cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.3.15.30 - Nicolas Coolman (15/03/2015)
~ Lancé par Vanessa (16/03/2015 15:43:55)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17690
GCIE: Google Chrome v41.0.2272.89

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 2DG7T
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1, 64-bit (Build 9600)

---\\ Logiciels de protection du système
Windows Defender W8 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v4.15

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI
Adobe Reader XI

---\\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3658 MB (46% free)
System Restore: Activé (Enable)
System drive C: has 166 GB (83%) free of 200 GB

---\\ Mode de connexion au système
~ Computer Name: VANESS
~ User Name: Vanessa
~ All Users Names: Vanessa, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Vanessa\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Vanessa\AppData\Roaming\
~ %Desktop% : C:\Users\Vanessa\Desktop\
~ %Favorites% : C:\Users\Vanessa\Favorites\
~ %LocalAppData% : C:\Users\Vanessa\AppData\Local\
~ %StartMenu% : C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 166 Go of 200 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 185 Go of 248 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.28/01/2015 - 00:47:12.) -- C:\Windows\Explorer.exe [2501368]
[MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Application de démarrage de Windows.) (.29/10/2014 - 02:25:54.) -- C:\Windows\System32\Wininit.exe [145920]
[MD5.36F99BD8A0F09BDBB7850A138845A014] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/02/2015 - 02:28:25.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.29/10/2014 - 02:22:52.) -- C:\Windows\System32\Winlogon.exe [572416]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.12/03/2014 - 06:19:20.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.30/05/2014 - 04:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 10:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/07/2014 - 12:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.49EE0AE9E5B64FFBBD06D55C4984B598] - (.Microsoft Corporation - Pilote de port i8042.) (.04/11/2014 - 07:54:54.) -- C:\Windows\system32\Drivers\i8042prt.sys [108544]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.15/01/2014 - 16:52:52.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.08/10/2014 - 08:32:10.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.15/10/2014 - 09:32:37.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.1BD3022FD6E450B00DE560265638FD2A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.08/11/2014 - 04:58:31.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [112640]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 - 04:59:53.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/06/2014 - 03:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1757
~ Mes musiques (My Musics) : 1/34
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/38
~ Mon Bureau (My Desktop) : 1/445
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 03s



---\\ Processus lancés
[MD5.1B38F4C2BCDB133B757E22BEB61FB3FC] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1176176] [PID.488]
[MD5.7745AF3A195DE53C2C6C592A0984A8D1] - (.Maxthon International ltd. - Maxthon Cloud Browser.) -- C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [258840] [PID.3784]
[MD5.0706510EDEDAF0F4C28B2D98E785DD42] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8186368] [PID.616]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Vanessa\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 11s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\ymu0vt9u.default\prefs.js
C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\ymu0vt9u.default\user.js
M3 - MFPP: Plugins - [Vanessa] -- C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\ymu0vt9u.default\searchplugins\yahoo_ff.xml
M2 - MFEP: prefs.js [Vanessa - ymu0vt9u.default\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}] [] Start Page v2.6 (..)
~ Firefox Browser: 6 Legitimates Filtered in 00mn 06s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr
R3 - URLSearchHook: IObit Apps Toolbar [64Bits] - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) (10, 0, 0, 2) -- C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll =>PUP.Dealio
R3 - URLSearchHook: (no name) [64Bits] - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) (No version) -- (.not file.) =>PUP.Dealio
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (15516)
~ Hosts File: Scanned in 00mn 54s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IObit Apps Toolbar [64Bits] - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) -- C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE.dll =>PUP.Dealio
~ BHO: 7 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Classic Explorer Bar - [HKLM]{553891B7-A0D5-4526-BE18-D3CE461D6310} . (.IvoSoft - Adds classic Windows Explorer features.) -- C:\Program Files\Classic Shell\ClassicExplorer64.dll
O3 - Toolbar: IObit Apps Toolbar - [HKLM]{03EB0E9C-7A91-4381-A220-9B52B641CDB1} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) -- C:\Program Files (x86)\IObit Apps Toolbar\IE\10.0\iobitappsToolbarIE64.dll =>PUP.Dealio
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Acheter en ligne.lnk . (...) -- C:\Program Files (x86)\Accessory Store\StartUrl.exe (.not file.)
O4 - GS\QuickLaunch [Vanessa]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vanessa\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Vanessa]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vanessa\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 3 Legitimates Filtered in 00mn 50s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Classic Start Menu] . (.IvoSoft - Classic Start Menu.) -- C:\Program Files\Classic Shell\ClassicStartMenu.exe
O4 - HKCU\..\Run: [Facebook Update] C:\Users\Vanessa\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.)
O4 - HKCU\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [NextLive] C:\Users\Vanessa\AppData\Roaming\newnext.me\nengine.dll (.not file.) =>PUP.NextLive
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKLM\..\Wow6432Node\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Wow6432Node\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 7] C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [SmartRAM] C:\Program Files (x86)\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 7] C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [SmartRAM] C:\Program Files (x86)\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe (.not file.)
O4 - HKUS\S-1-5-21-4081947193-1500274069-1525226555-1001\..\Run: [Facebook Update] C:\Users\Vanessa\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.)
O4 - HKUS\S-1-5-21-4081947193-1500274069-1525226555-1001\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
O4 - HKUS\S-1-5-21-4081947193-1500274069-1525226555-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 01s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Classic IE Settings [64Bits] - {56753E59-AF1D-4FBA-9E15-31557124ADA2} -- Clé orpheline
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E176F4A-2611-4533-8562-8318F02790B4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C51A7352-0CB6-48AA-A24A-EA022C33A08A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6E176F4A-2611-4533-8562-8318F02790B4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C51A7352-0CB6-48AA-A24A-EA022C33A08A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\Vanessa\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [Digital Sites] (...) -- C:\Users\Vanessa\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe (.not file.) [0] =>Hijacker.DSite
[MD5.00000000000000000000000000000000] [APT] [MySearchDial] (...) -- C:\Users\Vanessa\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe (.not file.) [0] =>Adware.MyWebSearch
[MD5.00000000000000000000000000000000] [APT] [PcPMSplash] (...) -- C:\Program Files (x86)\PcPrivacyMaster\Splash.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: Digital Sites - (...) -- C:\Windows\Tasks\Digital Sites.job [330] =>Hijacker.DSite
O39 - APT: Digital Sites - (...) -- C:\Windows\System32\Tasks\Digital Sites [330] =>Hijacker.DSite
O39 - APT: - (..) -- C:\Windows\Tasks\Driver Booster SkipUAC (Vanessa).job [266]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Driver Booster SkipUAC (Vanessa) [266]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4081947193-1500274069-1525226555-1001Core [928]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4081947193-1500274069-1525226555-1001UA [950]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1086]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1090]
O39 - APT: MySearchDial - (...) -- C:\Windows\Tasks\MySearchDial.job [330] =>Adware.MyWebSearch
O39 - APT: MySearchDial - (...) -- C:\Windows\System32\Tasks\MySearchDial [330] =>Adware.MyWebSearch
~ Scheduled Task: 25 Legitimates Filtered in 00mn 16s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\40594InstEnd]
[HKCU\Software\5b2dedbe13fb840] =>Hijacker.Eazel
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Markement]
[HKCU\Software\Search Settings] =>Adware.SearchSettings
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Search Settings] =>Adware.SearchSettings
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\anset]
~ Key Software: 276 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/07/2013 - 10:47:47 - [] ----D C:\ProgramData\APN
O43 - CFD: 10/09/2012 - 20:10:39 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 28/11/2014 - 11:59:49 - [] ----D C:\ProgramData\ClassicShell
O43 - CFD: 09/12/2014 - 13:15:17 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 01/11/2014 - 18:09:38 - [0] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 01/01/2014 - 12:39:07 - [] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 30/09/2013 - 05:00:03 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 21/02/2014 - 22:27:26 - [0] ----D C:\Users\Vanessa\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
O43 - CFD: 29/07/2013 - 07:19:17 - [0] ----D C:\Users\Vanessa\AppData\Roaming\Booster
O43 - CFD: 16/03/2015 - 06:27:47 - [] ----D C:\Users\Vanessa\AppData\Roaming\ClassicShell
O43 - CFD: 21/03/2013 - 17:33:57 - [] ----D C:\Users\Vanessa\AppData\Roaming\lm
O43 - CFD: 28/11/2014 - 12:00:11 - [] ----D C:\Users\Vanessa\AppData\Roaming\ProductData
O43 - CFD: 30/10/2014 - 14:48:30 - [] ----D C:\Users\Vanessa\AppData\Roaming\Slick Savings =>PUP.Dealio
O43 - CFD: 25/04/2014 - 12:13:26 - [0] ----D C:\Users\Vanessa\AppData\Local\genienext =>PUP.NextLive
O43 - CFD: 22/12/2013 - 22:18:51 - [] ----D C:\Users\Vanessa\AppData\Local\HistoryCleaner
O43 - CFD: 21/02/2014 - 22:09:00 - [] ----D C:\Users\Vanessa\AppData\Local\Popajar =>Toolbar.Conduit
O43 - CFD: 30/10/2014 - 14:48:32 - [] ----D C:\Users\Vanessa\AppData\Local\Slick Savings =>PUP.Dealio
O43 - CFD: 25/04/2014 - 12:13:26 - [] ----D C:\Users\Vanessa\AppData\Local\SwvUpdater =>PUP.Software.Updater
~ Program Folder: 228 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.17696B5ACDBDFFC7D26C4B56BF132AD5] - 09/03/2015 - 17:28:11 ---A- . (...) -- C:\Windows\System32\Drivers\EUBKMON.sys [48168]
O44 - LFC:[MD5.FCFD172899D0A026E5BD29F4775BFA76] - 09/03/2015 - 17:28:13 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver.) -- C:\Windows\System32\Drivers\eudskacs.sys [18472]
O44 - LFC:[MD5.E47A0ECA90AF393983EF30E458606BB5] - 09/03/2015 - 17:28:13 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver.) -- C:\Windows\System32\Drivers\eubakup.sys [60968]
O44 - LFC:[MD5.1D866B50C9B1BA3FE90CC81E0DBC0E15] - 09/03/2015 - 17:28:13 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver.) -- C:\Windows\System32\Drivers\EuFdDisk.sys [192040]
O44 - LFC:[MD5.68E45A1C1D5B16BD859B28D1F32EA8B1] - 09/03/2015 - 18:08:20 ---A- . (...) -- C:\Windows\OutLog.txt [28]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 09/03/2015 - 18:08:28 ---A- . (...) -- C:\Windows\BcdLog.txt [0]
O44 - LFC:[MD5.BDE6152B584ABDA7DA102B363E58354F] - 11/03/2015 - 17:58:02 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [396419]
O44 - LFC:[MD5.6973EE800A7369917EE05D2A5ECADFEF] - 13/03/2015 - 16:57:44 ---A- . (...) -- C:\Windows\wininit.ini [1749]
O44 - LFC:[MD5.5352A88349A9AC33C7E44CEF854F5E9D] - 13/03/2015 - 18:57:35 ---A- . (...) -- C:\Windows\ampa.exe [1811568]
O44 - LFC:[MD5.091F08BCEE2AEDDC89070370552DFD34] - 13/03/2015 - 18:57:36 ---A- . (...) -- C:\Windows\System32\ampa.sys [17008]
O44 - LFC:[MD5.3DEB5527303A2BB2034E6991853576EC] - 13/03/2015 - 19:36:51 ---A- . (...) -- C:\Windows\ampa.ini [286]
O44 - LFC:[MD5.FCE9BEE444CFDA4F828F8E27F0839814] - 13/03/2015 - 19:54:30 --H-- . (...) -- C:\AMTAG.BIN [1024]
~ Files: 83 Legitimates Filtered in 00mn 41s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{49b66f3c-0055-11e4-bf7b-4c72b99011d0}\AutoRun\command. (...) -- F:\WD SmartWare.exe (.not file.)
O51 - MPSK:{da52d10c-fb74-11e1-be6a-806e6f6e6963}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
O51 - MPSK:{fa4e21fa-79dd-11e4-bfa5-4c72b99011d0}\AutoRun\command. (...) -- F:\Startme.exe (.not file.)
O51 - MPSK:{ff9ce905-0a7c-11e4-bf83-4c72b99011d0}\AutoRun\command. (...) -- F:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:19/10/2012 - 03:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:19/10/2012 - 03:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:15/12/2014 - 00:59:40 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver.) -- C:\Windows\System32\Drivers\eubakup.sys [60968]
O58 - SDL:15/12/2014 - 00:59:40 ---A- . (...) -- C:\Windows\System32\Drivers\EUBKMON.sys [48168]
O58 - SDL:15/12/2014 - 00:59:40 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver.) -- C:\Windows\System32\Drivers\eudskacs.sys [18472]
O58 - SDL:15/12/2014 - 00:59:40 ---A- . (.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver.) -- C:\Windows\System32\Drivers\EuFdDisk.sys [192040]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:18/03/2013 - 16:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:18/12/2013 - 11:33:16 ---A- . (...) -- C:\Windows\System32\ampa.sys [17008]
O58 - SDL:18/12/2013 - 11:33:16 ---A- . (...) -- C:\Windows\SysWOW64\ampa.sys [17008]
~ Drivers: 55 Legitimates Filtered in 00mn 07s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Maxthon International ltd. - Maxthon Cloud Browser.) -- C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {57A945E3-2D48-4124-9C3D-B6CD5028378B} [DefaultScope] - (Yahoo) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {765CB547-AC90-4095-A0B2-86D536AB5144} - (Yahoo) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.C88BDA3DA723203308434C8C0C2AA048] [SPRF][12/05/2014] (.Yahoo! Inc. - Yahoo! Messenger Suite Install Bootstrapper.) -- C:\Users\Vanessa\Desktop\msgr11fr.exe [693704]
[MD5.BDC000B51D8267025C563127E694E454] [SPRF][22/07/2014] (...) -- C:\Users\Vanessa\Desktop\SkypeSetupFull.exe [676376]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{49A13E2F-1A78-42C5-A63E-30A4A03DCD03}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vanessa\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{BEE01B06-5774-4D28-A6D7-90664593644B}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vanessa\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 21s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "3356AC34C0E398B49AF93621243FCC3F" . (.IObit Apps Toolbar v10.0.) -- C:\WINDOWS\Installer\{43CA6533-3E0C-4B89-A99F-631242F3CCF3}\ARPPRODUCTICON.exe =>PUP.Dealio
~ Update Products: 1 Legitimates Filtered in 00mn 01s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5b2dedbe13fb840\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5b2dedbe13fb840\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80" =>Hijacker.Eazel
[HKCU\Software\5b2dedbe13fb840] =>PUP.Babylon^
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.AB8EB94F3BB404125A5D71A17A94A274] [WIS][30/10/2014] (.Spigot, Inc. - Widgi Toolbar.) -- C:\Windows\Installer\3a9f67.msi [5286400] =>PUP.Dealio
~ WIS: 1 Legitimates Filtered in 00mn 08s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASMANCS =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fortunitas_RASAPI32 =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fortunitas_RASMANCS =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASMANCS =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASAPI32 =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASMANCS =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSquirrelWeb_RASAPI32 =>PUP.SquirrelWeb
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSquirrelWeb_RASMANCS =>PUP.SquirrelWeb
~ BTK: 76 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] (IObit Apps Toolbar) =>PUP.Dealio
~ BCK: 5046 Legitimates Filtered in 00mn 41s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 16/03/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 31/07/2012 466064 | (DeviceFastLaneService) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe
SS - | Disabled 31/07/2012 659600 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
SS - | Auto 10/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 17/12/2013 46904 | (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
SS - | Disabled 26/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SS - | Auto 29/10/2014 38792 | C:\Windows\System32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 29/10/2014 38792 | C:\Windows\System32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Disabled 10/09/2012 93296 | (RfButtonDriverService) . (.Dritek System INC..) - C:\Windows\RfBtnSvc64.exe
SS - | Auto 02/01/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 03/12/2013 79000 | (SOHDs) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
SS - | Demand 04/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
SS - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 29/10/2014 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 03/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/07/2014 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 04/07/2014 344064 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 21/08/2012 348784 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Demand 29/10/2014 38792 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\system32\svchost.exe
SR - | Auto 29/10/2014 38792 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\system32\svchost.exe
SR - | Auto 03/10/2014 485400 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
SR - | Auto 16/01/2014 495248 | (SOHDms) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
SR - | Demand 01/12/2011 289952 | (SpfService) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
SR - | Auto 06/08/2014 5052224 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Demand 22/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 22/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 46s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (15/03/2015)
Clés trouvées (Keys found) : 19
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 9
Fichiers trouvés (Files found) : 10

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] =>PUP.Dealio^
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\Search Settings] =>PUP.Dealio
[HKCU\Software\AppDataLow\Software\Search Settings] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Search Settings] =>PUP.Dealio
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9] =>PUP.Dealio
[HKCU\Software\IObit Apps] =>PUP.Dealio
[HKCU\Software\AppDataLow\Software\IObit Apps] =>PUP.Dealio
[HKLM\Software\Wow6432Node\IObit Apps] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{03EB0E9C-7A91-4381-A220-9B52B641CDB1} =>PUP.Dealio^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{03EB0E9C-7A91-4381-A220-9B52B641CDB1} =>PUP.Dealio^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:NextLive =>PUP.NextLive^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Vanessa\AppData\Roaming\Slick Savings =>PUP.Dealio^
C:\Users\Vanessa\AppData\Local\genienext =>PUP.NextLive^
C:\Users\Vanessa\AppData\Local\Popajar =>Toolbar.Conduit^
C:\Users\Vanessa\AppData\Local\Slick Savings =>PUP.Dealio^
C:\Users\Vanessa\AppData\Local\SwvUpdater =>PUP.Software.Updater^
C:\Program Files (x86)\IObit Apps Toolbar =>PUP.Dealio
C:\Users\Vanessa\AppData\LocalLow\Search Settings =>PUP.Dealio
C:\Windows\Tasks\Digital Sites.job =>Hijacker.DSite^
C:\Windows\System32\Tasks\Digital Sites =>Hijacker.DSite^
C:\Windows\Tasks\MySearchDial.job =>Adware.MyWebSearch^
C:\Windows\System32\Tasks\MySearchDial =>Adware.MyWebSearch^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\5b2dedbe13fb840\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\5b2dedbe13fb840] =>PUP.Babylon^^
C:\Windows\Installer\3a9f67.msi =>PUP.Dealio^
[HKCR\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] (IObit Apps Toolbar) =>PUP.Dealio^
~ Additionnel Scan: 252119 Items scanned in 02mn 21s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-dealio =>PUP.Dealio
http://nicolascoolman.fr/pup-nextlive =>PUP.NextLive
http://nicolascoolman.fr/pup-dealply =>PUP.DealPly
http://nicolascoolman.fr/hijacker-dsite =>Hijacker.DSite
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/adware-searchsettings =>Adware.SearchSettings
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://nicolascoolman.fr/adware-lollipop =>Adware.Lollipop
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/pup-software-updater =>PUP.Software.Updater
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://nicolascoolman.fr/hijacker-findrtoolbar =>Hijacker.FindrToolbar
http://nicolascoolman.fr/pup-fortunitas =>PUP.Fortunitas
http://www.nicolascoolman.fr/blog/ =>Adware.NewPlayer
http://www.nicolascoolman.fr/blog/ =>PUP.SquirrelWeb
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://www.nicolascoolman.fr/blog/ =>Toolbar.Yahoo
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
~ MSI: 22 link(s) detected in 00mn 00s



~ 789 Legitimates filtered by white list
End of the scan (571 lines in 08mn 06s)(0.10)

Publicité


Signaler le contenu de ce document

Publicité