cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.11.19.165 - Nicolas Coolman (19/11/2014)
~ Lancé par Ln (22/11/2014 15:40:45)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17420
MFIE: Mozilla Firefox 33.1.1 (Defaut)
GCIE: Google Chrome v39.0.2171.65
OBIE: Wacom WebTabletPlugin for Netscape v1.1.0.5
OPIE: Opera vStable 26.0.1656.24

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : CGKHQ
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
AVG 2015 v15.0.5577
Windows Defender W7 (Deactivate)

---\\ Logiciels d'optimisation du système
CCleaner v4.04

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 15 Plugin
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 12204 MB (67% free)
System Restore: Activé (Enable)
System drive C: has 11 GB (10%) free of 100 GB

---\\ Mode de connexion au système
~ Computer Name: RHAPSODY
~ User Name: Ln
~ All Users Names: Ln, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Ln\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Ln\AppData\Roaming\
~ %Desktop% : C:\Users\Ln\Desktop\
~ %Favorites% : C:\Users\Ln\Favorites\
~ %LocalAppData% : C:\Users\Ln\AppData\Local\
~ %StartMenu% : C:\Users\Ln\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 11 Go of 100 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.26/05/2011 - 21:04:40.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.6FC2819A4F80AAB2DADEDFC1EFEE3C3F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/11/2014 - 03:17:24.) -- C:\Windows\System32\wininet.dll [2365440]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/128
~ Mes musiques (My Musics) : 1/1891
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 2/9
~ Mon Bureau (My Desktop) : 1/242
~ Menu demarrer (Programs) : 1/3
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.89D2706FCD45E33CECFBD46BCBAD7E16] - (.Microsoft Corporation - Tablet PC Input Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [10240] [PID.4592]
[MD5.E07AD3AA0A179D0CD171760BB7C3C71F] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088] [PID.3152]
[MD5.DC73E11DC27E7D9AEF884EBE816C4240] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.5448]
[MD5.1A233A5E4A9C6B7BA09F079E1672537F] - (.Sony Corporation - Pas de description.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288] [PID.5508]
[MD5.1144F1A221F756E05525179B5E1682C1] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080] [PID.5516]
[MD5.4312B4DD07050FC58146756634058CE8] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136] [PID.5564]
[MD5.778615BE018111F244F1618EBCA97F54] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [840592] [PID.5740]
[MD5.11C4FC6A5B4E5A2C35AAD42D1F3AC900] - (.Boxore OU - Boxore.) -- C:\Program Files (x86)\Boxore\Boxore Client\boxore.exe [1527808] [PID.5844] =>Adware.Boxore
[MD5.F6FC82BDC8D8F87DCC6D28093D68819C] - (.Intel Corporation - Bluetooth Media Player Controller.) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe [985424] [PID.6392]
[MD5.EC302A12B14F31BD4DA7AA448C1ABF73] - (.Sony of America Corporation - VaioCare Window Listener Application.) -- C:\Program Files\Sony\VAIO Care\listener.exe [82592] [PID.5800]
[MD5.5787E5DF1A68E7AFEA82D58E5F0D6549] - (...) -- C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Utilities\adb.exe [815104] [PID.5648]
[MD5.B247B655785E659EFA579E5089D50B45] - (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [390256] [PID.5712]
[MD5.B66E0842FCF485F3E2D41BF0BA10966F] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Ln\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040] [PID.8596]
[MD5.7115853FF96289DF7F65FB6B68E095ED] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.6932]
[MD5.B554A7D111500B137D6BD4EFABA5614C] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [145520] [PID.5000]
[MD5.7D710239833D16DD2BEBB23DFEAAB61D] - (.Adobe Systems, Inc. - Adobe Flash Player 15.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe [1880752] [PID.2488]
[MD5.8180FF8E683B8A997746143F6286B668] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8129536] [PID.7368]
[MD5.C5679E5186B2FC95BC76A8A9870D5456] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704] [PID.1504]
[MD5.11BE8047AF7016C4D814F40CF4E5F1BD] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784] [PID.1392]
[MD5.BA5BEC7FB1EABF3FBD38924AB45C7B3A] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080] [PID.2096]
[MD5.E52221FF68AABB5BEE32A7DEE69E7EAB] - (.Intel Corporation - Bluetooth Device Monitor.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [923984] [PID.2236]
[MD5.E9605A180001A6B5551112D91DE92CA1] - (.Sony Corporation - Device Information Provider.) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [428384] [PID.2912]
[MD5.E7468359E7743DF0EA3CC7CA8916A22F] - (.Pas de propriétaire - Ultravnc service.) -- C:\Program Files (x86)\UltraVNC Addons\uvnc_service.exe [63296] [PID.3100]
[MD5.387D3DFFCF0A544539E9C5D8B81169A2] - (.Sony Corporation - VAIO Control Center (Service Module).) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe [66696] [PID.3140]
[MD5.03FE8826F70FC84401B554C4004C4593] - (.Intel Corporation - Bluetooth OBEX Service.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1001808] [PID.3200]
[MD5.0A045A2325326B319ECC0006E2D9CEC6] - (.Sony Corporation - VAIO Control Center (Service Sub Module).) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe [183432] [PID.3260]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [7168] [PID.3496]
[MD5.5CFA8896A5E10B226B0606B4C84D97AE] - (.Intel Corporation - Bluetooth Media Service.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1321296] [PID.4416]
[MD5.D41861E56E7552C13674D7F147A02464] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.6968]
[MD5.F4A17DCAB576267C85663E64F3ACE5A4] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326424] [PID.1480]
[MD5.1FE69F3C1CA1CF4B7EC7E2E9090FFFDC] - (.ArcSoft, Inc. - MgiSvr.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024] [PID.5824]
[MD5.DB641944F7E4B14C13C3FEFC89843F69] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656536] [PID.4388]
[MD5.D076011ECD0D1310E879F32EBF3B4886] - (.Sony Corporation - VAIOCare.) -- C:\Program Files\Sony\VAIO Care\VCService.exe [54432] [PID.6016]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Ln\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: Extension [Ln - aqpx2nku.default-1416664723181] {c45c406e-ab73-11d8-be73-000a95be3b12}
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch
~ IE Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (30)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [IntelPAN] . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Framework.) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe (.not file.)
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] . (.Logitech, Inc. - Logitech KHAL Main Process.) -- C:\Windows\KHALMNPR.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Ln\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [ISBMgr.exe] . (.Sony Corporation - Pas de description.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Wow6432Node\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Acrobat Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [Boxore Client] . (.Boxore OU - Boxore.) -- C:\Program Files (x86)\Boxore\Boxore Client\boxore.exe =>Adware.Boxore
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2169931514-2097408659-749347153-1001\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2169931514-2097408659-749347153-1001\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Ln\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-2169931514-2097408659-749347153-1001\..\Run: [AdobeBridge] Clé orpheline
O4 - HKUS\S-1-5-21-2169931514-2097408659-749347153-1001\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{09ED5F7A-94CE-4B43-A277-EEBB2D7540AA}: NameServer = 192.168.1.101,192.168.1.102
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C25B98A-9DE9-4350-88B8-73842F5B9D5E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9F93740-5FA3-4D84-B6F4-C4F4BDDEE703}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{09ED5F7A-94CE-4B43-A277-EEBB2D7540AA}: Domain = interne.actinetwork.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{09ED5F7A-94CE-4B43-A277-EEBB2D7540AA}: NameServer = 192.168.1.101,192.168.1.102
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C25B98A-9DE9-4350-88B8-73842F5B9D5E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E9F93740-5FA3-4D84-B6F4-C4F4BDDEE703}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{09ED5F7A-94CE-4B43-A277-EEBB2D7540AA}: Domain = interne.actinetwork.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{DDF99A0D-D691-4C73-AF12-193111B8FF5D}: NameServer = 192.168.1.101,192.168.1.102
O17 - HKLM\System\CS2\Services\Tcpip\..\{5C25B98A-9DE9-4350-88B8-73842F5B9D5E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{62B824E2-23E0-442E-88EB-9BD31EC00366}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E9F93740-5FA3-4D84-B6F4-C4F4BDDEE703}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{DDF99A0D-D691-4C73-AF12-193111B8FF5D}: Domain = interne.actinetwork.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ShrewSoft IKE Daemon (iked) . (...) - C:\Program Files\ShrewSoft\VPN Client\iked.exe
O23 - Service: ShrewSoft IPSEC Daemon (ipsecd) . (...) - C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
O23 - Service: Service Software Update (Software_update) (Software_update) . (.The Software Group - Software Update.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
~ Services: 28 Legitimates Filtered in 00mn 04s



---\\ Tâches planifiées en automatique (O39)
[MD5.A818DDDE7B3C9097B0B2BBBF0D37FEB3] [APT] [Opera scheduled Autoupdate 1415969313] (.Opera Software.) -- C:\Program Files (x86)\Opera\launcher.exe [466040]
[MD5.A9144D4FD34992ABF5F36A6E6F415AFB] [APT] [SoftwareUpdateTaskMachineCore] (.The Software Group.) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408] =>Adware.Boxore
[MD5.A9144D4FD34992ABF5F36A6E6F415AFB] [APT] [SoftwareUpdateTaskMachineUA] (.The Software Group.) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408] =>Adware.Boxore
[MD5.00000000000000000000000000000000] [APT] [{E0F54335-E8E1-493A-A9A3-770B799AC31D}] (...) -- C:\Users\Ln\Desktop\Alchemy\Alchemy.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: SoftwareUpdateTaskMachineCore - (.The Software Group.) -- C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [906] =>Adware.Boxore
O39 - APT: SoftwareUpdateTaskMachineCore - (.The Software Group.) -- C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore [906] =>Adware.Boxore
O39 - APT: SoftwareUpdateTaskMachineUA - (.The Software Group.) -- C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [910] =>Adware.Boxore
O39 - APT: SoftwareUpdateTaskMachineUA - (.The Software Group.) -- C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA [910] =>Adware.Boxore
~ Scheduled Task: 26 Legitimates Filtered in 00mn 01s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (vflt) . (.Shrew Soft Inc - Shrew Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\vfilter.sys
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\FFE]
[HKCU\Software\SMConverter]
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\SiteSee]
~ Key Software: 364 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/03/2013 - 20:32:00 - [] ----D C:\Program Files (x86)\BitSpirit
O43 - CFD: 22/11/2014 - 14:02:31 - [] ----D C:\Program Files (x86)\Boxore =>Adware.Boxore
O43 - CFD: 22/11/2014 - 14:01:47 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
O43 - CFD: 16/10/2011 - 13:07:17 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Main
O43 - CFD: 27/05/2011 - 22:57:27 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 22/11/2014 - 14:01:41 - [0] ----D C:\Users\Ln\AppData\Roaming\BandExtend
O43 - CFD: 04/10/2012 - 20:56:38 - [] ----D C:\Users\Ln\AppData\Roaming\BitSpirit
O43 - CFD: 22/10/2013 - 14:46:31 - [] ----D C:\Users\Ln\AppData\Roaming\chc
O43 - CFD: 29/05/2013 - 12:00:59 - [0] ----D C:\Users\Ln\AppData\Roaming\Construct2
O43 - CFD: 22/11/2014 - 14:07:26 - [] ----D C:\Users\Ln\AppData\Roaming\{37E99E86-D615-4B08-937F-F8F935C455F3}_ANZHUANG
O43 - CFD: 22/11/2014 - 14:02:36 - [] ----D C:\Users\Ln\AppData\Local\Boxore =>Adware.Boxore
O43 - CFD: 14/11/2014 - 13:45:00 - [] -SH-D C:\Users\Ln\AppData\Local\EmieBrowserModeList
~ 1 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 257 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.B04F8C92A99F6FE3946F6C70CAB3C12E] - 22/11/2014 - 13:53:57 ---A- . (...) -- C:\Ad-Report-SCAN[6].txt [1740]
O44 - LFC:[MD5.D952FC5AED942E6E1117E87236B026D0] - 22/11/2014 - 14:29:55 ---A- . (...) -- C:\Ad-Report-CLEAN[3].txt [5770]
O44 - LFC:[MD5.541092626205968380C34027298E32B6] - 22/11/2014 - 15:14:55 ---A- . (...) -- C:\install.log [18034]
~ Files: 73 Legitimates Filtered in 00mn 03s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0e34da08-a75c-11e1-aaac-f0bf97d8cc22}\AutoRun\command. (...) -- D:\LaunchU3.exe (.not file.)
O51 - MPSK:{e8c44e00-0527-11e4-a9db-f0bf97d8cc22}\AutoRun\command. (...) -- D:\iLinker.exe (.not file.)
O51 - MPSK:{f7719d68-5a16-11e4-989b-f0bf97d8cc22}\AutoRun\command. (...) -- F:\Une-cle-pour-demarrer.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:21/04/2011 - 08:09:26 ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter.) -- C:\Windows\System32\Drivers\AmpPal.sys [294912]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:30/07/2012 - 12:32:08 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [102240]
O58 - SDL:30/07/2012 - 12:32:08 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203104]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:01/07/2013 - 00:07:18 ---A- . (.Shrew Soft Inc - Shrew Lightweight Filter Driver.) -- C:\Windows\System32\Drivers\vfilter.sys [24064]
O58 - SDL:02/09/2010 - 08:18:46 ---A- . (.Shrew Soft Inc - Shrew Soft Virtual Network Driver.) -- C:\Windows\System32\Drivers\virtualnet.sys [17408]
~ Drivers: 89 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: Ad-Remover - (...) [HKCU] -- Ad-Remover
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 01/07/2013 - C:\Windows\System32\DRIVERS\vfilter.sys (vflt) .(.Shrew Soft Inc - Shrew Lightweight Filter Driver.) - LEGACY_VFLT
~ Legacy: 85 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com =>PUP.StartSearch
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Opera\Launcher.exe" http://www.mystartsearch.com =>PUP.StartSearch
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {E3BD2E99-2FA0-45DF-A764-FB17196AEFE6} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][02/04/2013] (...) -- C:\ProgramData\MA8sDq4k7.dat [0]
[MD5.84E0567F133DD6025DD7ECDD30E4FC16] [SPRF][21/01/2012] (...) -- C:\Users\Ln\AppData\Roaming\9mjn8dmyodne7cys.dat [8]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\Windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "710B547D63348174386AA31E9AED883C" . (.Boxore Client.) -- C:\Windows\Installer\{D745B017-4336-4718-83A6-3AE1A9DE88C3}\boxore.ico =>Adware.Boxore
~ Update Products: 2 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.B67811645C5A3B8E4E4B1A1DB1EE271C] [WIS][10/12/2012] (.Boxore OU. - Software Update Helper.) -- C:\Windows\Installer\272f2f.msi [45056] =>Adware.Boxore
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][21/10/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\a247d0.msi [4771840] =>Toolbar.Bing
~ WIS: 2 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SS - | Demand 12/11/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/10/2011 196176 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Demand 25/08/2011 111776 | (DCDhcpService) . (.Atheros Communication Inc..) - C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
SS - | Auto 21/08/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/08/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 20/07/2009 160784 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
SS - | Demand 14/11/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 02/05/2011 340240 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 22/11/2014 119408 | (Software_update) . (.The Software Group.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SS - | Demand 22/11/2014 119408 | (Software_update_m) . (.The Software Group.) - C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore
SS - | Demand 20/01/2011 286936 | (SpfService) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 20/01/2011 887000 | (VCFw) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
SS - | Demand 19/05/2011 549616 | (VcmIAlzMgr) . (.Sony Corporation.) - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
SS - | Demand 18/02/2011 99104 | (VcmXmlIfHelper) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
SS - | Demand 13/05/2012 22016 | (wampapache) . (.Apache Software Foundation.) - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
SS - | Demand 19/04/2012 9693696 | (wampmysqld) . (...) - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 19/07/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 21/04/2011 1136640 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SR - | Auto 09/11/2014 3488784 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
SR - | Auto 09/11/2014 298080 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
SR - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 12/07/2011 923984 | (Bluetooth Device Monitor) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Demand 12/07/2011 1321296 | (Bluetooth Media Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
SR - | Auto 12/07/2011 1001808 | (Bluetooth OBEX Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 21/04/2011 134928 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 02/05/2011 1517328 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 20/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 16/06/2011 2375168 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 01/07/2013 1127736 | (iked) . (...) - C:\Program Files\ShrewSoft\VPN Client\iked.exe
SR - | Auto 01/07/2013 810808 | (ipsecd) . (...) - C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
SR - | Auto 17/06/2011 326424 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 15/03/2011 428384 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
SR - | Auto 02/05/2011 844560 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 30/11/2011 260768 | (SampleCollector) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
SR - | Auto 26/10/2010 5790064 | (TabletServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
SR - | Auto 26/10/2010 487280 | (TouchServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
SR - | Auto 23/02/2011 105024 | (uCamMonitor) . (.ArcSoft, Inc..) - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
SR - | Auto 17/06/2011 2656536 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 04/06/2007 63296 | (Uvnc_service) . (...) - C:\Program Files (x86)\UltraVNC Addons\uvnc_service.exe
SR - | Auto 07/07/2011 66696 | (VAIO Event Service) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
SR - | Auto 31/05/2011 552584 | (VAIO Power Management) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
SR - | Demand 20/01/2012 54432 | (VCService) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Care\VCService.exe
SR - | Auto 27/08/2013 948312 | (VSNService) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (19/11/2014)
Clés trouvées (Keys found) : 17
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 8

[HKLM\SYSTEM\CurrentControlSet\Services\Software_update) (Software_update] =>Adware.Boxore^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}] =>Toolbar.Agent
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Classes\Installer\Features\710B547D63348174386AA31E9AED883C] =>Adware.Boxore
[HKLM\Software\Classes\Installer\Products\710B547D63348174386AA31E9AED883C] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\710B547D63348174386AA31E9AED883C] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Classes\Installer\Features\710B547D63348174386AA31E9AED883C] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Classes\Installer\Products\710B547D63348174386AA31E9AED883C] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Boxore Client =>Adware.Boxore^
C:\Program Files (x86)\Boxore =>Adware.Boxore^
C:\Users\Ln\AppData\Local\Boxore =>Adware.Boxore^
C:\Program Files (x86)\Software =>Adware.Boxore
C:\Users\Ln\AppData\Local\Software =>Adware.Boxore
C:\Program Files (x86)\Boxore\Boxore Client\boxore.exe =>Adware.Boxore^
C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe =>Adware.Boxore^
C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job =>Adware.Boxore^
C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore =>Adware.Boxore^
C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job =>Adware.Boxore^
C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA =>Adware.Boxore^
C:\Windows\Installer\272f2f.msi =>Adware.Boxore^
C:\Windows\Installer\a247d0.msi =>Toolbar.Bing^
~ Additionnel Scan: 388034 Items scanned in 00mn 17s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/adware-boxore =>Adware.Boxore
http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
http://nicolascoolman.fr/pup-1clickdownloader =>PUP.1ClickDownloader
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
~ MSI: 5 link(s) detected in 00mn 00s



~ 971 Legitimates filtered by white list
End of the scan (559 lines in 01mn 26s)(0)

Publicité


Signaler le contenu de ce document

Publicité