Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014)
~ Lancé par utilisateur (14/07/2014 17:18:12)
~ Adresse du Site Web http://nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6000.16982
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v35.0.1916.153 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Basic, 32-bit (Build 6000)
Windows Server License Manager Script : OK
~ Windows Operating System - Vista, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : Q89JW
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2021
Microsoft Security Client v4.4.0304.0
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 14 Plugin
Adobe Reader 9.5.5 - Français
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3000 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 90 GB (67%) free of 134 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-UTILISATE
~ User Name: utilisateur
~ All Users Names: utilisateur, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\utilisateur\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\utilisateur\AppData\Roaming\
~ %Desktop% : C:\Users\utilisateur\Desktop\
~ %Favorites% : C:\Users\utilisateur\Favorites\
~ %LocalAppData% : C:\Users\utilisateur\AppData\Local\
~ %StartMenu% : C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 90 Go of 134 Go)
D: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowPrinters: Modified
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.37440D09DEAE0B672A04DCCF7ABF06BE] - (.Microsoft Corporation - Explorateur Windows.) (.01/11/2013 - 18:18:52.) -- C:\Windows\Explorer.exe [2923520]
[MD5.D4385B03E8CCCEE6F0EE249F827C1F3E] - (.Microsoft Corporation - Application de démarrage de Windows.) (.02/11/2006 - 10:45:57.) -- C:\Windows\System32\Wininit.exe [95744]
[MD5.C7A318E74FEF945EBFF855C1513CD96C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/10/2013 - 17:14:29.) -- C:\Windows\System32\wininet.dll [832512]
[MD5.9F75392B9128A91ABAFB044EA350BAAD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.02/11/2006 - 10:45:57.) -- C:\Windows\System32\Winlogon.exe [308224]
[MD5.5D24CAF8EFD924A875698FF28384DB8B] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.02/11/2006 - 09:58:43.) -- C:\Windows\system32\Drivers\AFD.sys [270336]
[MD5.B35CFCEF838382AB6490B321C87EDF17] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.01/11/2013 - 18:19:28.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.6C3A437FC873C6F6A4FC620B6888CB86] - (.Microsoft Corporation - CD-ROM File System Driver.) (.02/11/2006 - 09:30:50.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.8D1866E61AF096AE8B582454F5E4D303] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/11/2006 - 09:51:44.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A7179DE59AE269AB70345527894CCD7C] - (.Microsoft Corporation - DFS Client MUP Surrogate Driver.) (.02/11/2006 - 09:31:04.) -- C:\Windows\system32\Drivers\DfsC.sys [74752]
[MD5.0DB613A7E427B5663563677796FD5258] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.01/11/2013 - 17:57:33.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.1C9EE072BAA3ABB460B91D7EE9152660] - (.Microsoft Corporation - Pilote de port i8042.) (.01/11/2013 - 18:14:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.10077C35845101548037DF04FD1A420B] - (.Microsoft Corporation - IP Network Address Translator.) (.02/11/2006 - 09:58:09.) -- C:\Windows\system32\Drivers\IpNat.sys [99840]
[MD5.8AF705CE1BB907932157FAB821170F27] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.01/11/2013 - 18:39:32.) -- C:\Windows\system32\Drivers\MRxSmb.sys [102400]
[MD5.E3A168912E7EEFC3BD3B814720D68B41] - (.Microsoft Corporation - MBT Transport driver.) (.02/11/2006 - 09:57:20.) -- C:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.37430AA7A66D7A63407ADC2C0D05E9F6] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.01/11/2013 - 18:31:47.) -- C:\Windows\system32\Drivers\ntfs.sys [1060920]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.88587DD843E2059848995B407B67F6CF] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.02/11/2006 - 09:58:13.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [75776]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.AC0D90738ADB51A6FD12FF00874A2162] - (.Microsoft Corporation - SMB Transport driver.) (.02/11/2006 - 09:57:10.) -- C:\Windows\system32\Drivers\smb.sys [66048]
[MD5.AB4FDE8AF4A0270A46A001C08CBCE1C2] - (.Microsoft Corporation - TDI Translation Driver.) (.02/11/2006 - 09:57:35.) -- C:\Windows\system32\Drivers\tdx.sys [68096]
[MD5.80DC0C9BCB579ED9815001A4D37CBFD5] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/11/2013 - 18:19:27.) -- C:\Windows\system32\Drivers\volsnap.sys [211000]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/67
~ Mes musiques (My Musics) : 1/720
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/761
~ Mon Bureau (My Desktop) : 1/14
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.952]
[MD5.B1B7BF8A406A19CC4AD6E45555EA77E5] - (.Microsoft Corporation - Isolation graphique de périphérique audio W.) -- C:\Windows\system32\AUDIODG.exe [88064] [PID.1240]
[MD5.A1DCD30534835CB67733AD00175125A6] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [2605568] [PID.1276]
[MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1664]
[MD5.27044650FA30414BEC7F9BEB7F937386] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [172064] [PID.1388]
[MD5.313C8854EBDAFA0DDA8AD4757BD0E5DC] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [173600] [PID.1332]
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.2164]
[MD5.CAACAF063584D3BFDF94E3DE46239B28] - (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- C:\Program Files\CyberLink\PlayMovie\PMVService.exe [177384] [PID.2172]
[MD5.F7A23A45237DD0AB23B557A79B0D86D4] - (.CyberLink Corp. - CyberLink TV Application Resident Program.) -- C:\Program Files\CyberLink\TV Enhance\TVEService.exe [226536] [PID.2236]
[MD5.68B7A5320065FCC7F4DF5A0DC3281EA5] - (.SlySoft, Inc. - CloneCD Tray.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344] [PID.2480]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.2500]
[MD5.DA5260341390D311F194DE631E22BCAA] - (.Pas de propriétaire - OnConnect SysTray.) -- C:\Program Files\ONconnect\resources\service\win\ONconnect_service.exe [2801664] [PID.2648]
[MD5.F08D9F81ED9A632A3E52BBDD0B8AECE3] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [1867600] [PID.3348]
[MD5.BBFCAC1C23B867AE5D7EF96DF40680C5] - (.Realtek - RtlService MFC Application.) -- C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe [40960] [PID.3568]
[MD5.788BC2196086CC830442EC2D6D847666] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe [247088] [PID.3588]
[MD5.AD4EC2140D66F0259EE018D2B759217A] - (.Pas de propriétaire - CLCapSvc Module.) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [464224] [PID.3716]
[MD5.66F39EB030F69731FD2731D83D6A3DBD] - (.Realtek Semiconductor Corp. - RtWLan ( For Vista / Win7) Application(Exte.) -- C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWlan.exe [1118208] [PID.3752]
[MD5.949A54971EF61E9D84B7C559B405A585] - (...) -- C:\Program Files\003\xmkysecqun32.exe [541696] [PID.644] =>PUP.AdPeak
[MD5.7EFAAD0EDFA32D9FE0CCAD24008FCAD9] - (.Pas de propriétaire - CLSched Module.) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [189792] [PID.1684]
[MD5.823AC3317249424B514EC81D1A8F8908] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [268832] [PID.3948]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648] [PID.4008]
[MD5.34E388A395FEDBA1D0511ED39BBF4074] - (.Microsoft Corporation - Programme d’installation de modules Windows.) -- C:\Windows\servicing\TrustedInstaller.exe [27136] [PID.2740]
[MD5.FDA72FF6093B5488B93967281EB52FE6] - (.Microsoft Corporation - Sauvegarde Microsoft® Windows.) -- C:\Windows\system32\sdclt.exe [1192960] [PID.2848]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.2144]
[MD5.4F87179386948D61FBF74B0DDF265170] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.4012]
[MD5.4D12C773CE660A002EBFE82602924C4B] - (.Adobe Systems, Inc. - Adobe Flash Player 14.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe [1869488] [PID.2332]
[MD5.8072CEDAEF0C606D364E24F6F75B1099] - (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\system32\WerCon.exe [1137152] [PID.1060]
[MD5.2080DCEBE27D92F29AAB5FCFF77613A2] - (.AVAST Software - avast! Antivirus Installer.) -- C:\Program Files\AVAST Software\Avast\setup\instup.exe [198200] [PID.0]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8071680] [PID.4180]
[MD5.05CB3DA78A4BBD9B799A5957F9D101CC] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [68608] [PID.4380]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\utilisateur\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://fr.yhs4.search.yahoo.com
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pflphaooapbgpeakohlggbpidpppgdff] MySearchDial Nouvel onglet v.9.4.1.1 (Désactivé) =>Adware.MyWebSearch
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {10AD2C61-0898-4348-8600-14A342F22AC3} Clé orpheline
~ BHO: 6 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\Run: [PlayMovie] . (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- C:\Program Files\CyberLink\PlayMovie\PMVService.exe
O4 - HKLM\..\Run: [TVEService] . (.CyberLink Corp. - CyberLink TV Application Resident Program.) -- C:\Program Files\CyberLink\TV Enhance\TVEService.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [CloneCDTray] . (.SlySoft, Inc. - CloneCD Tray.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\utilisateur\AppData\Local\Akamai\netsession_win.exe (.not file.)
O4 - HKCU\..\Run: [ONconnectService] . (.Pas de propriétaire - OnConnect SysTray.) -- C:\Program Files\ONconnect\resources\service\win\ONconnect_service.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_125_Plugin.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-2855533531-2828305479-1794849026-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2855533531-2828305479-1794849026-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2855533531-2828305479-1794849026-1000\..\Run: [Akamai NetSession Interface] C:\Users\utilisateur\AppData\Local\Akamai\netsession_win.exe (.not file.)
O4 - HKUS\S-1-5-21-2855533531-2828305479-1794849026-1000\..\Run: [ONconnectService] . (.Pas de propriétaire - OnConnect SysTray.) -- C:\Program Files\ONconnect\resources\service\win\ONconnect_service.exe
O4 - HKUS\S-1-5-21-2855533531-2828305479-1794849026-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_125_Plugin.exe
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{11D0CA07-7CFC-4406-9E79-F5B69463FD98}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FC30EA5-018B-45F8-A6E6-23E20384CE05}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{32CC9F32-AED2-4AE6-A6ED-E2072F2AE78B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{11D0CA07-7CFC-4406-9E79-F5B69463FD98}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2FC30EA5-018B-45F8-A6E6-23E20384CE05}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{32CC9F32-AED2-4AE6-A6ED-E2072F2AE78B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{11D0CA07-7CFC-4406-9E79-F5B69463FD98}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2FC30EA5-018B-45F8-A6E6-23E20384CE05}: DhcpNameServer = 109.0.66.10 109.0.66.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{32CC9F32-AED2-4AE6-A6ED-E2072F2AE78B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) . (.Pas de propriétaire - CLCapSvc Module.) - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) . (.Pas de propriétaire - CLSched Module.) - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: Update Jump Flip (Update Jump Flip) . (...) - C:\Program Files\Jump Flip\updateJumpFlip.exe =>PUP.JumpFlip
O23 - Service: Util Jump Flip (Util Jump Flip) . (...) - C:\Program Files\Jump Flip\bin\utilJumpFlip.exe =>PUP.JumpFlip
O23 - Service: Wpm Service (Wpm) . (...) - C:\ProgramData\WPM\wprotectmanager.exe (.not file.) =>PUP.WpManager
O23 - Service: xmkysecqun32 (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak
~ Services: 12 Legitimates Filtered in 00mn 06s
---\\ Clés Session Manager (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x64) . (...) -- c:\program files\settings manager\systemk\x64\sysapcrt.dll =>PUP.SystemK
O36 - AppCertDlls: (x86) . (...) -- C:\Program Files\Settings Manager\systemk\sysapcrt.dll =>PUP.SystemK
~ Keys: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [SaveSense] (...) -- C:\Users\utilisateur\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.SaveSense
[MD5.00000000000000000000000000000000] [APT] [temp_Plus-HD-2.6-enabler] (...) -- C:\Users\utilisateur\AppData\Local\Temp\nsq14A.tmp\Plus-HD-2.6-enabler.exe (.not file.) [0] =>Adware.PlusHD
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\Tasks\AmiUpdXp.job [380] =>PUP.Software.Updater
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2855533531-2828305479-1794849026-1000Core [930]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2855533531-2828305479-1794849026-1000UA [952]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1062]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1066]
O39 - APT: SaveSense - (...) -- C:\Windows\Tasks\SaveSense.job [310] =>Hijacker.iHaveNet
O39 - APT: SaveSense - (...) -- C:\Windows\System32\Tasks\SaveSense [310] =>PUP.SaveSense
~ Scheduled Task: 19 Legitimates Filtered in 00mn 02s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (tStLib) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\tStLib.sys =>PUP.LinkiDoo
~ Drivers: 81 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Ares 2.2.5 - (.Seekar Ltd.) [HKLM] -- Ares
O42 - Logiciel: Jump Flip - (.Jump Flip.) [HKLM] -- Jump Flip =>PUP.JumpFlip
O42 - Logiciel: Media Watch - (.Media Watch.) [HKLM] -- MediaWatchV1home4715 =>PUP.MediaWatch
O42 - Logiciel: ONconnect - (.Geonaute.) [HKLM] -- ONconnect_is1
~ Logic: 19 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\Ares]
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Jump Flip] =>PUP.JumpFlip
[HKCU\Software\Linkey] =>PUP.LinkeySearch
[HKCU\Software\ONconnectService]
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SupraSavings] =>PUP.SupraSavings
[HKCU\Software\SystemK] =>PUP.SystemK
[HKCU\Software\mysearchdial.com] =>Adware.MyWebSearch
[HKLM\Software\ED8C9CDF-28C5-4A5A-9A1D-8200C60706FF]
[HKLM\Software\IePlugin]
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher
[HKLM\Software\MediaWatchV1] =>PUP.MediaWatch
[HKLM\Software\SaveSenseLive] =>PUP.SaveSense
[HKLM\Software\SiteFinder] =>Adware.ShoppingReport
[HKLM\Software\SystemK] =>PUP.SystemK
[HKLM\Software\Wpm] =>PUP.WpManager
[HKLM\Software\supTab] =>PUP.SupTab
[HKLM\Software\supWPM] =>PUP.WpManager
[HKLM\Software\suprasavings] =>PUP.SupraSavings
~ Key Software: 194 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/04/2014 - 20:00:55 - [] ----D C:\Program Files\003 =>PUP.AdPeak
O43 - CFD: 15/12/2013 - 22:04:30 - [] ----D C:\Program Files\Ares
O43 - CFD: 03/11/2013 - 20:11:03 - [0] ----D C:\Program Files\IminentToolbar =>Adware.IMBooster
O43 - CFD: 02/03/2014 - 19:54:38 - [] ----D C:\Program Files\Jump Flip =>PUP.JumpFlip
O43 - CFD: 23/03/2014 - 22:09:09 - [] ----D C:\Program Files\MediaWatchV1 =>PUP.MediaWatch
O43 - CFD: 09/02/2014 - 22:25:15 - [] ----D C:\Program Files\ONconnect
O43 - CFD: 23/12/2013 - 20:05:29 - [] ----D C:\Program Files\SaveSenseLive =>PUP.SaveSense
O43 - CFD: 13/04/2014 - 16:58:40 - [] ----D C:\Program Files\Settings Manager =>PUP.SystemK
O43 - CFD: 01/06/2014 - 19:03:44 - [0] ----D C:\Program Files\SiteLookup
O43 - CFD: 13/04/2014 - 21:11:26 - [] ----D C:\Program Files\SupTab =>PUP.SupTab
O43 - CFD: 15/12/2013 - 22:04:31 - [] ----D C:\ProgramData\APN
O43 - CFD: 15/12/2013 - 22:05:42 - [] ----D C:\ProgramData\SaveSenseLive =>PUP.SaveSense
O43 - CFD: 08/06/2014 - 11:13:01 - [] ----D C:\ProgramData\systemk =>PUP.SystemK
O43 - CFD: 13/04/2014 - 20:01:33 - [0] ----D C:\ProgramData\ZombieAlert
O43 - CFD: 02/03/2014 - 22:40:16 - [] ----D C:\Users\utilisateur\AppData\Roaming\newnext.me =>PUP.NextLive
O43 - CFD: 09/02/2014 - 22:25:50 - [] ----D C:\Users\utilisateur\AppData\Roaming\Oxylane
O43 - CFD: 15/12/2013 - 22:05:38 - [] ----D C:\Users\utilisateur\AppData\Roaming\SaveSense =>PUP.SaveSense
O43 - CFD: 01/06/2014 - 19:03:33 - [0] ----D C:\Users\utilisateur\AppData\Roaming\SimilarSites
O43 - CFD: 19/01/2014 - 18:37:35 - [] ----D C:\Users\utilisateur\AppData\Roaming\Softonic =>Toolbar.Conduit
O43 - CFD: 13/04/2014 - 20:01:58 - [] ----D C:\Users\utilisateur\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 13/04/2014 - 21:11:37 - [] ----D C:\Users\utilisateur\AppData\Roaming\webssearches =>Hijacker.WebsSearches
O43 - CFD: 01/11/2013 - 21:34:07 - [] ----D C:\Users\utilisateur\AppData\Local\Ares
O43 - CFD: 02/03/2014 - 22:40:17 - [0] ----D C:\Users\utilisateur\AppData\Local\genienext =>PUP.NextLive
O43 - CFD: 02/02/2014 - 11:07:24 - [] ----D C:\Users\utilisateur\AppData\Local\Oxylane
O43 - CFD: 15/12/2013 - 22:05:42 - [] ----D C:\Users\utilisateur\AppData\Local\SaveSenseLive =>PUP.SaveSense
O43 - CFD: 27/04/2014 - 20:37:17 - [] ----D C:\Users\utilisateur\AppData\Local\SwvUpdater =>PUP.Software.Updater
~ Program Folder: 138 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.3BFBB5DAE801CB893B8B46345FED6437] - 06/07/2014 - 18:04:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
~ Files: 20 Legitimates Filtered in 00mn 07s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe =>Trojan.Staser
O50 - IFEO:Image File Execution Options - jumpflip - tasklist.exe =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - searchinstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>PUP.SearchProtect
O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe =>PUP.SearchProtect
O50 - IFEO:Image File Execution Options - searchsettings.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - searchsettings64.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - umbrella.exe - tasklist.exe =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - volaro - tasklist.exe =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - vonteera - tasklist.exe =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - websteroids.exe - tasklist.exe =>PUP.TubeDimmer
O50 - IFEO:Image File Execution Options - websteroidsservice.exe - tasklist.exe =>PUP.TubeDimmer
~ IFEO: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 15 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:06/07/2014 - 18:04:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:06/07/2014 - 18:04:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:06/07/2014 - 18:04:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:26/09/2012 - 15:55:34 ---A- . (.Thesycon GmbH, Germany - USBIO Driver.) -- C:\Windows\System32\Drivers\dsiarhwprog.sys [35256]
O58 - SDL:02/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520]
O58 - SDL:02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:09/08/2013 - 16:00:44 ---A- . (.Silicon Laboratories - SiLib WDM Support Driver.) -- C:\Windows\System32\Drivers\SiLib.sys [17408]
O58 - SDL:09/08/2013 - 16:00:44 ---A- . (.Silicon Laboratories - SiUSBXp.sys.) -- C:\Windows\System32\Drivers\SiUSBXp.sys [14592]
O58 - SDL:09/03/2014 - 19:31:29 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\tStLib.sys [55232] =>PUP.LinkiDoo
O58 - SDL:02/11/2006 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [235112]
O58 - SDL:02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:02/11/2006 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 81 Legitimates Filtered in 00mn 04s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 06/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 09/03/2014 - C:\Windows\System32\drivers\tStLib.sys (tStLib) .(.StdLib - StdLib.) - LEGACY_TSTLIB =>PUP.LinkiDoo
~ Legacy: 87 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} - (default-search.net) - http://www.default-search.net =>Hijacker.Browsers
O69 - SBI: SearchScopes [HKCU] {9CB96984-43C3-4D44-90EF-01466EFCF7BB} [DefaultScope] - (Yahoo! (Avast)) - http://fr.yhs4.search.yahoo.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.79BBAAC753ABDA50DF19030265F7D1A6] [WIS][09/04/2014] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\69edfc.msi [2473984] =>Adware.Boxore
[MD5.9D0767859EE938C0C4FAC30693109843] [WIS][13/04/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\6b39a9.msi [3162112] =>PUP.SupraSavings
~ WIS: 2 Legitimates Filtered in 00mn 01s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 01/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 13/04/2014 350496 | (Update Jump Flip) . (...) - C:\Program Files\Jump Flip\updateJumpFlip.exe =>PUP.JumpFlip
SS - | Auto 06/07/2014 318752 | (Util Jump Flip) . (...) - C:\Program Files\Jump Flip\bin\utilJumpFlip.exe =>PUP.JumpFlip
SS - | Auto 02/11/2006 22016 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 10/07/1658 0 | (Wpm) . (...) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
SR - | Auto 06/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | System 18/05/2014 31120 | (F06DEFF2-5B9C-490D-910F-35D3A91196222) . (.Aztec Media Inc.) - C:\Program Files\Settings Manager\systemk\systemkmgrc1.cfg =>PUP.SystemK
SR - | Auto 04/10/2013 1867600 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 07/12/2009 40960 | (Realtek87B) . (.Realtek.) - C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe
SR - | Auto 29/09/2009 247088 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
SR - | Auto 29/09/2009 464224 | (TVECapSvc) . (...) - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
SR - | Auto 29/09/2009 189792 | (TVESched) . (...) - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
SR - | Auto 02/11/2006 22016 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/04/2014 541696 | (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak
~ Services: Scanned in 00mn 07s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by utilisateur at 14/07/2014 17:20:24
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (25/06/2014)
Clés trouvées (Keys found) : 77
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 22
Fichiers trouvés (Files found) : 24
[HKLM\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\Update Jump Flip] =>PUP.JumpFlip^
[HKLM\SYSTEM\CurrentControlSet\Services\Util Jump Flip] =>PUP.JumpFlip^
[HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^
[HKLM\SYSTEM\CurrentControlSet\Services\xmkysecqun32] =>PUP.AdPeak^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Jump Flip] =>PUP.JumpFlip^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaWatchV1home4715] =>PUP.MediaWatch^
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}] =>PUP.Software.Updater
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater
[HKLM\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}] =>PUP.Software.Updater
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Classes\Updater.AmiUpd] =>PUP.Software.Updater
[HKLM\Software\Classes\Updater.AmiUpd.1] =>PUP.Software.Updater
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}] =>PUP.Software.Updater
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}] =>Adware.Bandoo^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Users\utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff =>Adware.MyWebSearch^
C:\Program Files\003 =>PUP.AdPeak^
C:\Program Files\IminentToolbar =>Adware.IMBooster^
C:\Program Files\Jump Flip =>PUP.JumpFlip^
C:\Program Files\MediaWatchV1 =>PUP.MediaWatch^
C:\Program Files\SaveSenseLive =>PUP.SaveSense^
C:\Program Files\Settings Manager =>PUP.SystemK^
C:\Program Files\SupTab =>PUP.SupTab^
C:\ProgramData\SaveSenseLive =>PUP.SaveSense^
C:\ProgramData\systemk =>PUP.SystemK^
C:\Users\utilisateur\AppData\Roaming\newnext.me =>PUP.NextLive^
C:\Users\utilisateur\AppData\Roaming\SaveSense =>PUP.SaveSense^
C:\Users\utilisateur\AppData\Roaming\Softonic =>Toolbar.Conduit^
C:\Users\utilisateur\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\utilisateur\AppData\Roaming\webssearches =>Hijacker.WebsSearches^
C:\Users\utilisateur\AppData\Local\genienext =>PUP.NextLive^
C:\Users\utilisateur\AppData\Local\SaveSenseLive =>PUP.SaveSense^
C:\Users\utilisateur\AppData\Local\SwvUpdater =>PUP.Software.Updater^
C:\Program Files\Software =>Adware.Boxore
C:\Program Files\Optimizer Pro =>PUP.OptimizerPro
C:\Users\utilisateur\AppData\Roaming\SimilarSites =>Adware.SimilarSites
C:\Users\utilisateur\AppData\Local\Software =>Adware.Boxore
C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak^
C:\Windows\Tasks\AmiUpdXp.job =>PUP.Software.Updater^
C:\Windows\Tasks\SaveSense.job =>Hijacker.iHaveNet^
C:\Windows\System32\Tasks\SaveSense =>PUP.SaveSense^
[HKCU\Software\Jump Flip] =>PUP.JumpFlip^
[HKCU\Software\Linkey] =>PUP.LinkeySearch^
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense^
[HKCU\Software\SupraSavings] =>PUP.SupraSavings^
[HKCU\Software\SystemK] =>PUP.SystemK^
[HKCU\Software\mysearchdial.com] =>Adware.MyWebSearch^
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^
[HKLM\Software\MediaWatchV1] =>PUP.MediaWatch^
[HKLM\Software\SaveSenseLive] =>PUP.SaveSense^
[HKLM\Software\SiteFinder] =>Adware.ShoppingReport^
[HKLM\Software\SystemK] =>PUP.SystemK^
[HKLM\Software\Wpm] =>PUP.WpManager^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKLM\Software\supWPM] =>PUP.WpManager^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
C:\Windows\Installer\69edfc.msi =>Adware.Boxore^
C:\Windows\Installer\6b39a9.msi =>PUP.SupraSavings^
C:\Users\utilisateur\AppData\Local\Temp\IminentSetup-1-.exe =>Adware.IMBooster
C:\Users\utilisateur\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore
~ Additionnel Scan: 146285 Items scanned in 00mn 30s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-adpeak =>PUP.AdPeak
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.fr/hijacker-webssearches =>Hijacker.WebsSearches
http://nicolascoolman.fr/pup-mobogenie =>PUP.Mobogenie
http://nicolascoolman.fr/pup-jumpflip =>PUP.JumpFlip
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/pup-systemk =>PUP.SystemK
http://nicolascoolman.fr/pup-savesense =>PUP.SaveSense
http://nicolascoolman.fr/adware-plushd =>Adware.PlusHD
http://nicolascoolman.fr/pup-software-updater =>PUP.Software.Updater
http://nicolascoolman.fr/hijacker-ihavenet =>Hijacker.iHaveNet
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/pup-linkeysearch =>PUP.LinkeySearch
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/pup-suprasavings =>PUP.SupraSavings
http://nicolascoolman.fr/adware-shoppingreport =>Adware.ShoppingReport
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/pup-nextlive =>PUP.NextLive
http://nicolascoolman.fr/pup-bitguard =>PUP.BitGuard
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/pup-browsersafeguard =>PUP.BrowserSafeguard
http://nicolascoolman.fr/trojan-staser =>Trojan.Staser
http://nicolascoolman.fr/spyware-protectedsearch =>Spyware.ProtectedSearch
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://nicolascoolman.fr/adware-searchsettings =>Adware.SearchSettings
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/trojan-vonteera =>Trojan.Vonteera
http://nicolascoolman.fr/pup-tubedimmer =>PUP.TubeDimmer
http://nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsers
http://nicolascoolman.fr/adware-boxore =>Adware.Boxore
http://nicolascoolman.fr/pup-rewardsarcade =>PUP.RewardsArcade
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.fr/adware-browsefox =>Adware.BrowseFox
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/adware-similarsites =>Adware.SimilarSites
~ MSI: 41 link(s) detected in 00mn 00s
~ 680 Legitimates filtered by white list
End of the scan (714 lines in 02mn 42s)(0)
~ Lancé par utilisateur (14/07/2014 17:18:12)
~ Adresse du Site Web http://nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6000.16982
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v35.0.1916.153 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Basic, 32-bit (Build 6000)
Windows Server License Manager Script : OK
~ Windows Operating System - Vista, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : Q89JW
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2021
Microsoft Security Client v4.4.0304.0
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 14 Plugin
Adobe Reader 9.5.5 - Français
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3000 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 90 GB (67%) free of 134 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-UTILISATE
~ User Name: utilisateur
~ All Users Names: utilisateur, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\utilisateur\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\utilisateur\AppData\Roaming\
~ %Desktop% : C:\Users\utilisateur\Desktop\
~ %Favorites% : C:\Users\utilisateur\Favorites\
~ %LocalAppData% : C:\Users\utilisateur\AppData\Local\
~ %StartMenu% : C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 90 Go of 134 Go)
D: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowPrinters: Modified
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.37440D09DEAE0B672A04DCCF7ABF06BE] - (.Microsoft Corporation - Explorateur Windows.) (.01/11/2013 - 18:18:52.) -- C:\Windows\Explorer.exe [2923520]
[MD5.D4385B03E8CCCEE6F0EE249F827C1F3E] - (.Microsoft Corporation - Application de démarrage de Windows.) (.02/11/2006 - 10:45:57.) -- C:\Windows\System32\Wininit.exe [95744]
[MD5.C7A318E74FEF945EBFF855C1513CD96C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/10/2013 - 17:14:29.) -- C:\Windows\System32\wininet.dll [832512]
[MD5.9F75392B9128A91ABAFB044EA350BAAD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.02/11/2006 - 10:45:57.) -- C:\Windows\System32\Winlogon.exe [308224]
[MD5.5D24CAF8EFD924A875698FF28384DB8B] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.02/11/2006 - 09:58:43.) -- C:\Windows\system32\Drivers\AFD.sys [270336]
[MD5.B35CFCEF838382AB6490B321C87EDF17] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.01/11/2013 - 18:19:28.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.6C3A437FC873C6F6A4FC620B6888CB86] - (.Microsoft Corporation - CD-ROM File System Driver.) (.02/11/2006 - 09:30:50.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.8D1866E61AF096AE8B582454F5E4D303] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/11/2006 - 09:51:44.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A7179DE59AE269AB70345527894CCD7C] - (.Microsoft Corporation - DFS Client MUP Surrogate Driver.) (.02/11/2006 - 09:31:04.) -- C:\Windows\system32\Drivers\DfsC.sys [74752]
[MD5.0DB613A7E427B5663563677796FD5258] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.01/11/2013 - 17:57:33.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.1C9EE072BAA3ABB460B91D7EE9152660] - (.Microsoft Corporation - Pilote de port i8042.) (.01/11/2013 - 18:14:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.10077C35845101548037DF04FD1A420B] - (.Microsoft Corporation - IP Network Address Translator.) (.02/11/2006 - 09:58:09.) -- C:\Windows\system32\Drivers\IpNat.sys [99840]
[MD5.8AF705CE1BB907932157FAB821170F27] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.01/11/2013 - 18:39:32.) -- C:\Windows\system32\Drivers\MRxSmb.sys [102400]
[MD5.E3A168912E7EEFC3BD3B814720D68B41] - (.Microsoft Corporation - MBT Transport driver.) (.02/11/2006 - 09:57:20.) -- C:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.37430AA7A66D7A63407ADC2C0D05E9F6] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.01/11/2013 - 18:31:47.) -- C:\Windows\system32\Drivers\ntfs.sys [1060920]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.88587DD843E2059848995B407B67F6CF] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.02/11/2006 - 09:58:13.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [75776]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.AC0D90738ADB51A6FD12FF00874A2162] - (.Microsoft Corporation - SMB Transport driver.) (.02/11/2006 - 09:57:10.) -- C:\Windows\system32\Drivers\smb.sys [66048]
[MD5.AB4FDE8AF4A0270A46A001C08CBCE1C2] - (.Microsoft Corporation - TDI Translation Driver.) (.02/11/2006 - 09:57:35.) -- C:\Windows\system32\Drivers\tdx.sys [68096]
[MD5.80DC0C9BCB579ED9815001A4D37CBFD5] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/11/2013 - 18:19:27.) -- C:\Windows\system32\Drivers\volsnap.sys [211000]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/67
~ Mes musiques (My Musics) : 1/720
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/761
~ Mon Bureau (My Desktop) : 1/14
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.952]
[MD5.B1B7BF8A406A19CC4AD6E45555EA77E5] - (.Microsoft Corporation - Isolation graphique de périphérique audio W.) -- C:\Windows\system32\AUDIODG.exe [88064] [PID.1240]
[MD5.A1DCD30534835CB67733AD00175125A6] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [2605568] [PID.1276]
[MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1664]
[MD5.27044650FA30414BEC7F9BEB7F937386] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [172064] [PID.1388]
[MD5.313C8854EBDAFA0DDA8AD4757BD0E5DC] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [173600] [PID.1332]
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.2164]
[MD5.CAACAF063584D3BFDF94E3DE46239B28] - (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- C:\Program Files\CyberLink\PlayMovie\PMVService.exe [177384] [PID.2172]
[MD5.F7A23A45237DD0AB23B557A79B0D86D4] - (.CyberLink Corp. - CyberLink TV Application Resident Program.) -- C:\Program Files\CyberLink\TV Enhance\TVEService.exe [226536] [PID.2236]
[MD5.68B7A5320065FCC7F4DF5A0DC3281EA5] - (.SlySoft, Inc. - CloneCD Tray.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344] [PID.2480]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.2500]
[MD5.DA5260341390D311F194DE631E22BCAA] - (.Pas de propriétaire - OnConnect SysTray.) -- C:\Program Files\ONconnect\resources\service\win\ONconnect_service.exe [2801664] [PID.2648]
[MD5.F08D9F81ED9A632A3E52BBDD0B8AECE3] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [1867600] [PID.3348]
[MD5.BBFCAC1C23B867AE5D7EF96DF40680C5] - (.Realtek - RtlService MFC Application.) -- C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe [40960] [PID.3568]
[MD5.788BC2196086CC830442EC2D6D847666] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe [247088] [PID.3588]
[MD5.AD4EC2140D66F0259EE018D2B759217A] - (.Pas de propriétaire - CLCapSvc Module.) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [464224] [PID.3716]
[MD5.66F39EB030F69731FD2731D83D6A3DBD] - (.Realtek Semiconductor Corp. - RtWLan ( For Vista / Win7) Application(Exte.) -- C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWlan.exe [1118208] [PID.3752]
[MD5.949A54971EF61E9D84B7C559B405A585] - (...) -- C:\Program Files\003\xmkysecqun32.exe [541696] [PID.644] =>PUP.AdPeak
[MD5.7EFAAD0EDFA32D9FE0CCAD24008FCAD9] - (.Pas de propriétaire - CLSched Module.) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [189792] [PID.1684]
[MD5.823AC3317249424B514EC81D1A8F8908] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [268832] [PID.3948]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648] [PID.4008]
[MD5.34E388A395FEDBA1D0511ED39BBF4074] - (.Microsoft Corporation - Programme d’installation de modules Windows.) -- C:\Windows\servicing\TrustedInstaller.exe [27136] [PID.2740]
[MD5.FDA72FF6093B5488B93967281EB52FE6] - (.Microsoft Corporation - Sauvegarde Microsoft® Windows.) -- C:\Windows\system32\sdclt.exe [1192960] [PID.2848]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.2144]
[MD5.4F87179386948D61FBF74B0DDF265170] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.4012]
[MD5.4D12C773CE660A002EBFE82602924C4B] - (.Adobe Systems, Inc. - Adobe Flash Player 14.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe [1869488] [PID.2332]
[MD5.8072CEDAEF0C606D364E24F6F75B1099] - (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\system32\WerCon.exe [1137152] [PID.1060]
[MD5.2080DCEBE27D92F29AAB5FCFF77613A2] - (.AVAST Software - avast! Antivirus Installer.) -- C:\Program Files\AVAST Software\Avast\setup\instup.exe [198200] [PID.0]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8071680] [PID.4180]
[MD5.05CB3DA78A4BBD9B799A5957F9D101CC] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [68608] [PID.4380]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\utilisateur\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://fr.yhs4.search.yahoo.com
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pflphaooapbgpeakohlggbpidpppgdff] MySearchDial Nouvel onglet v.9.4.1.1 (Désactivé) =>Adware.MyWebSearch
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {10AD2C61-0898-4348-8600-14A342F22AC3} Clé orpheline
~ BHO: 6 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\Run: [PlayMovie] . (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- C:\Program Files\CyberLink\PlayMovie\PMVService.exe
O4 - HKLM\..\Run: [TVEService] . (.CyberLink Corp. - CyberLink TV Application Resident Program.) -- C:\Program Files\CyberLink\TV Enhance\TVEService.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [CloneCDTray] . (.SlySoft, Inc. - CloneCD Tray.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\utilisateur\AppData\Local\Akamai\netsession_win.exe (.not file.)
O4 - HKCU\..\Run: [ONconnectService] . (.Pas de propriétaire - OnConnect SysTray.) -- C:\Program Files\ONconnect\resources\service\win\ONconnect_service.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_125_Plugin.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-2855533531-2828305479-1794849026-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2855533531-2828305479-1794849026-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2855533531-2828305479-1794849026-1000\..\Run: [Akamai NetSession Interface] C:\Users\utilisateur\AppData\Local\Akamai\netsession_win.exe (.not file.)
O4 - HKUS\S-1-5-21-2855533531-2828305479-1794849026-1000\..\Run: [ONconnectService] . (.Pas de propriétaire - OnConnect SysTray.) -- C:\Program Files\ONconnect\resources\service\win\ONconnect_service.exe
O4 - HKUS\S-1-5-21-2855533531-2828305479-1794849026-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_125_Plugin.exe
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{11D0CA07-7CFC-4406-9E79-F5B69463FD98}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FC30EA5-018B-45F8-A6E6-23E20384CE05}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{32CC9F32-AED2-4AE6-A6ED-E2072F2AE78B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{11D0CA07-7CFC-4406-9E79-F5B69463FD98}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2FC30EA5-018B-45F8-A6E6-23E20384CE05}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{32CC9F32-AED2-4AE6-A6ED-E2072F2AE78B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{11D0CA07-7CFC-4406-9E79-F5B69463FD98}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2FC30EA5-018B-45F8-A6E6-23E20384CE05}: DhcpNameServer = 109.0.66.10 109.0.66.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{32CC9F32-AED2-4AE6-A6ED-E2072F2AE78B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) . (.Pas de propriétaire - CLCapSvc Module.) - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) . (.Pas de propriétaire - CLSched Module.) - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: Update Jump Flip (Update Jump Flip) . (...) - C:\Program Files\Jump Flip\updateJumpFlip.exe =>PUP.JumpFlip
O23 - Service: Util Jump Flip (Util Jump Flip) . (...) - C:\Program Files\Jump Flip\bin\utilJumpFlip.exe =>PUP.JumpFlip
O23 - Service: Wpm Service (Wpm) . (...) - C:\ProgramData\WPM\wprotectmanager.exe (.not file.) =>PUP.WpManager
O23 - Service: xmkysecqun32 (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak
~ Services: 12 Legitimates Filtered in 00mn 06s
---\\ Clés Session Manager (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x64) . (...) -- c:\program files\settings manager\systemk\x64\sysapcrt.dll =>PUP.SystemK
O36 - AppCertDlls: (x86) . (...) -- C:\Program Files\Settings Manager\systemk\sysapcrt.dll =>PUP.SystemK
~ Keys: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [SaveSense] (...) -- C:\Users\utilisateur\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.SaveSense
[MD5.00000000000000000000000000000000] [APT] [temp_Plus-HD-2.6-enabler] (...) -- C:\Users\utilisateur\AppData\Local\Temp\nsq14A.tmp\Plus-HD-2.6-enabler.exe (.not file.) [0] =>Adware.PlusHD
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\Tasks\AmiUpdXp.job [380] =>PUP.Software.Updater
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2855533531-2828305479-1794849026-1000Core [930]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2855533531-2828305479-1794849026-1000UA [952]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1062]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1066]
O39 - APT: SaveSense - (...) -- C:\Windows\Tasks\SaveSense.job [310] =>Hijacker.iHaveNet
O39 - APT: SaveSense - (...) -- C:\Windows\System32\Tasks\SaveSense [310] =>PUP.SaveSense
~ Scheduled Task: 19 Legitimates Filtered in 00mn 02s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (tStLib) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\tStLib.sys =>PUP.LinkiDoo
~ Drivers: 81 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Ares 2.2.5 - (.Seekar Ltd.) [HKLM] -- Ares
O42 - Logiciel: Jump Flip - (.Jump Flip.) [HKLM] -- Jump Flip =>PUP.JumpFlip
O42 - Logiciel: Media Watch - (.Media Watch.) [HKLM] -- MediaWatchV1home4715 =>PUP.MediaWatch
O42 - Logiciel: ONconnect - (.Geonaute.) [HKLM] -- ONconnect_is1
~ Logic: 19 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\Ares]
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Jump Flip] =>PUP.JumpFlip
[HKCU\Software\Linkey] =>PUP.LinkeySearch
[HKCU\Software\ONconnectService]
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SupraSavings] =>PUP.SupraSavings
[HKCU\Software\SystemK] =>PUP.SystemK
[HKCU\Software\mysearchdial.com] =>Adware.MyWebSearch
[HKLM\Software\ED8C9CDF-28C5-4A5A-9A1D-8200C60706FF]
[HKLM\Software\IePlugin]
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher
[HKLM\Software\MediaWatchV1] =>PUP.MediaWatch
[HKLM\Software\SaveSenseLive] =>PUP.SaveSense
[HKLM\Software\SiteFinder] =>Adware.ShoppingReport
[HKLM\Software\SystemK] =>PUP.SystemK
[HKLM\Software\Wpm] =>PUP.WpManager
[HKLM\Software\supTab] =>PUP.SupTab
[HKLM\Software\supWPM] =>PUP.WpManager
[HKLM\Software\suprasavings] =>PUP.SupraSavings
~ Key Software: 194 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/04/2014 - 20:00:55 - [] ----D C:\Program Files\003 =>PUP.AdPeak
O43 - CFD: 15/12/2013 - 22:04:30 - [] ----D C:\Program Files\Ares
O43 - CFD: 03/11/2013 - 20:11:03 - [0] ----D C:\Program Files\IminentToolbar =>Adware.IMBooster
O43 - CFD: 02/03/2014 - 19:54:38 - [] ----D C:\Program Files\Jump Flip =>PUP.JumpFlip
O43 - CFD: 23/03/2014 - 22:09:09 - [] ----D C:\Program Files\MediaWatchV1 =>PUP.MediaWatch
O43 - CFD: 09/02/2014 - 22:25:15 - [] ----D C:\Program Files\ONconnect
O43 - CFD: 23/12/2013 - 20:05:29 - [] ----D C:\Program Files\SaveSenseLive =>PUP.SaveSense
O43 - CFD: 13/04/2014 - 16:58:40 - [] ----D C:\Program Files\Settings Manager =>PUP.SystemK
O43 - CFD: 01/06/2014 - 19:03:44 - [0] ----D C:\Program Files\SiteLookup
O43 - CFD: 13/04/2014 - 21:11:26 - [] ----D C:\Program Files\SupTab =>PUP.SupTab
O43 - CFD: 15/12/2013 - 22:04:31 - [] ----D C:\ProgramData\APN
O43 - CFD: 15/12/2013 - 22:05:42 - [] ----D C:\ProgramData\SaveSenseLive =>PUP.SaveSense
O43 - CFD: 08/06/2014 - 11:13:01 - [] ----D C:\ProgramData\systemk =>PUP.SystemK
O43 - CFD: 13/04/2014 - 20:01:33 - [0] ----D C:\ProgramData\ZombieAlert
O43 - CFD: 02/03/2014 - 22:40:16 - [] ----D C:\Users\utilisateur\AppData\Roaming\newnext.me =>PUP.NextLive
O43 - CFD: 09/02/2014 - 22:25:50 - [] ----D C:\Users\utilisateur\AppData\Roaming\Oxylane
O43 - CFD: 15/12/2013 - 22:05:38 - [] ----D C:\Users\utilisateur\AppData\Roaming\SaveSense =>PUP.SaveSense
O43 - CFD: 01/06/2014 - 19:03:33 - [0] ----D C:\Users\utilisateur\AppData\Roaming\SimilarSites
O43 - CFD: 19/01/2014 - 18:37:35 - [] ----D C:\Users\utilisateur\AppData\Roaming\Softonic =>Toolbar.Conduit
O43 - CFD: 13/04/2014 - 20:01:58 - [] ----D C:\Users\utilisateur\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 13/04/2014 - 21:11:37 - [] ----D C:\Users\utilisateur\AppData\Roaming\webssearches =>Hijacker.WebsSearches
O43 - CFD: 01/11/2013 - 21:34:07 - [] ----D C:\Users\utilisateur\AppData\Local\Ares
O43 - CFD: 02/03/2014 - 22:40:17 - [0] ----D C:\Users\utilisateur\AppData\Local\genienext =>PUP.NextLive
O43 - CFD: 02/02/2014 - 11:07:24 - [] ----D C:\Users\utilisateur\AppData\Local\Oxylane
O43 - CFD: 15/12/2013 - 22:05:42 - [] ----D C:\Users\utilisateur\AppData\Local\SaveSenseLive =>PUP.SaveSense
O43 - CFD: 27/04/2014 - 20:37:17 - [] ----D C:\Users\utilisateur\AppData\Local\SwvUpdater =>PUP.Software.Updater
~ Program Folder: 138 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.3BFBB5DAE801CB893B8B46345FED6437] - 06/07/2014 - 18:04:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
~ Files: 20 Legitimates Filtered in 00mn 07s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe =>Trojan.Staser
O50 - IFEO:Image File Execution Options - jumpflip - tasklist.exe =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - searchinstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>PUP.SearchProtect
O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe =>PUP.SearchProtect
O50 - IFEO:Image File Execution Options - searchsettings.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - searchsettings64.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - umbrella.exe - tasklist.exe =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - volaro - tasklist.exe =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - vonteera - tasklist.exe =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - websteroids.exe - tasklist.exe =>PUP.TubeDimmer
O50 - IFEO:Image File Execution Options - websteroidsservice.exe - tasklist.exe =>PUP.TubeDimmer
~ IFEO: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 15 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:06/07/2014 - 18:04:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:06/07/2014 - 18:04:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:06/07/2014 - 18:04:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:26/09/2012 - 15:55:34 ---A- . (.Thesycon GmbH, Germany - USBIO Driver.) -- C:\Windows\System32\Drivers\dsiarhwprog.sys [35256]
O58 - SDL:02/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520]
O58 - SDL:02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:09/08/2013 - 16:00:44 ---A- . (.Silicon Laboratories - SiLib WDM Support Driver.) -- C:\Windows\System32\Drivers\SiLib.sys [17408]
O58 - SDL:09/08/2013 - 16:00:44 ---A- . (.Silicon Laboratories - SiUSBXp.sys.) -- C:\Windows\System32\Drivers\SiUSBXp.sys [14592]
O58 - SDL:09/03/2014 - 19:31:29 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\tStLib.sys [55232] =>PUP.LinkiDoo
O58 - SDL:02/11/2006 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [235112]
O58 - SDL:02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:02/11/2006 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 81 Legitimates Filtered in 00mn 04s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 06/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 09/03/2014 - C:\Windows\System32\drivers\tStLib.sys (tStLib) .(.StdLib - StdLib.) - LEGACY_TSTLIB =>PUP.LinkiDoo
~ Legacy: 87 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} - (default-search.net) - http://www.default-search.net =>Hijacker.Browsers
O69 - SBI: SearchScopes [HKCU] {9CB96984-43C3-4D44-90EF-01466EFCF7BB} [DefaultScope] - (Yahoo! (Avast)) - http://fr.yhs4.search.yahoo.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.79BBAAC753ABDA50DF19030265F7D1A6] [WIS][09/04/2014] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\69edfc.msi [2473984] =>Adware.Boxore
[MD5.9D0767859EE938C0C4FAC30693109843] [WIS][13/04/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\6b39a9.msi [3162112] =>PUP.SupraSavings
~ WIS: 2 Legitimates Filtered in 00mn 01s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 01/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 13/04/2014 350496 | (Update Jump Flip) . (...) - C:\Program Files\Jump Flip\updateJumpFlip.exe =>PUP.JumpFlip
SS - | Auto 06/07/2014 318752 | (Util Jump Flip) . (...) - C:\Program Files\Jump Flip\bin\utilJumpFlip.exe =>PUP.JumpFlip
SS - | Auto 02/11/2006 22016 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 10/07/1658 0 | (Wpm) . (...) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
SR - | Auto 06/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | System 18/05/2014 31120 | (F06DEFF2-5B9C-490D-910F-35D3A91196222) . (.Aztec Media Inc.) - C:\Program Files\Settings Manager\systemk\systemkmgrc1.cfg =>PUP.SystemK
SR - | Auto 04/10/2013 1867600 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 07/12/2009 40960 | (Realtek87B) . (.Realtek.) - C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe
SR - | Auto 29/09/2009 247088 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
SR - | Auto 29/09/2009 464224 | (TVECapSvc) . (...) - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
SR - | Auto 29/09/2009 189792 | (TVESched) . (...) - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
SR - | Auto 02/11/2006 22016 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/04/2014 541696 | (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak
~ Services: Scanned in 00mn 07s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by utilisateur at 14/07/2014 17:20:24
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (25/06/2014)
Clés trouvées (Keys found) : 77
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 22
Fichiers trouvés (Files found) : 24
[HKLM\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\Update Jump Flip] =>PUP.JumpFlip^
[HKLM\SYSTEM\CurrentControlSet\Services\Util Jump Flip] =>PUP.JumpFlip^
[HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^
[HKLM\SYSTEM\CurrentControlSet\Services\xmkysecqun32] =>PUP.AdPeak^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Jump Flip] =>PUP.JumpFlip^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaWatchV1home4715] =>PUP.MediaWatch^
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}] =>PUP.Software.Updater
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater
[HKLM\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}] =>PUP.Software.Updater
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Classes\Updater.AmiUpd] =>PUP.Software.Updater
[HKLM\Software\Classes\Updater.AmiUpd.1] =>PUP.Software.Updater
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}] =>PUP.Software.Updater
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}] =>Adware.Bandoo^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Users\utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff =>Adware.MyWebSearch^
C:\Program Files\003 =>PUP.AdPeak^
C:\Program Files\IminentToolbar =>Adware.IMBooster^
C:\Program Files\Jump Flip =>PUP.JumpFlip^
C:\Program Files\MediaWatchV1 =>PUP.MediaWatch^
C:\Program Files\SaveSenseLive =>PUP.SaveSense^
C:\Program Files\Settings Manager =>PUP.SystemK^
C:\Program Files\SupTab =>PUP.SupTab^
C:\ProgramData\SaveSenseLive =>PUP.SaveSense^
C:\ProgramData\systemk =>PUP.SystemK^
C:\Users\utilisateur\AppData\Roaming\newnext.me =>PUP.NextLive^
C:\Users\utilisateur\AppData\Roaming\SaveSense =>PUP.SaveSense^
C:\Users\utilisateur\AppData\Roaming\Softonic =>Toolbar.Conduit^
C:\Users\utilisateur\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\utilisateur\AppData\Roaming\webssearches =>Hijacker.WebsSearches^
C:\Users\utilisateur\AppData\Local\genienext =>PUP.NextLive^
C:\Users\utilisateur\AppData\Local\SaveSenseLive =>PUP.SaveSense^
C:\Users\utilisateur\AppData\Local\SwvUpdater =>PUP.Software.Updater^
C:\Program Files\Software =>Adware.Boxore
C:\Program Files\Optimizer Pro =>PUP.OptimizerPro
C:\Users\utilisateur\AppData\Roaming\SimilarSites =>Adware.SimilarSites
C:\Users\utilisateur\AppData\Local\Software =>Adware.Boxore
C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak^
C:\Windows\Tasks\AmiUpdXp.job =>PUP.Software.Updater^
C:\Windows\Tasks\SaveSense.job =>Hijacker.iHaveNet^
C:\Windows\System32\Tasks\SaveSense =>PUP.SaveSense^
[HKCU\Software\Jump Flip] =>PUP.JumpFlip^
[HKCU\Software\Linkey] =>PUP.LinkeySearch^
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense^
[HKCU\Software\SupraSavings] =>PUP.SupraSavings^
[HKCU\Software\SystemK] =>PUP.SystemK^
[HKCU\Software\mysearchdial.com] =>Adware.MyWebSearch^
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^
[HKLM\Software\MediaWatchV1] =>PUP.MediaWatch^
[HKLM\Software\SaveSenseLive] =>PUP.SaveSense^
[HKLM\Software\SiteFinder] =>Adware.ShoppingReport^
[HKLM\Software\SystemK] =>PUP.SystemK^
[HKLM\Software\Wpm] =>PUP.WpManager^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKLM\Software\supWPM] =>PUP.WpManager^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
C:\Windows\Installer\69edfc.msi =>Adware.Boxore^
C:\Windows\Installer\6b39a9.msi =>PUP.SupraSavings^
C:\Users\utilisateur\AppData\Local\Temp\IminentSetup-1-.exe =>Adware.IMBooster
C:\Users\utilisateur\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore
~ Additionnel Scan: 146285 Items scanned in 00mn 30s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-adpeak =>PUP.AdPeak
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.fr/hijacker-webssearches =>Hijacker.WebsSearches
http://nicolascoolman.fr/pup-mobogenie =>PUP.Mobogenie
http://nicolascoolman.fr/pup-jumpflip =>PUP.JumpFlip
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/pup-systemk =>PUP.SystemK
http://nicolascoolman.fr/pup-savesense =>PUP.SaveSense
http://nicolascoolman.fr/adware-plushd =>Adware.PlusHD
http://nicolascoolman.fr/pup-software-updater =>PUP.Software.Updater
http://nicolascoolman.fr/hijacker-ihavenet =>Hijacker.iHaveNet
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/pup-linkeysearch =>PUP.LinkeySearch
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/pup-suprasavings =>PUP.SupraSavings
http://nicolascoolman.fr/adware-shoppingreport =>Adware.ShoppingReport
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/pup-nextlive =>PUP.NextLive
http://nicolascoolman.fr/pup-bitguard =>PUP.BitGuard
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/pup-browsersafeguard =>PUP.BrowserSafeguard
http://nicolascoolman.fr/trojan-staser =>Trojan.Staser
http://nicolascoolman.fr/spyware-protectedsearch =>Spyware.ProtectedSearch
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://nicolascoolman.fr/adware-searchsettings =>Adware.SearchSettings
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/trojan-vonteera =>Trojan.Vonteera
http://nicolascoolman.fr/pup-tubedimmer =>PUP.TubeDimmer
http://nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsers
http://nicolascoolman.fr/adware-boxore =>Adware.Boxore
http://nicolascoolman.fr/pup-rewardsarcade =>PUP.RewardsArcade
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.fr/adware-browsefox =>Adware.BrowseFox
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/adware-similarsites =>Adware.SimilarSites
~ MSI: 41 link(s) detected in 00mn 00s
~ 680 Legitimates filtered by white list
End of the scan (714 lines in 02mn 42s)(0)