cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.4.28.44 - Nicolas Coolman (28/04/2015)
~ Lancé par F Kouyate (29/04/2015 08:34:01)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17358
MFIE: Mozilla Firefox 31.0 (Defaut)
GCIE: Google Chrome v42.0.2311.90

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK

---\\ Logiciels de protection du système
Avast Free Antivirus v10.2.2218
Microsoft Security Client FR-FR Language Pack v2.1.1116.0
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v4.10

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 15 Plugin

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1916 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 70 GB (46%) free of 149 GB

---\\ Mode de connexion au système
~ Computer Name: FKOUYATE-PC
~ User Name: F Kouyate
~ All Users Names: HelpAssistant, F Kouyate, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\F Kouyate\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\F Kouyate\AppData\Roaming\
~ %Desktop% : C:\Users\F Kouyate\Desktop\
~ %Favorites% : C:\Users\F Kouyate\Favorites\
~ %LocalAppData% : C:\Users\F Kouyate\AppData\Local\
~ %StartMenu% : C:\Users\F Kouyate\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 70 Go of 149 Go)
D: Hard drive, Flash drive, Thumb drive (Free 141 Go of 149 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Explorateur Windows.) (.20/11/2010 - 21:29:20.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.7AE80F921027CF88CB9D0433088A3E55] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.18/09/2014 - 23:59:11.) -- C:\Windows\System32\wininet.dll [1810944]
[MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 01:39:27.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 21:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 06:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 21:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 21:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 21:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 21:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 13:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 21:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 21:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 21:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes musiques (My Musics) : 1/44
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 6/2620
~ Mon Bureau (My Desktop) : 1/307
~ Menu demarrer (Programs) : 1/71
~ Hidden Files: Scanned in 00mn 02s



---\\ Processus lancés
[MD5.6E240D6C2F0DB74BED13AD723D3AB0A1] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904] [PID.3260]
[MD5.2C1B1E9174D94E9F6EE3CF373ABAB7DD] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [137752] [PID.3676]
[MD5.87D78CF6365BDDACBE9D34B60FE0E23B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.3752]
[MD5.4C1F26CFCA34E978CC1311F9F080F675] - (.Synaptics, Inc. - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.3816]
[MD5.89D3DE5E2C77DCD99C56F0E46310AEA0] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [172568] [PID.3892]
[MD5.C8AEBDDAAD605E68DBCCD41CD58FC841] - (.TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840] [PID.2216]
[MD5.1CA034E7FEB38FB4F3484AEC092C403F] - (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe [1564872] [PID.988]
[MD5.E5FFF95D23C48C0ACE7760A515244879] - (.PC Tools - SSDMonit Application.) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103936] [PID.3548]
[MD5.0F484CEBC0E6724B157E644787B66B68] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe [623520] [PID.3604]
[MD5.4333E6C7D2E17C97E1CF10DD4C90FE7A] - (...) -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520] [PID.3712]
[MD5.473898C1DD842538F897CFDC514A2978] - (...) -- C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe [928312] [PID.3792]
[MD5.31EA4BC4328BDBC50CD5CA4870F09E06] - (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496] [PID.3644]
[MD5.C948AC73822CA662CF44185B909EA18B] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe [720064] [PID.3364]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392] [PID.3344]
[MD5.DE76D8D3E89686D2842520CC0D55AF44] - (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe [3161648] [PID.2272]
[MD5.C308A64ADA11595A28E8C5119F2E82EC] - (.TOSHIBA Corporation - TosSENotify.exe.mui.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1021272] [PID.3828]
[MD5.5420880623BD70F2EB6BB62C43620590] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8204800] [PID.4856]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\F Kouyate\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 4 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\F Kouyate\AppData\Roaming\Mozilla\Firefox\Profiles\58xhohop.default\prefs.js
M3 - MFPP: Plugins - [F Kouyate] -- C:\Users\F Kouyate\AppData\Roaming\Mozilla\Firefox\Profiles\58xhohop.default\searchplugins\bingp.xml
M0 - MFSP: prefs.js [F Kouyate - 58xhohop.default] google.com
M2 - MFEP: prefs.js [F Kouyate - 58xhohop.default\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}] [] ST France FF v10.37.0.508 (..)
M2 - MFEP: Extension [F Kouyate - 58xhohop.default] firefox@ghostery.com.xpi
~ Firefox Browser: 32 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France_FF\tbSoft.dll =>Adware.FFToolBar
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} . (.Adblock Plus - Adblock Plus Module.) -- C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Ask Toolbar - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
O3 - Toolbar: Softonic France FF Toolbar - [HKLM]{6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France_FF\tbSoft.dll =>Adware.FFToolBar
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ITSecMng] . (.TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
O4 - HKLM\..\Run: [TWebCamera] . (.TOSHIBA CORPORATION. - Pas de description.) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
O4 - HKLM\..\Run: [TosSENotify] . (.TOSHIBA Corporation - Pas de description.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSDMonitor] . (.PC Tools - SSDMonit Application.) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [VMM Mode Selection] . (...) -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
O4 - HKLM\..\Run: [InternetEverywhere_InternetEverywhere_Launcher.exe] . (...) -- C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\F Kouyate\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKLM\..\policies\Explorer\Run: [Updates] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\system32\SystemProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1883403804-3169365285-2998731734-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-1883403804-3169365285-2998731734-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-21-1883403804-3169365285-2998731734-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-1883403804-3169365285-2998731734-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\F Kouyate\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1883403804-3169365285-2998731734-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C303B47A-9E80-45B5-B7B9-569E3A73728E}: NameServer = 213.136.96.8 213.136.96.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{23F2C9EF-C0F0-4FCD-B985-59A6FD37701B}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{A23F5FF9-4DEB-41F5-A47F-3847CCEE744B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB8F0E93-72C2-4A83-9A82-879E77ACC576}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDC27C03-4221-4423-8E45-8B6746A4CC64}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C303B47A-9E80-45B5-B7B9-569E3A73728E}: NameServer = 213.136.96.8 213.136.96.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{23F2C9EF-C0F0-4FCD-B985-59A6FD37701B}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{A23F5FF9-4DEB-41F5-A47F-3847CCEE744B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{AB8F0E93-72C2-4A83-9A82-879E77ACC576}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{DDC27C03-4221-4423-8E45-8B6746A4CC64}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C303B47A-9E80-45B5-B7B9-569E3A73728E}: NameServer = 213.136.96.8 213.136.96.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{23F2C9EF-C0F0-4FCD-B985-59A6FD37701B}: DhcpNameServer = 213.136.96.157 213.136.96.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{A23F5FF9-4DEB-41F5-A47F-3847CCEE744B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{AB8F0E93-72C2-4A83-9A82-879E77ACC576}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{DDC27C03-4221-4423-8E45-8B6746A4CC64}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.B0EC253506BEE5CC1B004CD0E7A698E9] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe [135368] =>Toolbar.Ask
[MD5.00000000000000000000000000000000] [APT] [{4D9B5284-8900-475D-B10B-7B86B10545C0}] (...) -- F:\Grand Thift Auto 7.exe (.not file.) [0]
[MD5.72A75B45601BC7FB2F00DD4C6633AA79] [APT] [{8251814A-89B3-4626-ACD7-64CD8ABA0F59}] (...) -- C:\Program Files\RocketDock\unins000.exe [689104]
[MD5.76DA2C7C124183ACF74251DB2A336A79] [APT] [{C6491233-73E3-4BE4-8577-4B39DC702A63}] (...) -- C:\Windows\Zuma's Revenge!\uninstall.exe [577024]
[MD5.00000000000000000000000000000000] [APT] [{EB5A972C-FA32-448B-A5CA-550718754E37}] (...) -- G:\supercopier-2-2-en-fr-win.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FF106DCF-48F5-4B7B-A960-CA1B95300E53}] (...) -- C:\Users\F Kouyate\Desktop\pateron kw\encarta 2009\encarta 2009\INSTALL.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1883403804-3169365285-2998731734-1000Core [922]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1883403804-3169365285-2998731734-1000UA [944]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\RMAutoUpdate [298]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\RMSchedule [300]
~ Scheduled Task: 28 Legitimates Filtered in 00mn 03s



---\\ Logiciels installés (O42)
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: Softonic_France_FF Toolbar - (...) [HKLM] -- Softonic_France_FF Toolbar =>Adware.FFToolBar
~ Logic: 14 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\Ask.com]
[HKCU\Software\PCTools]
[HKLM\Software\APN]
[HKLM\Software\AskToolbar]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\PCTools]
[HKLM\Software\Softonic_France_FF] =>Toolbar.Conduit
~ Key Software: 186 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/09/2012 - 16:05:18 - [] ----D C:\Program Files\Ask.com
O43 - CFD: 30/03/2013 - 10:24:18 - [] ----D C:\Program Files\Softonic_France_FF =>Toolbar.Conduit
O43 - CFD: 23/10/2014 - 12:40:07 - [] ----D C:\ProgramData\APN
O43 - CFD: 11/03/2013 - 21:13:56 - [] ----D C:\ProgramData\Windows Update
O43 - CFD: 21/11/2010 - 00:47:05 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 23/10/2014 - 12:40:18 - [] ----D C:\Users\F Kouyate\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 23/10/2014 - 12:40:30 - [] ----D C:\Users\F Kouyate\AppData\Roaming\RHEng =>PUP.Conduit
~ 810 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 1050 Legitimates Filtered in 00mn 15s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.EFDEF61C488A193986D4672658E91532] - 29/04/2015 - 07:41:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24144]
O44 - LFC:[MD5.5BC3300984CEB0CA82A5F6E53C902C51] - 29/04/2015 - 08:00:59 ---A- . (...) -- C:\Windows\Ulead32.ini [358]
~ Files: 21 Legitimates Filtered in 00mn 07s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{465e6216-33f9-11e2-adac-00266c646204}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{52964298-5a9a-11e4-84d3-00266c646204}\AutoRun\command. (...) -- H:\.\Setup.exe (.not file.)
O51 - MPSK:{67ac53f0-79e7-11e3-b543-00266c646204}\AutoRun\command. (...) -- F:\.\Setup.exe (.not file.)
O51 - MPSK:{6910af9d-5a42-11e4-84bc-00266c646204}\AutoRun\command. (...) -- G:\Setup.exe (.not file.)
O51 - MPSK:{78d47f02-f4dc-11e1-b7b0-00266c646204}\AutoRun\command. (...) -- F:\.\Setup.exe (.not file.)
O51 - MPSK:{800f2002-c70b-11e4-bcca-00266c646204}\AutoRun\command. (...) -- G:\.\Setup.exe (.not file.)
O51 - MPSK:{9a84a3ed-744b-11e3-b56e-00266c646204}\AutoRun\command. (...) -- G:\Setup.exe (.not file.)
O51 - MPSK:{a76cb2ef-7ea1-11e3-b529-00266c646204}\AutoRun\command. (...) -- F:\.\Setup.exe (.not file.)
O51 - MPSK:{f9f20bd5-c56e-11e2-b2bd-00266c646204}\AutoRun\command. (...) -- F:\.\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:29/04/2015 - 07:41:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24144] =>.ALWIL Software
O58 - SDL:29/04/2015 - 07:41:37 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49904] =>.ALWIL Software
O58 - SDL:29/04/2015 - 07:41:38 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [209048] =>.ALWIL Software
O58 - SDL:14/07/2009 - 01:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:08/10/2010 - 15:55:06 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:13/07/2009 - 22:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:14/07/2009 - 01:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 21:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 21:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 21:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 21:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 21:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 21:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 21:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 21:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 21:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 21:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 21:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 21:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 21:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 21:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 94 Legitimates Filtered in 00mn 05s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 25/04/2015 - 08:35:17 ---A- . (.ClientConnect Ltd..) -- C:\Users\F Kouyate\AppData\Roaming\Mozilla\Firefox\Profiles\58xhohop.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\Plugins\npFirefoxPlugin.dll [216384] =>PUP.ClientConnect
O61 - LFC: 25/04/2015 - 08:35:17 ---A- . (.ClientConnect Ltd..) -- C:\Users\F Kouyate\AppData\Roaming\Mozilla\Firefox\Profiles\58xhohop.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\ctypes\FirefoxCtype.dll [372000] =>PUP.ClientConnect
O61 - LFC: 25/04/2015 - 08:35:17 ---A- . (.ClientConnect Ltd..) -- C:\Users\F Kouyate\Application Data\Mozilla\Firefox\Profiles\58xhohop.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\Plugins\npFirefoxPlugin.dll [216384] =>PUP.ClientConnect
O61 - LFC: 25/04/2015 - 08:35:17 ---A- . (.ClientConnect Ltd..) -- C:\Users\F Kouyate\Application Data\Mozilla\Firefox\Profiles\58xhohop.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\ctypes\FirefoxCtype.dll [372000] =>PUP.ClientConnect
O61 - LFC: 27/04/2015 - 08:35:15 ---A- . (...) -- C:\Users\F Kouyate\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [634842]
~ 87 Fichiers temporaires (Temporary files)
~ 28 Fichiers cookies (Cookies files)
~ Files: 9 Legitimates Filtered in 00mn 05s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 29/04/2015 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 29/04/2015 - C:\Windows\System32\Drivers\aswVmm.sys (aswVmm) .(...) - LEGACY_ASWVMM
~ Legacy: 93 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.) =>PUP.Torch
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [F Kouyate - 58xhohop.default] user_pref("extensions.asktb.ff-original-keyword-url", "");
O69 - SBI: prefs.js [F Kouyate - 58xhohop.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {84CC2E91-0A2A-4993-9B33-0F5805464279} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://isearch.avg.com =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (MyPlayCity Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {D72F436A-6922-44BD-B0FB-D8F8510F1ED8} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Ask Toolbar.) -- c:\program files\ask.com\fv_be30.ico =>Toolbar.Ask
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\ApnStub_RASAPI32 =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\ApnStub_RASMANCS =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32 =>Toolbar.AskBar
HKLM\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS =>Toolbar.AskBar
~ BTK: 182 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{6D6B212B-2245-4898-8B16-9A11B81FF9E1}] (Softonic France FF Toolbar) =>Adware.FFToolBar
[HKCR\CLSID\{D1E9880F-1C43-4F71-B568-362A41D8AC2F}] (Softonic France FF Findbar) =>Toolbar.Conduit
[HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] (Ask Toolbar) =>Toolbar.Ask
~ BCK: 5629 Legitimates Filtered in 00mn 15s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 30/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 30/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 07/08/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 01/04/2011 152496 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SR - | Auto 29/04/2015 343336 | (avast! Antivirus) . (.Avast Software s.r.o..) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 07/04/2014 346680 | (InternetEverywhere_Service) . (...) - C:\Program Files\InternetEverywhere\InternetEverywhere_Service.exe
SR - | Auto 11/03/2014 22216 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 23/07/2012 793088 | (PCToolsSSDMonitorSvc) . (.PC Tools.) - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
SR - | Demand 05/02/2010 111960 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 17s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by F Kouyate at 29/04/2015 08:36:09
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (28/04/2015)
Clés trouvées (Keys found) : 70
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 6

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D6B212B-2245-4898-8B16-9A11B81FF9E1}] =>Adware.FFToolBar^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_France_FF Toolbar] =>Adware.FFToolBar^
[HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.Ask
[HKLM\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\APN] =>Toolbar.Ask
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\AppDataLow\Software\Softonic_France_FF] =>Toolbar.Conduit
[HKLM\Software\Softonic_France_FF] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Adware.SimilarSites
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\secman.DLL] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Classes\Toolbar.CT2207610] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Ask^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShopperReports
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:ApnUpdater =>Adware.GameSpyArcade
C:\Program Files\Softonic_France_FF =>Toolbar.Conduit^
C:\Users\F Kouyate\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\F Kouyate\AppData\Roaming\RHEng =>PUP.Conduit^
C:\Program Files\Ask.com =>Toolbar.AskBar
C:\Users\F Kouyate\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
C:\Users\F Kouyate\AppData\LocalLow\Softonic_France_FF =>Toolbar.Conduit
C:\Program Files\Ask.com\UpdateTask.exe =>Toolbar.Ask^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.) =>PUP.Torch^
[HKCR\CLSID\{6D6B212B-2245-4898-8B16-9A11B81FF9E1}] (Softonic France FF Toolbar) =>Adware.FFToolBar^
[HKCR\CLSID\{D1E9880F-1C43-4F71-B568-362A41D8AC2F}] (Softonic France FF Findbar) =>Toolbar.Conduit^
[HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] (Ask Toolbar) =>Toolbar.Ask^
~ Additionnel Scan: 230062 Items scanned in 00mn 32s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>Adware.FFToolBar
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://www.nicolascoolman.fr/blog/ =>PUP.ClientConnect
http://www.nicolascoolman.fr/blog/ =>PUP.Torch
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskTBar
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
http://nicolascoolman.fr/pup-whitesmoke =>PUP.Whitesmoke
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://nicolascoolman.fr/pup-toparcadehits =>PUP.ToparcadeHits
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.fr/adware-similarsites =>Adware.SimilarSites
http://www.nicolascoolman.fr/blog/ =>Adware.ShopperReports
http://www.nicolascoolman.fr/blog/ =>Adware.GameSpyArcade
~ MSI: 17 link(s) detected in 00mn 00s



~ 1649 Legitimates filtered by white list
End of the scan (615 lines in 02mn 43s)(0.2)

Publicité


Signaler le contenu de ce document

Publicité