cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Report of ZHPDiag v2015.4.1.34 - Nicolas Coolman (29.03.2015)
~ Launched by Ana (02.04.2015 13:04:04)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Web forum address : http://forum.nicolascoolman.fr
~ Translated by
~ Version State : Updated version.
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.17690 (Defaut)
MFIE: Mozilla Firefox 35.0
GCIE: Google Chrome v41.0.2272.101

---\\ Windows product information
~ Langage: Anglais
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1 Pro, 32-bit (Build 9600)

---\\ System protection software
Windows Defender W8 (Deactivate)

---\\ System optimization software
CCleaner v5.01

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 16 NPAPI

---\\ Information on the system
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2940 MB (65% free)
System Restore: Activé (Enable)
System drive C: has 85 GB (73%) free of 117 GB

---\\ Connection to the system mode
~ Computer Name: HOME
~ User Name: Ana
~ All Users Names: Gast, Ana, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Ana\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Ana\AppData\Roaming\
~ %Desktop% : C:\Users\Ana\Desktop\
~ %Favorites% : C:\Users\Ana\Favorites\
~ %LocalAppData% : C:\Users\Ana\AppData\Local\
~ %StartMenu% : C:\Users\Ana\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 85 Go of 117 Go)
D: Hard drive, Flash drive, Thumb drive (Free 41 Go of 116 Go)
E: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.91E24273FCA076EA9E65DAFA98901225] - (.Microsoft Corporation - Windows-Explorer.) (.28.01.2015 - 00:41:17.) -- C:\Windows\Explorer.exe [2207488]
[MD5.02BC073156B3097E94D63C4D609020DD] - (.Microsoft Corporation - Windows-Startanwendung.) (.22.08.2013 - 03:49:55.) -- C:\Windows\System32\Wininit.exe [112640]
[MD5.EA6EA6912F27F05C61D8D747517EB47E] - (.Microsoft Corporation - Interneterweiterungen für Win32.) (.20.02.2015 - 02:01:25.) -- C:\Windows\System32\wininet.dll [1888256]
[MD5.70C57DC69D4A7D92D2CAC90C3AD16E6F] - (.Microsoft Corporation - Windows-Anmeldeanwendung.) (.24.09.2014 - 04:40:41.) -- C:\Windows\System32\Winlogon.exe [459264]
[MD5.BFB9E1202225113991F981D29BFB9029] - (.Microsoft Corporation - Softwarelizenzierungsbibliothek.) (.24.09.2014 - 04:40:41.) -- C:\Windows\System32\sppcomapi.dll [438272]
[MD5.D75FB05E8DBF21FA0EF313C7503243F1] - (.Microsoft Corporation - Treiber für zusätzliche WinSock-Funktionen.) (.24.09.2014 - 05:17:21.) -- C:\Windows\system32\Drivers\AFD.sys [461312]
[MD5.72FCAE2CE6DFEAB2AB072435017F3417] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22.08.2013 - 06:33:25.) -- C:\Windows\system32\Drivers\atapi.sys [23392]
[MD5.CE232BB0965C0C0B786C3F976CCBFB7D] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22.08.2013 - 05:11:55.) -- C:\Windows\system32\Drivers\Cdfs.sys [73728]
[MD5.E2FC132D48EA4E8B04432C33EFB77801] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22.08.2013 - 02:59:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [124928]
[MD5.55758EBBC45E1628161121D7CFEAD4A1] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.24.09.2014 - 04:54:46.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.7E0EDA9EE53E344D1604EB2A7E8DED47] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24.09.2014 - 04:45:32.) -- C:\Windows\system32\Drivers\HDAudBus.sys [69632]
[MD5.5043E69532392A43549E5D41E22638AA] - (.Microsoft Corporation - i8042-Anschlusstreiber.) (.22.08.2013 - 05:10:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [82944]
[MD5.FA6C94C754A566EA8A61D658932F32DE] - (.Microsoft Corporation - IP Network Address Translator.) (.24.09.2014 - 04:40:47.) -- C:\Windows\system32\Drivers\IpNat.sys [126976]
[MD5.E11D4B798CF0FF9F739CD9BDC552FF08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.30.04.2014 - 06:29:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [333312]
[MD5.BC242922B0D08F61CF7C87FD08FAFA8B] - (.Microsoft Corporation - MBT Transport driver.) (.22.08.2013 - 05:08:26.) -- C:\Windows\system32\Drivers\netBT.sys [218624]
[MD5.CE53EAE5F11E8546058AF20C39E5F259] - (.Microsoft Corporation - NT-Dateisystemtreiber.) (.24.09.2014 - 04:45:32.) -- C:\Windows\system32\Drivers\ntfs.sys [1678656]
[MD5.4F30970F15ADCC382544B31D5D7E368E] - (.Microsoft Corporation - Treiber für parallelen Anschluss.) (.22.08.2013 - 05:11:49.) -- C:\Windows\system32\Drivers\Parport.sys [81408]
[MD5.C51AB62AB41A2E8560D12472B204CC00] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22.08.2013 - 05:07:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [81920]
[MD5.67E91843B0344411820A012063E876B2] - (.Microsoft Corporation - Geräte-Redirector für Microsoft RDP.) (.24.09.2014 - 04:18:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [143872]
[MD5.DB0C184142CF9FA1746F598A16EE92B2] - (.Microsoft Corporation - TDI Translation Driver.) (.22.08.2013 - 07:13:54.) -- C:\Windows\system32\Drivers\tdx.sys [87040]
[MD5.31A2AA48C1ECD390E2707E5C21B75DCE] - (.Microsoft Corporation - Volumeschattenkopie-Treiber.) (.24.09.2014 - 04:45:32.) -- C:\Windows\system32\Drivers\volsnap.sys [264512]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 1/14
~ Mon Bureau (My Desktop) : 1/228
~ Menu demarrer (Programs) : 1/66
~ Hidden Files: Scanned in 00mn 00s



---\\ Process running
[MD5.2197DED64442B4B342971598208A7D1A] - (.Microsoft Corporation - Hostprozess für Windows-Aufgaben.) -- C:\WINDOWS\system32\taskhostex.exe [66624] [PID.424]
[MD5.F217EF2EA31D8F73504B1CD2F9787D9D] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [809288] [PID.1440]
[MD5.6076B562F7848DED4CDB128B485B6132] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8195072] [PID.1044]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Ana\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Google Chrome Extension Folder
G2 - EXT: C:\Users\Ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [__MSG_appName__]
~ Google Lines Browser: 14 Legitimates Filtered in 00mn 06s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [Ana - lksbrxr7.default\abs@avira.com] [] Segurança do navegador Avira v1.4.5 (..)
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Canon Easy-WebPrint EX - [HKLM]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} . (.CANON INC. - Easy-WebPrint EX.) -- C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DivXMediaServer] . (.DivX, LLC - DivX Media Server Launcher.) -- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] . (.No owner - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\Run: [CanonQuickMenu] . (.CANON INC. - Canon Quick Menu.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd
O4 - HKUS\S-1-5-21-762300394-599286918-2578638669-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F509D1AE-1E46-42A0-8105-8789013D053F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F509D1AE-1E46-42A0-8105-8789013D053F}: DhcpDomain = fritz.box
O17 - HKLM\System\CS1\Services\Tcpip\..\{F509D1AE-1E46-42A0-8105-8789013D053F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F509D1AE-1E46-42A0-8105-8789013D053F}: DhcpDomain = fritz.box
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML-Anzeige.) -- C:\Windows\System32\mshtml.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [upfs7235] (...) -- C:\Program Files\Flwsrf\upfs7235.exe (.not file.) [0] =>Adware.Abengine
[MD5.00000000000000000000000000000000] [APT] [{650ECC50-48AC-4437-B6CC-C04104F8179E}] (...) -- C:\Users\Ana\AppData\Roaming\omiga-plus\UninstallMAnager.exe (.not file.) [0] =>Hijacker.OmigaPlus
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [884]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1112]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1116]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Corez]
[HKCU\Software\test]
[HKLM\Software\MaxPower]
[HKLM\Software\WordProser_1.10.0.6] =>PUP.WordProser
[HKLM\Software\bb45c7e9-73e0-e3ff-7bf9-e05a364e3036] =>PUP.CrossRider
~ Key Software: 135 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 24.09.2014 - 06:51:12 - [] ----D C:\Program Files\Embedded Lockdown Manager
O43 - CFD: 05.01.2015 - 16:01:36 - [] ----D C:\ProgramData\928458613
O43 - CFD: 05.01.2015 - 21:49:13 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 24.09.2014 - 06:51:12 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager
O43 - CFD: 24.09.2014 - 05:18:53 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 11.01.2015 - 00:43:43 - [] -SH-D C:\Users\Ana\AppData\Local\EmieBrowserModeList
O43 - CFD: 08.01.2015 - 00:06:44 - [] -SH-D C:\Users\Ana\AppData\Local\Verlauf
~ Program Folder: 133 Legitimates Filtered in 00mn 00s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.08750A50CF027F93070C8BB78E27C3B7] - 01.04.2015 - 23:45:06 -SHA- . (...) -- C:\Windows\System32\desktop.ini [75]
O44 - LFC:[MD5.27FC634040B604BDC1BEB58EB938CF5D] - 01.04.2015 - 23:52:57 ----- . (...) -- C:\Windows\DtcInstall.log [972]
O44 - LFC:[MD5.7B426B8E809EDF081D771EF429345528] - 02.04.2015 - 10:04:58 ---A- . (...) -- C:\Windows\System32\Drivers\sp_rsdrv2.sys [32768]
~ Files: 15 Legitimates Filtered in 00mn 02s



---\\ Latest files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.29B6841FEBB6A28DD3945E0DD04F8778] - 01.03.2015 - 19:24:14 ---A- - C:\Windows\Prefetch\ASKINSTALLER.EXE-49FE6128.pf =>Toolbar.Ask
~ Prefetcher: 1 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:13.08.2013 - 00:25:32 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [16088]
O58 - SDL:21.06.2011 - 10:24:06 ---A- . (...) -- C:\Windows\System32\Drivers\sp_rsdrv2.sys [32768]
O58 - SDL:22.01.2014 - 08:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [88576]
O58 - SDL:22.01.2014 - 08:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [184192]
O58 - SDL:22.08.2013 - 06:32:57 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys [26976]
O58 - SDL:01.11.2013 - 05:02:06 ---A- . (.Windows (R) Win 7 DDK provider - Toshiba Hotkey Driver.) -- C:\Windows\System32\Drivers\Thotkey.sys [27024]
~ Drivers: 38 Legitimates Filtered in 00mn 00s



---\\ Last modified or created user files (O61)
O61 - LFC: 02.04.2015 - 13:04:26 ---A- . (...) -- C:\Users\Ana\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
O61 - LFC: 02.04.2015 - 13:04:26 ---A- . (...) -- C:\Users\Ana\AppData\Local\Microsoft\Windows\INetCache\IE\TNN57PAA\urlblockindex[1].bin [16]
O61 - LFC: 26.03.2015 - 13:04:26 ---A- . (.Google.) -- C:\Users\Ana\AppData\Local\Google\Chrome\User Data\SwReporter\2.16.3\software_reporter_tool.exe [560456]
~ 608 Fichiers temporaires (Temporary files)
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Random Export Key (REK) (O91)
[HKLM\Software\bb45c7e9-73e0-e3ff-7bf9-e05a364e3036] => Clé orpheline => Clé orpheline => Clé orpheline => Clé orpheline
~ Export Key Software: Scanned in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 04.02.2015 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 05.01.2015 107912 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 05.01.2015 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12.01.2015 114800 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 02.01.2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 28.03.2012 140456 | (IJPLMSVC) . (...) - C:\Program Files\Canon\IJPLM\IJPLMSVC.exe
SR - | Demand 04.02.2015 22200 | (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe
SR - | Demand 22.08.2013 31552 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 15s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Ana at 02.04.2015 13:05:03
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys halmacpi.dll storahci.sys
1 nt!IofCallDriver[0x81ADD4BC] >> \Device\Harddisk0\DR0[0x891F9030]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Ana at 02.04.2015 13:05:05
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (29.03.2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\Software\WordProser_1.10.0.6] =>PUP.WordProser^
[HKLM\Software\bb45c7e9-73e0-e3ff-7bf9-e05a364e3036] =>PUP.CrossRider^
~ Additionnel Scan: 183274 Items scanned in 00mn 20s



---\\ Additional information about modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Start,Search,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Auto loading programs from Registry and folders (O4)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Summary of the detections found on your workstation
http://www.nicolascoolman.fr/blog/ =>Adware.Abengine
http://nicolascoolman.fr/hijacker-omigaplus =>Hijacker.OmigaPlus
http://www.nicolascoolman.fr/blog/ =>PUP.WordProser
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
Clé orpheline => Clé orpheline => Clé orpheline => Clé orpheline
~ MSI: 6 link(s) detected in 00mn 00s



~ 524 Legitimates filtered by white list
End of the scan (366 lines in 01mn 23s)(0.6)

Publicité


Signaler le contenu de ce document

Publicité