redirector.) -- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
O4 - HKUS\S-1-5-21-4162842590-1913850771-2871728830-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\younes\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-4162842590-1913850771-2871728830-1001\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKUS\S-1-5-21-4162842590-1913850771-2871728830-1001\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKUS\S-1-5-21-4162842590-1913850771-2871728830-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\younes\AppData\Local\Akamai\netsession_win.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{519871D1-846D-45C7-8427-18545844B4BB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{519871D1-846D-45C7-8427-18545844B4BB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML-viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
~ Services: 21 Legitimates Filtered in 00mn 09s



---\\ Clés Session Manager (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x86) . (...) -- C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll =>PUP.SystemK
O36 - AppCertDlls: (x64) . (...) -- C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll =>PUP.SystemK
~ Keys: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [621fa3bd-d121-43bf-b9d9-362ccc506d29-1] (...) -- C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [621fa3bd-d121-43bf-b9d9-362ccc506d29-2] (...) -- C:\Program Files (x86)\MediaPlayerplus\621fa3bd-d121-43bf-b9d9-362ccc506d29-2.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [621fa3bd-d121-43bf-b9d9-362ccc506d29-3] (...) -- C:\Program Files (x86)\MediaPlayerplus\621fa3bd-d121-43bf-b9d9-362ccc506d29-3.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [621fa3bd-d121-43bf-b9d9-362ccc506d29-4] (...) -- C:\Program Files (x86)\MediaPlayerplus\621fa3bd-d121-43bf-b9d9-362ccc506d29-4.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [621fa3bd-d121-43bf-b9d9-362ccc506d29-5] (...) -- C:\Program Files (x86)\MediaPlayerplus\621fa3bd-d121-43bf-b9d9-362ccc506d29-5.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [621fa3bd-d121-43bf-b9d9-362ccc506d29-6] (...) -- C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-novainstaller.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [621fa3bd-d121-43bf-b9d9-362ccc506d29-7] (...) -- C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-nova.exe (.not file.) [0] =>PUP.CrossRider
[MD5.3737749605D5F051275B03B3B4836869] [APT] [ParetoLogic Update Version3] (...) -- C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [1987184] =>PUP.Paretologic
[MD5.3737749605D5F051275B03B3B4836869] [APT] [ParetoLogic Update Version3 Startup Task] (...) -- C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [1987184] =>PUP.Paretologic
[MD5.00000000000000000000000000000000] [APT] [pricemetertask] (...) -- C:\Users\younes\AppData\Local\PriceMeter\TEMP\pricemeter.exe (.not file.) [0] =>PUP.PriceMeter
[MD5.00000000000000000000000000000000] [APT] [pricemeterwatcher] (...) -- C:\Users\younes\AppData\Local\PriceMeter\pricemeterw.exe (.not file.) [0] =>PUP.PriceMeter
[MD5.00000000000000000000000000000000] [APT] [RegistryDr_Popup] (...) -- C:\Program Files (x86)\Registry Dr\Splash.exe (.not file.) [0] =>Adware.RegistryDr
[MD5.00000000000000000000000000000000] [APT] [RegistryDr_Start] (...) -- C:\Program Files (x86)\Registry Dr\RegistryDr.exe (.not file.) [0] =>Adware.RegistryDr
O39 - APT: 621fa3bd-d121-43bf-b9d9-362ccc506d29-1 - (...) -- C:\Windows\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-1.job [1470] =>PUP.CrossRider
O39 - APT: 621fa3bd-d121-43bf-b9d9-362ccc506d29-1 - (...) -- C:\Windows\System32\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-1 [1470] =>PUP.CrossRider
O39 - APT: 621fa3bd-d121-43bf-b9d9-362ccc506d29-2 - (...) -- C:\Windows\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-2.job [1442] =>PUP.CrossRider
O39 - APT: 621fa3bd-d121-43bf-b9d9-362ccc506d29-2 - (...) -- C:\Windows\System32\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-2 [1442] =>PUP.CrossRider
O39 - APT: 621fa3bd-d121-43bf-b9d9-362ccc506d29-3 - (...) -- C:\Windows\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-3.job [3814] =>PUP.CrossRider
O39 - APT: 621fa3bd-d121-43bf-b9d9-362ccc506d29-3 - (...) -- C:\Windows\System32\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-3 [3814] =>PUP.CrossRider
O39 - APT: 621fa3bd-d121-43bf-b9d9-362ccc506d29-4 - (...) -- C:\Windows\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-4.job [2202] =>PUP.CrossRider
O39 - APT: 621fa3bd-d121-43bf-b9d9-362ccc506d29-4 - (...) -- C:\Windows\System32\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-4 [2202] =>PUP.CrossRider
O39 - APT: 621fa3bd-d121-43bf-b9d9-362ccc506d29-5 - (...) -- C:\Windows\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-5.job [1556] =>PUP.CrossRider
O39 - APT: 621fa3bd-d121-43bf-b9d9-362ccc506d29-5 - (...) -- C:\Windows\System32\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-5 [1556] =>PUP.CrossRider
O39 - APT: 621fa3bd-d121-43bf-b9d9-362ccc506d29-6 - (...) -- C:\Windows\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-6.job [1472] =>PUP.CrossRider
O39 - APT: 621fa3bd-d121-43bf-b9d9-362ccc506d29-6 - (...) -- C:\Windows\System32\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-6 [1472] =>PUP.CrossRider
O39 - APT: 621fa3bd-d121-43bf-b9d9-362ccc506d29-7 - (...) -- C:\Windows\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-7.job [1408] =>PUP.CrossRider
O39 - APT: 621fa3bd-d121-43bf-b9d9-362ccc506d29-7 - (...) -- C:\Windows\System32\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-7 [1408] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [940]
O39 - APT: - (..) -- C:\Windows\Tasks\ASC7_SkipUac_younes.job [258]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ASC7_SkipUac_younes [258]
O39 - APT: - (..) -- C:\Windows\Tasks\Driver Booster SkipUAC (younes).job [264]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Driver Booster SkipUAC (younes) [264]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\Tasks\ParetoLogic Registration3.job [484] =>PUP.Paretologic
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ParetoLogic Registration3 [484] =>PUP.Paretologic
O39 - APT: ParetoLogic Update Version3 Startup Task - (...) -- C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job [510] =>PUP.Paretologic
O39 - APT: ParetoLogic Update Version3 Startup Task - (...) -- C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task [510] =>PUP.Paretologic
O39 - APT: ParetoLogic Update Version3 - (...) -- C:\Windows\Tasks\ParetoLogic Update Version3.job [458] =>PUP.Paretologic
O39 - APT: ParetoLogic Update Version3 - (...) -- C:\Windows\System32\Tasks\ParetoLogic Update Version3 [458] =>PUP.Paretologic
O39 - APT: - (..) -- C:\Windows\System32\Tasks\RegCure Pro Startup [476] =>Rogue.RegCurePro
O39 - APT: APT: - (..) -- C:\Windows\System32\System32\Tasks\RegCure Pro Startup [476] - (..) -- C:\Windows\System32\Tasks\RegCure Pro [426] =>Rogue.RegCurePro
O39 - APT: - (..) -- C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job [294]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator [294]
~ Scheduled Task: 58 Legitimates Filtered in 00mn 06s



---\\ Logiciels installés (O42)
O42 - Logiciel: RegCure Pro - (.ParetoLogic, Inc..) [HKLM][64Bits] -- {C547F361-5750-4CD1-9FB6-BC93827CB6C1} =>Rogue.RegCurePro
O42 - Logiciel: TOP TV version 1.0.2 - (.TOP TV.) [HKLM][64Bits] -- {A1C950FA-E7FB-40E0-8746-6248ABD1B19D}_is1
~ Logic: 13 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKCU\Software\RegistryDrLanguage] =>Adware.RegistryDr
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SystemK] =>PUP.SystemK
[HKCU\Software\dz_01]
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Linkey] =>PUP.LinkeySearch
[HKLM\Software\Wow6432Node\ADSRemoval]
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\Wow6432Node\SystemK] =>PUP.SystemK
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 251 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 9-5-2014 - 19:35:54 - [] ----D C:\Program Files (x86)\ParetoLogic =>PUP.Paretologic
O43 - CFD: 15-4-2014 - 15:08:30 - [] ----D C:\Program Files (x86)\Settings Manager =>PUP.SystemK
O43 - CFD: 9-5-2014 - 21:13:12 - [] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 11-5-2014 - 19:37:27 - [] ----D C:\Program Files (x86)\TOP TV
O43 - CFD: 9-5-2014 - 19:35:57 - [] ----D C:\Program Files (x86)\Common Files\ParetoLogic =>PUP.Paretologic
O43 - CFD: 17-4-2014 - 18:15:39 - [] ----D C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio
O43 - CFD: 9-5-2014 - 21:35:32 - [] ----D C:\ProgramData\374311380
O43 - CFD: 5-9-2012 - 16:57:57 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 9-5-2014 - 21:13:11 - [] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 9-5-2014 - 19:35:57 - [] ----D C:\ProgramData\ParetoLogic =>PUP.Paretologic
O43 - CFD: 4-5-2014 - 22:14:15 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 11-5-2014 - 22:27:16 - [] ----D C:\ProgramData\systemk =>PUP.SystemK
O43 - CFD: 17-4-2014 - 23:33:00 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 17-4-2014 - 10:56:48 - [] ----D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
O43 - CFD: 17-4-2014 - 10:56:47 - [] ----D C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
O43 - CFD: 9-5-2014 - 19:47:24 - [] --H-D C:\Users\younes\AppData\Roaming\02E60000
O43 - CFD: 9-5-2014 - 19:47:24 - [] --H-D C:\Users\younes\AppData\Roaming\02F20000
O43 - CFD: 27-4-2014 - 16:28:15 - [] ----D C:\Users\younes\AppData\Roaming\InfoServ
O43 - CFD: 15-4-2014 - 13:46:37 - [] ----D C:\Users\younes\AppData\Roaming\install
O43 - CFD: 14-4-2014 - 20:48:26 - [] ----D C:\Users\younes\AppData\Roaming\lm
O43 - CFD: 27-4-2014 - 16:28:51 - [0] ----D C:\Users\younes\AppData\Roaming\NFI-DC
O43 - CFD: 27-4-2014 - 16:28:11 - [0] ----D C:\Users\younes\AppData\Roaming\OptiFlasher
O43 - CFD: 9-5-2014 - 19:22:42 - [] ----D C:\Users\younes\AppData\Roaming\ParetoLogic =>PUP.Paretologic
O43 - CFD: 15-4-2014 - 15:04:40 - [] ----D C:\Users\younes\AppData\Roaming\ProductData
O43 - CFD: 7-5-2014 - 14:52:13 - [0] ----D C:\Users\younes\AppData\Roaming\Seas0nPass
O43 - CFD: 15-4-2014 - 14:55:40 - [] ----D C:\Users\younes\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 15-4-2014 - 15:01:30 - [] ----D C:\Users\younes\AppData\Local\RegistryDR =>Adware.RegistryDr
O43 - CFD: 17-4-2014 - 10:56:11 - [] ----D C:\Users\younes\AppData\Local\Slick Savings =>PUP.Dealio
O43 - CFD: 9-5-2014 - 19:36:02 - [] ----D C:\Users\younes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic =>PUP.Paretologic
~ Program Folder: 173 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.9F58722136654066728ECD28632DBC33] - 27-4-2014 - 15:56:05 ---A- . (.Silicon Laboratories - Silicon Labs CP210x USB to UART Bridge Driv.) -- C:\Windows\System32\Drivers\silabser.sys [70344]
O44 - LFC:[MD5.7799106FEE728B907A86D9C9751E02D5] - 27-4-2014 - 15:56:05 ---A- . (.Silicon Laboratories - Silicon Labs VCP Serial Enumerator.) -- C:\Windows\System32\Drivers\silabenm.sys [27336]
O44 - LFC:[MD5.72AA643C526DDB882B7DA9394947DF16] - 27-4-2014 - 16:22:44 ---A- . (...) -- C:\Windows\System32\termcap [862]
O44 - LFC:[MD5.8A7F6A9C33AE80DF1D639F3674D826BB] - 8-5-2014 - 18:10:21 ---A- . (...) -- C:\Windows\System32\Settings.ini [567]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 8-5-2014 - 23:33:04 ---A- . (...) -- C:\asc_rdflag [0]
O44 - LFC:[MD5.EF255A7B70D4884B80B8D727B74F3E83] - 9-5-2014 - 11:54:06 ---A- . (.PDF Complete, Inc. - PDF Complete Print Monitor.) -- C:\Windows\System32\pdfc_port.dll [19464]
O44 - LFC:[MD5.919DAC5548D2000BFE3E43C0F74CE669] - 9-5-2014 - 15:06:26 ---A- . (...) -- C:\Windows\win.ini [167]
~ Files: 22 Legitimates Filtered in 00mn 02s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.9D162C51E0276CFE0BCADBE7F6D3AD3A] - 27-4-2014 - 18:51:59 ---A- - C:\Windows\Prefetch\BETTERINSTALLER.EXE-99B33116.pf =>Adware.MegaSearch
O45 - LFCP:[MD5.6CF6013EE2419A243DED37D2A4C96B01] - 9-5-2014 - 20:05:47 ---A- - C:\Windows\Prefetch\FORTUNITASSETUP.EXE-802F01AA.pf =>PUP.Fortunitas
O45 - LFCP:[MD5.8522112828C51E3FF6219AF14E5766C9] - 9-5-2014 - 20:13:06 ---A- - C:\Windows\Prefetch\FORTUNITASUNINSTALL.EXE-D8AB80AB.pf =>PUP.Fortunitas
O45 - LFCP:[MD5.66B1283C2D1252DA71C995DDD3BE8F61] - 9-5-2014 - 20:08:30 ---A- - C:\Windows\Prefetch\FORTUNITAS_SETUP.EXE-5BBB0104.pf =>PUP.Fortunitas
O45 - LFCP:[MD5.43135AB28B4AF1611FA216B9FC5813E4] - 9-5-2014 - 20:05:44 ---A- - C:\Windows\Prefetch\LLY_WEBSSEARCHES.EXE .EXE-FE9474ED.pf =>Hijacker.WebsSearches
O45 - LFCP:[MD5.A06307754742246F0F8BAC743A9063D4] - 9-5-2014 - 20:09:23 ---A- - C:\Windows\Prefetch\MEDIAPLAYERPLUS-BG.EXE-EA87D0B3.pf =>PUP.CrossRider
O45 - LFCP:[MD5.6A9E706737B499EF13849F73061AC886] - 9-5-2014 - 20:09:13 ---A- - C:\Windows\Prefetch\MEDIAPLAYERPLUS-CODEDOWNLOADE-DD2EDCB8.pf =>PUP.CrossRider
O45 - LFCP:[MD5.117A5E86AB286D7E59CB03506933BB22] - 9-5-2014 - 20:08:16 ---A- - C:\Windows\Prefetch\MEDIAPLAYERPLUS-NOVAINSTALLER-9DE9E138.pf =>PUP.CrossRider
O45 - LFCP:[MD5.DAEF2CA8587CB62C17CA7312B333FE86] - 9-5-2014 - 20:06:39 ---A- - C:\Windows\Prefetch\MEDIAPLAYERPLUS.EXE-B8F8D1E7.pf =>PUP.CrossRider
O45 - LFCP:[MD5.8C3657AEAE2F311F61203C6D5FF6696E] - 9-5-2014 - 20:07:39 ---A- - C:\Windows\Prefetch\MYPC BACKUP.EXE-D2D9F9B9.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.8F064CEF56B887D9A0D2311FCD75FE8E] - 9-5-2014 - 20:06:33 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO.EXE-5174899E.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.0D5F2FC18573ECF29942DC7661F57A0C] - 9-5-2014 - 20:07:56 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO.EXE-FA03D2EB.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.D7B3DE2769223884D3D099BE040D7A77] - 9-5-2014 - 20:07:44 ---A- - C:\Windows\Prefetch\OPTPROSTART.EXE-65F7E6B1.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.47A822C9C0C2CCED9C1DA4C381D961C2] - 9-5-2014 - 18:36:02 ---A- - C:\Windows\Prefetch\REGCUREPRO.EXE-0077E5B8.pf =>Rogue.RegCure
O45 - LFCP:[MD5.9462CDADF972BFC053331F301347EFAE] - 9-5-2014 - 18:35:29 ---A- - C:\Windows\Prefetch\REGCUREPROSETUP.EXE-F2E474FE.pf =>Rogue.RegCure
O45 - LFCP:[MD5.A9606FCAF3C9FC450DDDE68B711C9F02] - 9-5-2014 - 17:44:06 ---A- - C:\Windows\Prefetch\REGCUREPROSETUP.EXE-F89BCEA0.pf =>Rogue.RegCure
O45 - LFCP:[MD5.834A1C7ACF469EE9D1D8F2D9251D6B0A] - 9-5-2014 - 20:14:03 ---A- - C:\Windows\Prefetch\SIGNUP WIZARD.EXE-9554BD21.pf =>PUP.JDIBackup
O45 - LFCP:[MD5.3CE21CF5297D2F5D409286B668BC42E9] - 15-4-2014 - 14:03:54 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_VOOR_IOBIT-06B83901.pf =>Toolbar.Conduit
O45 - LFCP:[MD5.417FEA29DA39017418E035305E952024] - 7-5-2014 - 14:02:47 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_VOOR_PUTTY-39E6FF5B.pf =>Toolbar.Conduit
O45 - LFCP:[MD5.EB8626093BBA36FCAAB494DD464A7BBC] - 9-5-2014 - 20:13:12 ---A- - C:\Windows\Prefetch\SUPIEPLUGINSERVICEUPDATE.EXE-64C891B3.pf =>Trojan.SProtector
O45 - LFCP:[MD5.D0F1A88D4D0211E5BFAAD4A24F4BF705] - 9-5-2014 - 20:13:11 ---A- - C:\Windows\Prefetch\SUPTAB.EXE-B9170D39.pf =>PUP.SupTab
O45 - LFCP:[MD5.2BB569133A9275781DA5DD6CAE806492] - 9-5-2014 - 19:56:17 ---A- - C:\Windows\Prefetch\SYSTEMKU.EXE-2CB37E34.pf =>PUP.SystemK
O45 - LFCP:[MD5.4A6EA8B714A21F97F18854526FFF1065] - 8-5-2014 - 23:37:20 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-7D66811C.pf =>P2P.µTorrent
O45 - LFCP:[MD5.67BA6DA2BB0326AEDD299FECE6C81AFB] - 9-5-2014 - 20:06:16 ---A- - C:\Windows\Prefetch\VOPACKAGE.EXE-51D46CFF.pf =>Adware.Downware
O45 - LFCP:[MD5.8198917E9502DEAE96C26BCD5466A87D] - 9-5-2014 - 12:04:44 ---A- - C:\Windows\Prefetch\WAJAM_VALIDATE.EXE-7587DB88.pf =>PUP.Wajam
O45 - LFCP:[MD5.C4EACA329F556BCD21F4772E7D26118E] - 9-5-2014 - 20:12:58 ---A- - C:\Windows\Prefetch\WPM.EXE-6A0FF232.pf =>PUP.WpManager
~ Prefetcher: 26 Legitimates Filtered in 00mn 01s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe =>Trojan.Staser
O50 - IFEO:Image File Execution Options - jumpflip - tasklist.exe =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - searchinstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - searchsettings.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - searchsettings64.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - umbrella.exe - tasklist.exe =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - volaro - tasklist.exe =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - vonteera - tasklist.exe =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - websteroids.exe - tasklist.exe =>PUP.TubeDimmer
O50 - IFEO:Image File Execution Options - websteroidsservice.exe - tasklist.exe =>PUP.TubeDimmer
~ IFEO: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:28-11-2013 - 01:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [175480]
O58 - SDL:14-6-2010 - 10:19:46 ---A- . (.Silicon Laboratories - Silicon Labs VCP Serial Enumerator.) -- C:\Windows\System32\Drivers\silabenm.sys [27336]
O58 - SDL:14-6-2010 - 10:19:46 ---A- . (.Silicon Laboratories - Silicon Labs CP210x USB to UART Bridge Driver.) -- C:\Windows\System32\Drivers\silabser.sys [70344]
O58 - SDL:23-1-2014 - 04:21:06 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:23-1-2014 - 04:21:06 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:23-1-2014 - 04:21:06 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [206080]
O58 - SDL:26-7-2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:22-8-2013 - 13:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
~ Drivers: 52 Legitimates Filtered in 00mn 04s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [younes - p2krjf3y.default] user_pref("extensions.crossrider.bic", "145e292989158368a301f97f20ed1b7c"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (webssearches) - http://istart.webssearches.com =>Hijacker.WebsSearches
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} - (default-search.net) - http://www.default-search.net =>Hijacker.SearchNet
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\younes\Downloads\Keygen.rar =>.Crack,Keygen
~ Files: Scanned in 00mn 27s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.CF43D0F929AE3335692D014F4DF05E6D] [SPRF][15-4-2014] (...) -- C:\Users\younes\AppData\Roaming\younes-wchelper.dll [154283]
[MD5.B1D3B82AD49748FFB5D0EA3F4FCC2EA1] [SPRF][3-7-2013] (.FireCore, LLC - Version 2.3.) -- C:\Users\younes\Desktop\aTV Flash (black).exe [11129344]
[MD5.AAF1632D20AC156CEEAEDF234835201D] [SPRF][1-3-2013] (.Pas de propriétaire - Crystalbuntu Installer.) -- C:\Users\younes\Desktop\crystalbuntu-win.exe [27648]
[MD5.59C4082648A09EFFE44E8CA139C1E50E] [SPRF][27-4-2014] (.Dream Multimedia TV - Pas de description.) -- C:\Users\younes\Desktop\DreamUP_1_3_3_9.exe [926720]
[MD5.809BBBD0D5F956D2C03041D76993DEE6] [SPRF][8-8-2011] (.Ferrari Team - Pas de description.) -- C:\Users\younes\Desktop\FerrariFiller_1_3_3_7FSE.exe [2557952]
[MD5.41948B9B4DAFB65506DD3955B4CE1B1D] [SPRF][26-11-2013] (.Pas de propriétaire - Microsoft Toolkit.) -- C:\Users\younes\Desktop\Microsoft Toolkit.exe [36787712]
[MD5.D245A1ED1F21DB4892DFE86AF501A55C] [SPRF][9-5-2014] (.ParetoLogic, Inc. - RegCure Pro Installer.) -- C:\Users\younes\Desktop\RegCureProSetup.exe [5938328] =>Rogue.RegCurePro
~ Files: 9 Legitimates Filtered in 00mn 01s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{2BBC7686-0EBF-4758-A5CD-7AA4E8EDD3E8}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\younes\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{12C9FE55-7927-4A64-8C21-B04BB42C9503}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\younes\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\RegistryDr_RASAPI32 =>Adware.RegistryDr
HKLM\SOFTWARE\Microsoft\Tracing\RegistryDr_RASMANCS =>Adware.RegistryDr
~ BTK: 43 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}] (MediaPlayerplus) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}] (CrossriderApp0054246.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}] (SystemK Module) =>PUP.SystemK
~ BCK: 5395 Legitimates Filtered in 00mn 12s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 28-4-2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 17-4-2014 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 31-7-2012 466064 | (DeviceFastLaneService) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe
SS - | Auto 27-4-2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 27-4-2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 8-4-2014 2152768 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 15-3-2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23-10-2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 14-1-2014 881952 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 12-2-2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30-8-2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 21-8-2012 348784 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Demand 1-8-2012 659600 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
SR - | System 28-4-2014 36240 | (F06DEFF2-5B9C-490D-910F-35D3A91196222) . (.Aztec Media Inc.) - C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg =>PUP.SystemK
SR - | Auto 13-7-2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 11-4-2014 705136 | (IePluginService) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
SR - | Auto 24-1-2014 342336 | (IMFservice) . (.IObit.) - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
SR - | Auto 20-4-2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Demand 21-2-2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 17-7-2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17-7-2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 26-11-2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 21-5-2013 144368 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
SR - | Auto 11-7-2012 3939008 | (NOBU) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe =>.Symantec Corporation
SR - | Auto 14-10-2009 635416 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
SR - | Auto 5-9-2012 93296 | (RfButtonDriverService) . (.Dritek System INC..) - C:\Windows\RfBtnSvc64.exe
SR - | Auto 28-4-2014 3543056 | (SystemkService) . (.Aztec Media Inc.) - C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe =>PUP.SystemK
SR - | Auto 17-7-2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10-7-1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10-7-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 26-7-2012 30208 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 17s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by younes at 11-5-2014 22:37:08
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by younes at 11-5-2014 22:37:10
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13045 - (11-5-2014)
Clés trouvées (Keys found) : 42
Valeurs trouvées (Values found) : 16
Dossiers trouvés (Folders found) : 19
Fichiers trouvés (Files found) : 37

[HKLM\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio^
[HKLM\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj] =>PUP.Dealio^
[HKLM\Software\Google\Chrome\Extensions\majjphhgppkndjjkmhhnbgafooenebhd] =>PUP.CrossRider^
[HKLM\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio^
[HKLM\Software\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma] =>PUP.QuickStart^
[HKLM\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] =>PUP.LinkeySearch^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginService] =>Trojan.SProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}] =>Rogue.RegCurePro^
[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\AppID\secman.DLL] =>PUP.Babylon
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\Wow6432Node\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}] =>Rogue.RegCurePro
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Classes\CrossriderApp0054246.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0054246.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511421146}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522422246}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0054246.BHO] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0054246.Sandbox] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}] =>Adware.Bandoo^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\younes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj =>PUP.Dealio^
C:\Users\younes\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj =>PUP.Dealio^
C:\Users\younes\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd =>PUP.CrossRider^
C:\Users\younes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk =>PUP.Dealio^
C:\Users\younes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma =>PUP.QuickStart^
C:\Users\younes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp =>PUP.Dealio^
C:\Program Files (x86)\ParetoLogic =>PUP.Paretologic^
C:\Program Files (x86)\Settings Manager =>PUP.SystemK^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\Program Files (x86)\Common Files\ParetoLogic =>PUP.Paretologic^
C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\ParetoLogic =>PUP.Paretologic^
C:\ProgramData\systemk =>PUP.SystemK^
C:\Users\younes\AppData\Roaming\ParetoLogic =>PUP.Paretologic^
C:\Users\younes\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\younes\AppData\Local\RegistryDR =>Adware.RegistryDr^
C:\Users\younes\AppData\Local\Slick Savings =>PUP.Dealio^
C:\Users\younes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic =>PUP.Paretologic^
C:\Users\younes\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe =>PUP.Paretologic^
C:\Windows\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-1 =>PUP.CrossRider^
C:\Windows\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-2 =>PUP.CrossRider^
C:\Windows\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-3.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-3 =>PUP.CrossRider^
C:\Windows\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-4 =>PUP.CrossRider^
C:\Windows\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-5 =>PUP.CrossRider^
C:\Windows\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-6 =>PUP.CrossRider^
C:\Windows\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\621fa3bd-d121-43bf-b9d9-362ccc506d29-7 =>PUP.CrossRider^
C:\Windows\Tasks\ParetoLogic Registration3.job =>PUP.Paretologic^
C:\Windows\System32\Tasks\ParetoLogic Registration3 =>PUP.Paretologic^
C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job =>PUP.Paretologic^
C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task =>PUP.Paretologic^
C:\Windows\Tasks\ParetoLogic Update Version3.job =>PUP.Paretologic^
C:\Windows\System32\Tasks\ParetoLogic Update Version3 =>PUP.Paretologic^
C:\Windows\System32\Tasks\RegCure Pro Startup =>Rogue.RegCurePro^
C:\Windows\System32\System32\Tasks\RegCure Pro Startup Pro [426] =>Rogue.RegCurePro^
[HKCU\Software\RegistryDrLanguage] =>Adware.RegistryDr^
[HKCU\Software\SystemK] =>PUP.SystemK^
[HKLM\Software\Linkey] =>PUP.LinkeySearch^
[HKLM\Software\Wow6432Node\SystemK] =>PUP.SystemK^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Users\younes\Desktop\RegCureProSetup.exe =>Rogue.RegCurePro^
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}] (MediaPlayerplus) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}] (CrossriderApp0054246.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}] (SystemK Module) =>PUP.SystemK^
C:\Windows\Tasks\RegCure Pro Startup.job =>Rogue.RegCurePro
C:\Windows\Tasks\RegCure Pro.job =>Rogue.RegCurePro
~ Additionnel Scan: 295581 Items scanned in 00mn 41s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.byethost7.com/wordpress/hijacker-webssearches/ =>Hijacker.WebsSearches
http://nicolascoolman.byethost7.com/wordpress/pup-dealio/ =>PUP.Dealio
http://nicolascoolman.byethost7.com/wordpress/pup-crossrider/ =>PUP.CrossRider
http://nicolascoolman.webs.com/apps/blog/show/41962558-pup-quickstart =>PUP.QuickStart
http://nicolascoolman.byethost7.com/wordpress/pup-suptab/ =>PUP.SupTab
http://nicolascoolman.byethost7.com/wordpress/pup-linkeysearch/ =>PUP.LinkeySearch
http://nicolascoolman.byethost7.com/wordpress/trojan-sprotector/ =>Trojan.SProtector
http://nicolascoolman.byethost7.com/wordpress/pup-systemk/ =>PUP.SystemK
http://nicolascoolman.webs.com/apps/blog/show/30068076-pup-paretologic =>PUP.Paretologic
http://nicolascoolman.byethost7.com/wordpress/pup-pricemeter/ =>PUP.PriceMeter
http://nicolascoolman.byethost7.com/wordpress/adware-installcore =>Adware.InstallCore
http://nicolascoolman.byethost7.com/wordpress/adware-vidsaver/ =>Adware.VidSaver
http://nicolascoolman.byethost7.com/wordpress/toolbar-conduit/ =>Toolbar.Conduit
http://nicolascoolman.byethost7.com/wordpress/pup-wpmanager/ =>PUP.WpManager
http://nicolascoolman.byethost7.com/wordpress/adware-megasearch/ =>Adware.MegaSearch
http://nicolascoolman.webs.com/apps/blog/show/41045904-pup-fortunitas =>PUP.Fortunitas
http://nicolascoolman.byethost7.com/wordpress/pup-mypcbackup/ =>PUP.MyPCBackup
http://nicolascoolman.byethost7.com/wordpress/pup-optimizerpro/ =>PUP.OptimizerPro
http://nicolascoolman.byethost7.com/wordpress/adware-downware/ =>Adware.Downware
http://nicolascoolman.byethost7.com/wordpress/pup-wajam/ =>PUP.Wajam
http://nicolascoolman.byethost7.com/wordpress/pup-bitguard/ =>PUP.BitGuard
http://nicolascoolman.byethost7.com/wordpress/hijacker-eazel/ =>Hijacker.Eazel
http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard
http://nicolascoolman.byethost7.com/wordpress/trojan-staser/ =>Trojan.Staser
http://nicolascoolman.byethost7.com/wordpress/pup-jumpflip/ =>PUP.JumpFlip
http://nicolascoolman.webs.com/apps/blog/show/33367156-spyware-protectedsearch =>Spyware.ProtectedSearch
http://nicolascoolman.byethost7.com/wordpress/adware-searchsettings/ =>Adware.SearchSettings
http://nicolascoolman.byethost7.com/wordpress/hijacker-smartbar/ =>Hijacker.SmartBar
http://nicolascoolman.byethost7.com/wordpress/adware-imbooster/ =>Adware.IMBooster
http://nicolascoolman.webs.com/apps/blog/show/31951367-trojan-vonteera =>Trojan.Vonteera
http://nicolascoolman.byethost7.com/wordpress/pup-tubedimmer/ =>PUP.TubeDimmer
http://nicolascoolman.byethost7.com/wordpress/hijacker-searchnet/ =>Hijacker.SearchNet
http://nicolascoolman.byethost7.com/wordpress/pup-v9software =>PUP.V9Software
http://nicolascoolman.byethost7.com/wordpress/pup-whitesmoke/ =>PUP.Whitesmoke
http://nicolascoolman.byethost7.com/wordpress/pup-babylon/ =>PUP.Babylon
http://nicolascoolman.byethost7.com/wordpress/adware-bandoo/ =>Adware.Bandoo
~ MSI: 36 link(s) detected in 00mn 00s



~ 713 Legitimates filtered by white list
End of the scan (779 lines in 02mn 48s)(1)

Publicité


Signaler le contenu de ce document

Publicité