cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.4.17.39 - Nicolas Coolman (17/04/2015)
~ Lancé par EthnoRado (21/04/2015 11:43:31)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17691
MFIE: Mozilla Firefox 37.0.1 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
McAfee Internet Security Suite v13.6.1529
Windows Defender W7 (Deactivate)

---\\ Logiciels d'optimisation du système
CCleaner v4.19

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI
Adobe Reader 9.1 MUI

---\\ Informations sur le système
~ Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 3066 MB (73% free)
System Restore: Activé (Enable)
System drive C: has 139 GB (30%) free of 452 GB

---\\ Mode de connexion au système
~ Computer Name: ETHNORADO-PC
~ User Name: EthnoRado
~ All Users Names: HomeGroupUser$, EthnoRado, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\EthnoRado\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\EthnoRado\AppData\Roaming\
~ %Desktop% : C:\Users\EthnoRado\Desktop\
~ %Favorites% : C:\Users\EthnoRado\Favorites\
~ %LocalAppData% : C:\Users\EthnoRado\AppData\Local\
~ %StartMenu% : C:\Users\EthnoRado\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 139 Go of 452 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.36F99BD8A0F09BDBB7850A138845A014] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/02/2015 - 02:28:25.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/59
~ Mes musiques (My Musics) : 1/645
~ Mes Videos (My Videos) : 1/8
~ Mes Favoris (My Favorites) : 1/31
~ Mes Documents (My Documents) : 1/1335
~ Mon Bureau (My Desktop) : 1/10881
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 14s



---\\ Processus lancés
[MD5.BB69268B5F4277A1CFC36A237E27FD87] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.1648]
[MD5.62A3B7A12578B3B595253342B982BDA7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8198144] [PID.2300]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\EthnoRado\AppData\Roaming\Mozilla\Firefox\Profiles\n4xcwlqp.default\prefs.js
C:\Users\EthnoRado\AppData\Roaming\Mozilla\Firefox\Profiles\n4xcwlqp.default\user.js
M3 - MFPP: Plugins - [EthnoRado] -- C:\Users\EthnoRado\AppData\Roaming\Mozilla\Firefox\Profiles\n4xcwlqp.default\searchplugins\Ask.xml
M3 - MFPP: Plugins - [EthnoRado] -- C:\Users\EthnoRado\AppData\Roaming\Mozilla\Firefox\Profiles\n4xcwlqp.default\searchplugins\Binkiland.xml =>PUP.Binkiland
M2 - MFEP: prefs.js [EthnoRado - n4xcwlqp.default\battlefieldplay4free@ea.com] [] Battlefield Play4Free v1.0.96.0 (..)
M2 - MFEP: Extension [EthnoRado - n4xcwlqp.default] {f318d533-127c-4630-af87-2d2b706e5282}.xpi
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com =>Hijacker.Qone8
~ IE Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (23)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: McAfee Phishing Filter [64Bits] - {27B4851A-3207-45A2-B947-BE8AFE6163AB} . (...) -- C:\Program Files\mcafee\msk\mskapbho.dll
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll =>PUP.SupTab
O2 - BHO: SupraSavings [64Bits] - {ca3eae2b-3b20-2e6f-a849-c126d93b6ad3} . (...) -- C:\Program Files\88B73655-05CA-442E-8ABF-97FD96D79AC9\xkymsyyrfh.dll =>PUP.SupraSavings
~ BHO: 8 Legitimates Filtered in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\QuickLaunch [EthnoRado]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\QuickLaunch [EthnoRado]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\EthnoRado\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [EthnoRado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\SystemTools [EthnoRado]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\Desktop [EthnoRado]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\EthnoRado\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 6 Legitimates Filtered in 00mn 04s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [mwlDaemon] . (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKCU\..\Run: [ultracopier] . (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files (x86)\Supercopier\supercopier.exe
O4 - HKCU\..\RunOnce: [Binkiland] . (...) -- C:\Users\EthnoRado\AppData\Roaming\Binkiland\UpdateProc\bkup.dat =>PUP.Binkiland
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisTecPMMUpdate] . (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [Norton Online Backup] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe =>.Symantec Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Microsoft Default Manager] . (.Microsoft Corporation - Microsoft Default Manager.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee.) -- C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [Binkiland] . (...) -- C:\Users\EthnoRado\AppData\Roaming\Binkiland\UpdateProc\bkup.dat =>PUP.Binkiland
O4 - HKLM\..\Wow6432Node\RunOnce: [Litireg] . (...) -- C:\Users\EthnoRado\AppData\Local\41b7ab147d752b68\Neto.dat
O4 - HKUS\.DEFAULT\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKUS\S-1-5-18\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-952171041-2760316883-3006842960-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKUS\S-1-5-21-952171041-2760316883-3006842960-1001\..\Run: [ultracopier] . (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files (x86)\Supercopier\supercopier.exe
O4 - HKUS\S-1-5-21-952171041-2760316883-3006842960-1001\..\RunOnce: [Binkiland] . (...) -- C:\Users\EthnoRado\AppData\Roaming\Binkiland\UpdateProc\bkup.dat =>PUP.Binkiland
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{49DC6264-F558-4018-9B0F-B00DAE8AE093}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{81FD30BC-636C-477C-9E95-818B16409349}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{49DC6264-F558-4018-9B0F-B00DAE8AE093}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{49DC6264-F558-4018-9B0F-B00DAE8AE093}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{81FD30BC-636C-477C-9E95-818B16409349}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{49DC6264-F558-4018-9B0F-B00DAE8AE093}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{49DC6264-F558-4018-9B0F-B00DAE8AE093}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{81FD30BC-636C-477C-9E95-818B16409349}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{49DC6264-F558-4018-9B0F-B00DAE8AE093}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: CouponarificService64 (CouponarificService64) . (...) - C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe =>PUP.CouponArific
O23 - Service: nuttkoqiez64 (nuttkoqiez64) . (...) - C:\Program Files\003\nuttkoqiez64.exe =>Adware.AdPeak
O23 - Service: SupraSavingsService64 (SupraSavingsService64) . (...) - C:\Program Files (x86)\88B73655-05CA-442E-8ABF-97FD96D79AC9\SupraSavingsService64.exe =>PUP.SupraSavings
~ Services: 25 Legitimates Filtered in 00mn 05s



---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\Tasks\Binkiland.job [306] =>Hijacker.iHaveNet
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Binkiland [306] =>PUP.Binkiland
O39 - APT: - (..) -- C:\Windows\Tasks\DriverToolkit Autorun.job [366] =>PUP.DriverToolkit
O39 - APT: - (..) -- C:\Windows\System32\Tasks\DriverToolkit Autorun [366] =>PUP.DriverToolkit
~ Scheduled Task: 3 Legitimates Filtered in 00mn 00s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (netfilter64) . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\netfilter64.sys
~ Drivers: 72 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Supra Savings - (.SupraSavings.) [HKLM][64Bits] -- Supra Savings =>PUP.SupraSavings
O42 - Logiciel: WSE_Binkiland - (.WSE_Binkiland.) [HKLM][64Bits] -- WSE_Binkiland =>PUP.Binkiland
~ Logic: 28 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1ClickDownload]
[HKCU\Software\Binkiland Browser] =>PUP.Binkiland
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\wse_binkiland] =>PUP.Binkiland
[HKLM\Software\0892CCEA-3029-46F2-BD98-F3177431F5F8] =>PUP.CrossRider
[HKLM\Software\88B73655-05CA-442E-8ABF-97FD96D79AC9] =>PUP.CrossRider
[HKLM\Software\Coupon Downloader] =>PUP.CouponDownloader
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher
[HKLM\Software\SupraSavings ] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\DealPlyLive] =>PUP.DealPly
[HKLM\Software\Wow6432Node\StrongSignal] =>PUP.StrongSignal
[HKLM\Software\Wow6432Node\SupraSavings] =>PUP.SupraSavings
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\couponarific] =>PUP.CouponArific
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
[HKLM\Software\couponarific] =>PUP.CouponArific
[HKLM\Software\suprasavings] =>PUP.SupraSavings
~ Key Software: 289 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/12/2014 - 00:04:09 - [] ----D C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8
O43 - CFD: 18/03/2015 - 02:15:29 - [] ----D C:\Program Files (x86)\88B73655-05CA-442E-8ABF-97FD96D79AC9
O43 - CFD: 28/04/2014 - 09:17:07 - [] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 14/02/2015 - 19:50:28 - [] ----D C:\Program Files (x86)\WSE_Binkiland =>PUP.Binkiland
O43 - CFD: 12/04/2014 - 14:22:43 - [0] ----D C:\ProgramData\BitGuard =>PUP.BitGuard
O43 - CFD: 12/04/2014 - 14:22:43 - [0] ----D C:\ProgramData\Browser Manager
O43 - CFD: 12/04/2014 - 14:22:43 - [0] ----D C:\ProgramData\BrowserProtect =>Hijacker.Eazel
O43 - CFD: 28/04/2014 - 09:17:19 - [] ----D C:\ProgramData\IePluginService =>PUP.IePluginService
O43 - CFD: 29/04/2014 - 10:12:52 - [] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 14/02/2015 - 19:50:06 - [] ----D C:\ProgramData\{5481BC42-0403-6DC4-B585-1D466507CEC8}
O43 - CFD: 14/07/2009 - 09:44:38 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 14/02/2015 - 19:50:34 - [] ----D C:\Users\EthnoRado\AppData\Roaming\Binkiland =>PUP.Binkiland
O43 - CFD: 28/04/2014 - 09:16:59 - [] ----D C:\Users\EthnoRado\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 01/04/2015 - 00:50:07 - [] --H-D C:\Users\EthnoRado\AppData\Local\41b7ab147d752b68
~ Program Folder: 228 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.FC2C65FD2524219A4D46972B53C207B8] - 21/04/2015 - 10:21:39 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [18736]
O44 - LFC:[MD5.FC2C65FD2524219A4D46972B53C207B8] - 21/04/2015 - 10:21:39 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [18736]
O44 - LFC:[MD5.5D379475C547993FAF579AB135AD0553] - 21/04/2015 - 10:37:54 ---A- . (...) -- C:\Windows\ntbtlog.txt [65410]
~ Files: 12 Legitimates Filtered in 00mn 14s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browsemngr.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsermngr.exe - tasklist.exe =>PUP.Babylon
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - bundlesweetimsetup.exe - tasklist.exe =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - cltmngsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - delta babylon.exe - tasklist.exe =>PUP.Babylon
O50 - IFEO:Image File Execution Options - delta tb.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - delta2.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltainstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltasetup.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltatb.exe - tasklist.exe =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - deltatb_2501-c733154b.exe - tasklist.exe =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe =>Trojan.Staser
O50 - IFEO:Image File Execution Options - iminentsetup.exe - tasklist.exe =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - jumpflip - tasklist.exe =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - rjatydimofu.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchinstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe =>PUP.SearchProtect
O50 - IFEO:Image File Execution Options - searchsettings.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - searchsettings64.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - sweetimsetup.exe - tasklist.exe =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - tbdelta.exetoolbar783881609.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - umbrella.exe - tasklist.exe =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - volaro - tasklist.exe =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - vonteera - tasklist.exe =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - websteroids.exe - tasklist.exe =>PUP.TubeDimmer
O50 - IFEO:Image File Execution Options - websteroidsservice.exe - tasklist.exe =>PUP.TubeDimmer
~ IFEO: Scanned in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{c104384e-b57f-11e3-98d9-1c7508440d29}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:05/03/2014 - 16:49:38 ---A- . (.© Guillemot R&D, 2014. All rights reserved. - DJ Series ASIO kernel driver.) -- C:\Windows\System32\Drivers\HDJAsioK.sys [323376]
O58 - SDL:05/03/2014 - 16:49:36 ---A- . (.© Guillemot R&D, 2014. All rights reserved. - DJ Series Bulk driver.) -- C:\Windows\System32\Drivers\HDJBulk.sys [296240]
O58 - SDL:05/03/2014 - 16:49:36 ---A- . (.© Guillemot R&D, 2014. All rights reserved. - Hercules DJ Control MP3 Filter Driver.) -- C:\Windows\System32\Drivers\HDJCtrl.sys [38704]
O58 - SDL:05/03/2014 - 16:49:34 ---A- . (.© Guillemot R&D, 2014. All rights reserved. - DJ Series MIDI kernel driver.) -- C:\Windows\System32\Drivers\HDJMidi.sys [276272]
O58 - SDL:19/11/2014 - 16:38:44 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter64.sys [41168]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:18/03/2013 - 15:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 77 Legitimates Filtered in 00mn 08s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 19/11/2014 - C:\Windows\System32\drivers\netfilter64.sys (netfilter64) .(.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - LEGACY_NETFILTER64
~ Legacy: 93 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} - (qone8) - http://www.qone8.com =>Hijacker.Qone8
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (Binkiland) - http://binkiland.com =>PUP.Binkiland
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.0D3B680986310AE5540578C0E481C6A0] [SPRF][03/03/2010] (...) -- C:\ProgramData\FullRemove.exe [131984]
[MD5.92CEA311D5C052B1583E89E86333E6AA] [SPRF][14/01/2015] (...) -- C:\ProgramData\yjCf5X.dat [112]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{578E99F9-A7E5-40C9-A26D-C43E0C3C4CCA}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\EthnoRado\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{86B5ADC9-FC7E-4801-875C-9BD496DF4919}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\EthnoRado\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 02s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32 =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS =>Hijacker.TornTV
~ BTK: 132 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 15/04/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/11/2014 244736 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Auto 20/11/2014 344064 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
SS - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 19/11/2014 186368 | (CouponarificService64) . (...) - C:\Program Files (x86)\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv64.exe =>PUP.CouponArific
SS - | Auto 10/08/2010 321104 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SS - | Auto 11/06/2010 868896 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SS - | Demand 23/03/2014 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 08/01/2010 23584 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SS - | Demand 12/08/2014 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 31/10/2014 335064 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SS - | Disabled 22/07/1658 705136 | (IePluginService) . (...) - C:\ProgramData\IePluginService\PluginService.exe =>PUP.IePluginService
SS - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 21/11/2014 422632 | (mccspsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
SS - | Auto 31/10/2014 335064 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SS - | Demand 07/01/2015 601864 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe
SS - | Disabled 10/03/2010 355440 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
SS - | Auto 31/10/2014 335064 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SS - | Demand 07/04/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 31/10/2014 335064 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SS - | Demand 27/05/2010 305520 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
SS - | Auto 02/06/2010 2804568 | (NOBU) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe =>.Symantec Corporation
SS - | Auto 29/06/2010 255744 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
SS - | Auto 28/04/2014 706560 | (nuttkoqiez64) . (...) - C:\Program Files\003\nuttkoqiez64.exe =>Adware.AdPeak
SS - | Auto 01/07/2014 172544 | (SupraSavingsService64) . (...) - C:\Program Files (x86)\88B73655-05CA-442E-8ABF-97FD96D79AC9\SupraSavingsService64.exe =>PUP.SupraSavings
SS - | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/01/2015 562200 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 31/10/2014 335064 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 31/10/2014 335064 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 14/04/2011 200056 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
SR - | Auto 06/11/2014 1050952 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 01/10/2014 221832 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 01/10/2014 189920 | (mfevtp) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
~ Services: Scanned in 00mn 17s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (17/04/2015)
Clés trouvées (Keys found) : 14
Valeurs trouvées (Values found) : 8
Dossiers trouvés (Folders found) : 9
Fichiers trouvés (Files found) : 20

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA3EAE2B-3B20-2E6F-A849-C126D93B6AD3}] =>PUP.SupraSavings^
[HKLM\SYSTEM\CurrentControlSet\Services\CouponarificService64] =>PUP.CouponArific^
[HKLM\SYSTEM\CurrentControlSet\Services\nuttkoqiez64] =>Adware.AdPeak^
[HKLM\SYSTEM\CurrentControlSet\Services\SupraSavingsService64] =>PUP.SupraSavings^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Supra Savings] =>PUP.SupraSavings^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Binkiland] =>PUP.Binkiland^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] =>Adware.Bandoo
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:Binkiland =>PUP.Binkiland^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:Binkiland =>PUP.Binkiland^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\Program Files (x86)\WSE_Binkiland =>PUP.Binkiland^
C:\ProgramData\BitGuard =>PUP.BitGuard^
C:\ProgramData\BrowserProtect =>Hijacker.Eazel^
C:\ProgramData\IePluginService =>PUP.IePluginService^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\EthnoRado\AppData\Roaming\Binkiland =>PUP.Binkiland^
C:\Users\EthnoRado\AppData\Roaming\SupTab =>PUP.SupTab^
C:\ProgramData\Browser Manager =>PUP.Babylon
C:\Windows\Tasks\Binkiland.job =>Hijacker.iHaveNet^
C:\Windows\System32\Tasks\Binkiland =>PUP.Binkiland^
C:\Windows\Tasks\DriverToolkit Autorun.job =>PUP.DriverToolkit^
C:\Windows\System32\Tasks\DriverToolkit Autorun =>PUP.DriverToolkit^
[HKCU\Software\Binkiland Browser] =>PUP.Binkiland^
[HKCU\Software\wse_binkiland] =>PUP.Binkiland^
[HKLM\Software\0892CCEA-3029-46F2-BD98-F3177431F5F8] =>PUP.CrossRider^
[HKLM\Software\88B73655-05CA-442E-8ABF-97FD96D79AC9] =>PUP.CrossRider^
[HKLM\Software\Coupon Downloader] =>PUP.CouponDownloader^
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^
[HKLM\Software\SupraSavings ] =>PUP.SupraSavings^
[HKLM\Software\Wow6432Node\DealPlyLive] =>PUP.DealPly^
[HKLM\Software\Wow6432Node\StrongSignal] =>PUP.StrongSignal^
[HKLM\Software\Wow6432Node\SupraSavings] =>PUP.SupraSavings^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\couponarific] =>PUP.CouponArific^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
[HKLM\Software\couponarific] =>PUP.CouponArific^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
~ Additionnel Scan: 275755 Items scanned in 00mn 37s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>PUP.Binkiland
http://nicolascoolman.fr/hijacker-qone8 =>Hijacker.Qone8
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/pup-suprasavings =>PUP.SupraSavings
http://www.nicolascoolman.fr/blog/ =>PUP.CouponArific
http://nicolascoolman.fr/26601441-adware-adpeak =>Adware.AdPeak
http://nicolascoolman.fr/hijacker-ihavenet =>Hijacker.iHaveNet
http://www.nicolascoolman.fr/blog/ =>PUP.DriverToolkit
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://www.nicolascoolman.fr/blog/ =>PUP.CouponDownloader
http://www.nicolascoolman.fr/blog/ =>PUP.LevelQualityWatcher
http://nicolascoolman.fr/pup-dealply =>PUP.DealPly
http://www.nicolascoolman.fr/blog/ =>PUP.StrongSignal
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/pup-bitguard =>PUP.BitGuard
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://www.nicolascoolman.fr/blog/ =>PUP.IePluginService
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://nicolascoolman.fr/pup-browsersafeguard =>PUP.BrowserSafeguard
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.fr/trojan-staser =>Trojan.Staser
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/pup-jumpflip =>PUP.JumpFlip
http://nicolascoolman.fr/spyware-protectedsearch =>Spyware.ProtectedSearch
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://nicolascoolman.fr/adware-searchsettings =>Adware.SearchSettings
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/trojan-vonteera =>Trojan.Vonteera
http://nicolascoolman.fr/pup-tubedimmer =>PUP.TubeDimmer
http://nicolascoolman.fr/hijacker-torntv =>Hijacker.TornTV
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/pup-1clickdownloader =>PUP.1ClickDownloader
~ MSI: 36 link(s) detected in 00mn 00s



~ 851 Legitimates filtered by white list
End of the scan (599 lines in 02mn 09s)(0.6)

Publicité


Signaler le contenu de ce document

Publicité