cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.3.23.32 - Nicolas Coolman (2015-03-23)
~ Lancé par KKmichee (2015-03-24 06:05:16)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17690
GCIE: Google Chrome v41.0.2272.101
OPIE: Opera Stable v28.0.1750.48 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 2RYQ6
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1, 64-bit (Build 9600)

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.0.4.1028
Windows Defender W8 (Deactivate)

---\\ Logiciels d'optimisation du système
CCleaner v4.03

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 PPAPI
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 69 Stepping 1, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 5914 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 90 GB (24%) free of 372 GB

---\\ Mode de connexion au système
~ Computer Name: KMICHEE
~ User Name: KKmichee
~ All Users Names: Kmichee, KKmichee, HomeGroupUser$, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\KKmichee\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\KKmichee\AppData\Roaming\
~ %Desktop% : C:\Users\KKmichee\Desktop\
~ %Favorites% : C:\Users\KKmichee\Favorites\
~ %LocalAppData% : C:\Users\KKmichee\AppData\Local\
~ %StartMenu% : C:\Users\KKmichee\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 90 Go of 372 Go)
D: Hard drive, Flash drive, Thumb drive (Free 3 Go of 26 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 107 Go of 150 Go)
I: Hard drive, Flash drive, Thumb drive (Free 150 Go of 150 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.2015-01-27 - 18:47:12.) -- C:\Windows\Explorer.exe [2501368]
[MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2014-10-28 - 20:25:54.) -- C:\Windows\System32\Wininit.exe [145920]
[MD5.36F99BD8A0F09BDBB7850A138845A014] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2015-02-19 - 20:28:25.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2014-10-28 - 20:22:52.) -- C:\Windows\System32\Winlogon.exe [572416]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.2013-12-21 - 03:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.2014-05-29 - 22:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2013-08-22 - 07:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2013-08-22 - 06:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2013-08-22 - 03:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2014-03-06 - 04:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2014-07-24 - 06:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.49EE0AE9E5B64FFBBD06D55C4984B598] - (.Microsoft Corporation - Pilote de port i8042.) (.2014-11-04 - 01:54:54.) -- C:\Windows\system32\Drivers\i8042prt.sys [108544]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.2013-11-27 - 07:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.2014-10-08 - 02:32:10.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.2013-08-22 - 06:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2014-10-15 - 03:32:37.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.2013-08-22 - 06:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.1BD3022FD6E450B00DE560265638FD2A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2014-11-07 - 22:58:31.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [112640]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.2013-11-14 - 02:16:40.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.2013-08-22 - 08:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2014-06-18 - 21:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/261
~ Mes musiques (My Musics) : 1/3040
~ Mes Videos (My Videos) : 2/4
~ Mes Favoris (My Favorites) : 1/15
~ Mes Documents (My Documents) : 1/7466
~ Mon Bureau (My Desktop) : 4/5114
~ Menu demarrer (Programs) : 1/66
~ Hidden Files: Scanned in 00mn 13s



---\\ Processus lancés
[MD5.3C13F26A4766752314A5413038BD86B4] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.2692]
[MD5.E2310ECEAA1E0DE0EE8FE32C7BAB3422] - (.L'Aventure Multimedia - Dictionnaire MediaDICO pour Windows.) -- C:\Program Files (x86)\Micro Application\38 Dictionnaires et Recueils de Correspondance\MediaDico38.exe [281088] [PID.5140]
[MD5.B00E08BB95583541B2D2DC86792FE798] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1714952] [PID.5204]
[MD5.FB3784D0A806A85952199E0FFCBEE06B] - (.L'Aventure Multimedia - Reconnaissance Automatique de Caractères.) -- C:\Program Files (x86)\Micro Application\38 Dictionnaires et Recueils de Correspondance\RAC38.exe [200792] [PID.5936]
[MD5.4E9AF25BA5E8219310E384AEA5B0EED8] - (.CyberLink - CyberLink MediaLibrary Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576] [PID.6048]
[MD5.434FEE6FF661DCABADB69E55E0747494] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312] [PID.6056]
[MD5.027D0500A592CAED765B9E450129D89E] - (.Yahoo! Inc. - Yahoo! Messenger Tray.) -- C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe [79192] [PID.5428]
[MD5.6C4C7B8F254C05A3B0F350F45009B520] - (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe [51805816] [PID.4788]
[MD5.AB9CE2188CDC307574BB90EC0C572910] - (...) -- C:\Program Files (x86)\Opera\28.0.1750.48\opera_crashreporter.exe [484472] [PID.4176]
[MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [268248] [PID.3476]
[MD5.EF6B4B38332C4EB7B74C0A1CB7094E83] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8188928] [PID.3648]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\KKmichee\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://home.myplaycity.us
~ IE Browser: 23 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (25)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [AgentAntidote32] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 8\Programmes32\AgentAntidote.exe
O4 - HKLM\..\Run: [AgentAntidote64] . (.Druide informatique inc. - AgentAntidote.) -- C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKCU\..\Run: [MediaDICO38] . (.L'Aventure Multimedia - Pas de description.) -- C:\Program Files (x86)\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [iLivid] . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\KKmichee\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - HKCU\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKCU\..\Run: [PrivacyDr] C:\Program Files (x86)\Privacy Dr\PrivacyDr.exe (.not file.) =>PUP.PrivacyDr
O4 - HKCU\..\Run: [Twoo] . (.Massive Media - Twoo.) -- C:\Users\KKmichee\AppData\Roaming\Massive Media\Twoo.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
O4 - HKCU\..\Run: [Viber] . (.Pas de propriétaire - Viber.) -- C:\Users\KKmichee\AppData\Local\Viber\Viber.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\KKmichee\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\KKmichee\AppData\Roaming\Spotify\Spotify.exe
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\KKmichee\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKCU\..\RunOnce: [Application Restart #0] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Service] . (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.PowerISO Computing, Inc. - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [AccelerometerSysTrayApplet] . (.Hewlett-Packard Company - Hp Accelerometer System Tray.) -- C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\Wow6432Node\Run: [Driver Genius] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [BtTray] . (.IVT Corporation - Bluetooth Application.) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [RoxWatchTray] . (.Sonic Solutions - RoxMMTrayApp Module.) -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe =>.Sonic Solutions
O4 - HKLM\..\Wow6432Node\Run: [CPMonitor] . (.Pas de propriétaire - CPMonitor Application.) -- C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [Desktop Disc Tool] . (.Pas de propriétaire - Roxio Burn Launcher.) -- C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe =>.Roxio
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [CanonQuickMenu] . (.CANON INC. - Canon Quick Menu.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.exe
O4 - HKLM\..\Wow6432Node\Run: [IJNetworkScannerSelectorEX] . (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
O4 - HKUS\S-1-5-21-4245138558-3845584268-3336097800-1001\..\Run: [MediaDICO38] . (.L'Aventure Multimedia - Pas de description.) -- C:\Program Files (x86)\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe
O4 - HKUS\S-1-5-21-4245138558-3845584268-3336097800-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-4245138558-3845584268-3336097800-1001\..\Run: [iLivid] . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\KKmichee\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - HKUS\S-1-5-21-4245138558-3845584268-3336097800-1001\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKUS\S-1-5-21-4245138558-3845584268-3336097800-1001\..\Run: [PrivacyDr] C:\Program Files (x86)\Privacy Dr\PrivacyDr.exe (.not file.) =>PUP.PrivacyDr
O4 - HKUS\S-1-5-21-4245138558-3845584268-3336097800-1001\..\Run: [Twoo] . (.Massive Media - Twoo.) -- C:\Users\KKmichee\AppData\Roaming\Massive Media\Twoo.exe
O4 - HKUS\S-1-5-21-4245138558-3845584268-3336097800-1001\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
O4 - HKUS\S-1-5-21-4245138558-3845584268-3336097800-1001\..\Run: [Viber] . (.Pas de propriétaire - Viber.) -- C:\Users\KKmichee\AppData\Local\Viber\Viber.exe
O4 - HKUS\S-1-5-21-4245138558-3845584268-3336097800-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\KKmichee\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-4245138558-3845584268-3336097800-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-4245138558-3845584268-3336097800-1001\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\KKmichee\AppData\Roaming\Spotify\Spotify.exe
O4 - HKUS\S-1-5-21-4245138558-3845584268-3336097800-1001\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\KKmichee\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-4245138558-3845584268-3336097800-1001\..\RunOnce: [Application Restart #0] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D11DADD6-2115-4F76-8A36-1E27231BB622}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D30BC7CF-524F-4DCB-89AB-001EDE76CC06}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D11DADD6-2115-4F76-8A36-1E27231BB622}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D30BC7CF-524F-4DCB-89AB-001EDE76CC06}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (...) -- igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) . (.Pas de propriétaire - SaibSVC Application.) - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
O23 - Service: BOT4Service (BOT4Service) . (...) - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
~ Services: 22 Legitimates Filtered in 00mn 05s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [AI_Updater] (...) -- C:\Program Files (x86)\Tuneup computer A1PCCleaner\updater.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [boosterpop] (...) -- C:\Program Files (x86)\Tuneup computer A1PCCleaner\Probsalert.exe (.not file.) [0]
[MD5.C8F9C9BE3AAC1EBF4ED67CD563304BEF] [APT] [HDNINSTSCHD] (...) -- C:\WINDOWS\PCBHDNW\hdnInstaller.exe [20744]
[MD5.00000000000000000000000000000000] [APT] [IEError] (...) -- C:\Program Files (x86)\Tuneup computer A1PCCleaner\Popialert.exe (.not file.) [0]
[MD5.1C20315E86ECFB4B04D4969548195B7E] [APT] [IE_ERR4WDR] (...) -- C:\Program Files (x86)\Portable WeatherApp\IEError.exe [18696]
[MD5.5C9B001D8970C2DA36254A916F3DA8F7] [APT] [IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473] (...) -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368]
[MD5.5C9B001D8970C2DA36254A916F3DA8F7] [APT] [IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon] (...) -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368]
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.MyPCBackup
[MD5.A1F8D2A9B421C036771CA46C56536CEE] [APT] [Opera scheduled Autoupdate 1411909978] (.Opera Software.) -- C:\Program Files (x86)\Opera\launcher.exe [889976]
[MD5.00000000000000000000000000000000] [APT] [PrivacyDr_Splash] (...) -- C:\Program Files (x86)\Privacy Dr\Splash.exe (.not file.) [0] =>PUP.PrivacyDr
[MD5.6C0680CD6F3F13D33197F86AFDD44C75] [APT] [UPDTEXE4_WDR] (.Portable WeatherApp.) -- C:\Program Files (x86)\Portable WeatherApp\updater.exe [339720]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1088]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1092]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForKKmichee [360]
~ Scheduled Task: 30 Legitimates Filtered in 00mn 03s



---\\ Logiciels installés (O42)
O42 - Logiciel: Salus - (.Salus.) [HKLM][64Bits] -- Salus =>PUP.Salus
O42 - Logiciel: Twoo 2.1.1011 - (.Massive Media.) [HKCU][64Bits] -- {AE0A260B-E40D-4B82-B603-2D98BAD7EFDA}_is1
O42 - Logiciel: WeatherApp - (.Portable WeatherApp.) [HKLM][64Bits] -- {40060F30-F802-40C3-AA01-D084924B60C7}
O42 - Logiciel: Yahoo! Barre d'outils - (...) [HKLM][64Bits] -- Yahoo! Companion
~ Logic: 59 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\CoolROM]
[HKCU\Software\Gameo] =>PUP.Gameo
[HKCU\Software\Genesis] =>PUP.Genesis
[HKCU\Software\GoldenGate]
[HKCU\Software\ICSW1.7]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Massive Media]
[HKCU\Software\OAS OK]
[HKCU\Software\Portable WeatherApp]
[HKCU\Software\PrivacyDR] =>PUP.PrivacyDr
[HKCU\Software\Reg]
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Universal]
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\PIP]
[HKLM\Software\Wow6432Node\Portable WeatherApp]
[HKLM\Software\Wow6432Node\Reg]
[HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp
[HKLM\Software\Wow6432Node\TermTutor] =>PUP.TermTutor
[HKLM\Software\Wow6432Node\Universal]
~ Key Software: 501 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2014-11-23 - 17:31:14 - [] ----D C:\Program Files (x86)\f552dd4c52e3
O43 - CFD: 2014-06-26 - 06:13:53 - [0] ----D C:\Program Files (x86)\HighlightTool
O43 - CFD: 2014-04-02 - 11:16:32 - [0] ----D C:\Program Files (x86)\Jet audio
O43 - CFD: 2015-02-25 - 20:33:34 - [0] ----D C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 2015-02-25 - 20:27:32 - [] ----D C:\Program Files (x86)\Portable WeatherApp
O43 - CFD: 2014-08-20 - 20:23:27 - [] ----D C:\ProgramData\APN
O43 - CFD: 2014-03-10 - 14:39:56 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 2014-09-30 - 09:14:02 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
O43 - CFD: 2014-10-20 - 10:42:18 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
O43 - CFD: 2014-01-15 - 16:06:02 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
O43 - CFD: 2013-12-30 - 23:34:19 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
O43 - CFD: 2013-12-30 - 23:34:19 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
O43 - CFD: 2013-11-14 - 03:16:50 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 2015-02-25 - 20:27:22 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherApp
O43 - CFD: 2014-11-05 - 20:12:52 - [] ----D C:\Users\KKmichee\AppData\Roaming\AdvancedSystemProtector =>PUP.AdvancedSystemProtector
O43 - CFD: 2014-04-23 - 17:55:49 - [] ----D C:\Users\KKmichee\AppData\Roaming\BHOK
O43 - CFD: 2014-11-10 - 21:35:35 - [] ----D C:\Users\KKmichee\AppData\Roaming\Gameo =>PUP.Gameo
O43 - CFD: 2014-11-05 - 20:13:15 - [] --H-D C:\Users\KKmichee\AppData\Roaming\GoldenGate
O43 - CFD: 2014-05-13 - 18:41:42 - [] ----D C:\Users\KKmichee\AppData\Roaming\Massive Media
O43 - CFD: 2014-09-28 - 10:11:23 - [] ----D C:\Users\KKmichee\AppData\Roaming\OAS
O43 - CFD: 2014-09-28 - 09:11:21 - [] ----D C:\Users\KKmichee\AppData\Roaming\RHEng =>PUP.Conduit
O43 - CFD: 2015-01-22 - 11:31:53 - [] ----D C:\Users\KKmichee\AppData\Local\afro-messenger
O43 - CFD: 2014-11-26 - 06:59:05 - [] -SH-D C:\Users\KKmichee\AppData\Local\EmieBrowserModeList
O43 - CFD: 2014-01-28 - 19:41:46 - [0] ----D C:\Users\KKmichee\AppData\Local\genienext =>PUP.NextLive
O43 - CFD: 2014-04-16 - 09:39:54 - [] ----D C:\Users\KKmichee\AppData\Local\HistoryCleaner
O43 - CFD: 2014-11-23 - 17:28:48 - [] ----D C:\Users\KKmichee\AppData\Local\iLivid =>Adware.Bandoo
O43 - CFD: 2014-05-13 - 18:41:46 - [] ----D C:\Users\KKmichee\AppData\Local\Massive Media
O43 - CFD: 2014-02-25 - 10:11:54 - [0] ----D C:\Users\KKmichee\AppData\Local\pinger.com
O43 - CFD: 2014-12-17 - 23:17:47 - [] ----D C:\Users\KKmichee\AppData\Local\tchatfranco
~ Program Folder: 361 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.BDE6152B584ABDA7DA102B363E58354F] - 2015-03-12 - 08:42:53 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [396419]
O44 - LFC:[MD5.459AEE6534F08322ECA4E9359C0CDABE] - 2015-03-12 - 12:54:35 ---A- . (.Pas de propriétaire - Application ContextH.) -- C:\Windows\System32\BWContextHandler.dll [53248]
O44 - LFC:[MD5.A5F320FFE96F6939D2FF39360ADA9B5A] - 2015-03-12 - 12:54:47 ---A- . (.Pas de propriétaire - Gestionnaire de contexte pour réseau person.) -- C:\Windows\System32\BthpanContextHandler.dll [96256]
O44 - LFC:[MD5.97F55D94100BA13A9C0647A4F193700A] - 2015-03-12 - 12:55:20 ---A- . (.Windows (R) Win 7 DDK provider - DSC.) -- C:\Windows\System32\DscCoreConfProv.dll [200192]
O44 - LFC:[MD5.08750A50CF027F93070C8BB78E27C3B7] - 2015-03-12 - 13:15:33 -SH-- . (...) -- C:\Windows\System32\desktop.ini [75]
O44 - LFC:[MD5.94781EFEA55AFDCA3870CA56AC740B48] - 2015-03-13 - 08:07:32 ----- . (...) -- C:\Windows\DtcInstall.log [324]
O44 - LFC:[MD5.C05BB66907A1D24EE707E46599B3AB90] - 2015-03-13 - 08:08:13 ---A- . (...) -- C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat [425]
O44 - LFC:[MD5.73467B6DEB49C1CD019E74E7F1E3C085] - 2015-03-14 - 07:37:50 ---A- . (...) -- C:\IFRToolLog.txt [7257]
~ Files: 2401 Legitimates Filtered in 00mn 54s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{1c08fbde-d948-11e3-bf4c-8056f2be6c44}\AutoRun\command. (...) -- G:\iLinker.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:2013-06-02 - 03:56:58 ---A- . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys [31920]
O58 - SDL:2014-11-20 - 15:47:08 ---A- . (.Windows (R) Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\b786bdb3c67d.sys [51528]
O58 - SDL:2013-08-12 - 18:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:2012-11-21 - 19:43:14 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [165112]
O58 - SDL:2011-06-15 - 03:30:46 ---A- . (.PowerISO Computing, Inc. - PowerISO Virtual Drive.) -- C:\Windows\System32\Drivers\scdemu.sys [93240]
O58 - SDL:2014-01-22 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:2014-01-22 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:2013-08-22 - 07:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 90 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.7DB73608B4503F9595DA306CCA3BF99F] [SPRF][2015-03-23] (...) -- C:\ProgramData\ntuser.dat [262144]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{DA701E76-60C0-4E6A-AA60-670A9391D022}C:\users\kkmichee\appdata\roaming\utorrent\utorrent.exe" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\kkmichee\appdata\roaming\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{7C238664-BB79-426D-9301-87A06965F982}C:\users\kkmichee\appdata\roaming\utorrent\utorrent.exe" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\users\kkmichee\appdata\roaming\utorrent\utorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InternetUpdaterService_RASAPI32 =>PUP.InternetUpdater
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InternetUpdaterService_RASMANCS =>PUP.InternetUpdater
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PrivacyDr_RASAPI32 =>PUP.PrivacyDr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PrivacyDr_RASMANCS =>PUP.PrivacyDr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS =>Hijacker.SmartBar
~ BTK: 137 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}] (Snap.Do) =>Hijacker.SmartBar
~ BCK: 6543 Legitimates Filtered in 00mn 10s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2015-03-17 268976 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 2014-10-03 279952 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 2010-10-12 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 2013-12-08 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2013-12-08 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2013-08-27 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 2014-09-01 640840 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 2014-02-28 174368 | (iumsvc) . (...) - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
SS - | Demand 2010-07-16 1099248 | (RoxMediaDB13) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
SS - | Auto 2010-07-16 354288 | (RoxWatch12) . (.Sonic Solutions.) - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
SS - | Auto 2015-01-02 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 2009-06-02 457200 | (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) . (...) - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
SR - | Auto 2014-12-03 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 2014-08-28 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2012-09-26 1612552 | (BlueSoleilCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
SR - | Auto 2011-08-31 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 2010-07-14 32240 | (BOT4Service) . (...) - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
SR - | Demand 2012-09-19 146184 | (BsHelpCS) . (.IVT Corporation.) - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
SR - | Auto 2013-11-04 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Demand 2013-06-07 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 2013-03-01 43320 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 2013-12-25 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 2014-04-24 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 2014-10-03 329104 | (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe
SR - | Auto 2013-05-14 140936 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 2013-08-27 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 2013-12-10 131544 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 2013-12-10 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 2013-12-10 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 2014-11-21 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 2014-11-21 969016 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 2013-12-16 290520 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Demand 1658-07-22 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 1658-07-22 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 1658-07-22 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 2014-10-28 38792 | C:\WINDOWS\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 2008-11-09 602392 | (YahooAUService) . (.Yahoo! Inc..) - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
~ Services: Scanned in 00mn 10s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (2015-03-23)
Clés trouvées (Keys found) : 26
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 7

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Salus] =>PUP.Salus^
[HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =>PUP.Wajam
[HKLM\Software\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}] =>Hijacker.SmartBar
[HKLM\Software\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASAPI32] =>Hijacker.SmartBar
[HKLM\Software\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}] =>Hijacker.SmartBar
[HKLM\Software\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}] =>Hijacker.SmartBar
[HKLM\Software\Wow6432Node\Microsoft\Tracing\SnapDo_RASMANCS] =>Hijacker.SmartBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}] =>Hijacker.SmartBar
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] =>PUP.Wajam
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\PIP] =>Toolbar.Ask
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:iLivid =>Adware.Bandoo^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo
C:\Program Files (x86)\MyPC Backup =>PUP.MyPCBackup^
C:\Users\KKmichee\AppData\Roaming\AdvancedSystemProtector =>PUP.AdvancedSystemProtector^
C:\Users\KKmichee\AppData\Roaming\Gameo =>PUP.Gameo^
C:\Users\KKmichee\AppData\Roaming\RHEng =>PUP.Conduit^
C:\Users\KKmichee\AppData\Local\genienext =>PUP.NextLive^
C:\Users\KKmichee\AppData\Local\iLivid =>Adware.Bandoo^
[HKCU\Software\Gameo] =>PUP.Gameo^
[HKCU\Software\Genesis] =>PUP.Genesis^
[HKCU\Software\PrivacyDR] =>PUP.PrivacyDr^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
[HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp^
[HKLM\Software\Wow6432Node\TermTutor] =>PUP.TermTutor^
[HKCR\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}] (Snap.Do) =>Hijacker.SmartBar^
~ Additionnel Scan: 501417 Items scanned in 01mn 28s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://www.nicolascoolman.fr/blog/ =>PUP.PrivacyDr
http://nicolascoolman.fr/pup-mobogenie =>PUP.Mobogenie
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://www.nicolascoolman.fr/blog/ =>PUP.Salus
http://www.nicolascoolman.fr/blog/ =>PUP.Gameo
http://nicolascoolman.fr/pup-genesis =>PUP.Genesis
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/rogue-pcspeedup =>Rogue.PCSpeedUp
http://www.nicolascoolman.fr/blog/ =>PUP.TermTutor
http://nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://nicolascoolman.fr/pup-nextlive =>PUP.NextLive
http://nicolascoolman.fr/pup-internetupdater =>PUP.InternetUpdater
http://nicolascoolman.fr/pup-wajam =>PUP.Wajam
http://www.nicolascoolman.fr/blog/ =>Adware.Agent
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>Toolbar.Yahoo
~ MSI: 19 link(s) detected in 00mn 00s



~ 3401 Legitimates filtered by white list
End of the scan (591 lines in 03mn 15s)(0.10)

Publicité


Signaler le contenu de ce document

Publicité