cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.12.27.179 - Nicolas Coolman (27/12/2014)
~ Lancé par SALS (26/05/2015 11:07:20)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16518 (Defaut)
GCIE: Google Chrome v43.0.2357.81

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1 Pro, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, VOLUME_KMSCLIENT channel
Windows ID Activation : OK
~ Windows Partial Key : 9D6T9
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
AVG 2015 v15.0.4354
Windows Defender W8 (Deactivate)

---\\ Logiciels d'optimisation du système
CCleaner v5.0

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4086 MB (35% free)
System Restore: Activé (Enable)
System drive C: has 42 GB (53%) free of 78 GB

---\\ Mode de connexion au système
~ Computer Name: LEDIOCONDOR
~ User Name: SALS
~ All Users Names: SALS, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\SALS\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\SALS\AppData\Roaming\
~ %Desktop% : C:\Users\SALS\Desktop\
~ %Favorites% : C:\Users\SALS\Favorites\
~ %LocalAppData% : C:\Users\SALS\AppData\Local\
~ %StartMenu% : C:\Users\SALS\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 42 Go of 78 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 38 Go of 70 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.22/10/2013 - 07:55:27.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 09:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/02/2014 - 09:24:52.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 09:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 08:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 13:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 12:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 11:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 08:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 11:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 11:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 11:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 12:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.23/11/2013 - 07:08:19.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 11:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.725EF69B2DBEB7B33280019A556201BC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10/03/2014 - 10:35:58.) -- C:\Windows\system32\Drivers\ntfs.sys [2008408]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 11:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 11:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 - 04:02:45.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 13:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.C85C075DE5B6D0FE116043054DE8EE02] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.31/01/2014 - 16:15:23.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/11
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 1/22
~ Mon Bureau (My Desktop) : 1/32
~ Menu demarrer (Programs) : 1/74
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.3DB6B5FCBF08382397564F2445C8274B] - (.IObit - Performance Monitor.) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\Monitor.exe [1757472] [PID.3704]
[MD5.1F5EF56125100935CF715A6C89BD4F51] - (.IObit - Pas de description.) -- C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe [2186528] [PID.3928]
[MD5.11B8EEDE0FD07D94B9DA4F6ADCA6B808] - (.Innovative Solutions - Daily Health Check.) -- C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [7786912] [PID.3376]
[MD5.606F08CEF10DBBF70057C8EEB28486F7] - (.FSPro Labs - My Lockbox.) -- C:\Program Files\My Lockbox\mylbx.exe [2308872] [PID.4376]
[MD5.F5A0554F655C566EB946841E6E7AE061] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280] [PID.4512]
[MD5.39DCA7506C56288DFA6CC243A0802A2D] - (...) -- C:\Users\SALS\AppData\Roaming\cacaoweb\cacaoweb.exe [504112] [PID.4580] =>PUP.CacaoWeb
[MD5.CE4D7AAD4352D9B3618473612DC700FF] - (.IObit - Advanced SystemCare Ultimate Tray.) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCTray.exe [2596128] [PID.4632]
[MD5.C32B4233767C2E854E8BEBB614A52DBC] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3587664] [PID.4852]
[MD5.A1D2D4B24D82CBB5F089D8697DF6E07D] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744] [PID.4968]
[MD5.5110C1C1FB6F35490D04A01E29F07959] - (.PowerISO Computing, Inc. - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe [307200] [PID.4980]
[MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [268248] [PID.5016]
[MD5.3CE9FEB384F42AE9A484347B6AFFE93F] - (.Spigot, Inc. - Search Settings.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1445360] [PID.5024] =>PUP.Dealio
[MD5.64093FC9034F0679D5E1F3875856FA7A] - (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112] [PID.4384]
[MD5.E1D499C501DC2E1F8B451F1A43BFABED] - (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\SysWOW64\msiexec.exe [55808] [PID.4152]
[MD5.91E41689E06FF48B029E877E2AD0E638] - (.AVG Secure Search - avgcefrend.) -- C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe [1402392] [PID.5652] =>Toolbar.AVGSearch
[MD5.25B52A50FAB4B52B3F4F2A48AE75E5F7] - (.Torch Media Inc. - Torch.) -- C:\Users\SALS\AppData\Local\Torch\Application\torch.exe [844296] [PID.6124]
[MD5.EBD6007C6DC27FB3CB063F3931752F6C] - (.Torch Media Inc. - Torch Update Module.) -- C:\Users\SALS\AppData\Local\Torch\Update\39.0.0.9626\TorchUpdate.exe [1122816] [PID.3600]
[MD5.E47AC731D42B2452D4C0BF096DF3DD6E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8145408] [PID.7192]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\SALS\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Search
R3 - URLSearchHook: IObit Apps Toolbar [64Bits] - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) (11, 3, 0, 1) -- C:\Program Files (x86)\IObit Apps Toolbar\IE\11.3\iobitappsToolbarIE.dll =>PUP.Dealio
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IObit Apps Toolbar [64Bits] - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) -- C:\Program Files (x86)\IObit Apps Toolbar\IE\11.3\iobitappsToolbarIE.dll =>PUP.Dealio
O2 - BHO: PasswordBox Helper [64Bits] - {5DB69B97-934B-451D-94DB-32EF802A01CD} . (.PasswordBox, Inc. - Password Manager.) -- C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
O2 - BHO: AVG Web TuneUp [64Bits] - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG - AVG Web TuneUp.dll.) -- C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll
O2 - BHO: Ads Removal [64Bits] - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} . (.Adblock - Helps you remove browser ads!.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
~ BHO: 34 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: IObit Apps Toolbar - [HKLM]{03EB0E9C-7A91-4381-A220-9B52B641CDB1} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) -- C:\Program Files (x86)\IObit Apps Toolbar\IE\11.3\iobitappsToolbarIE64.dll =>PUP.Dealio
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [mylbx] . (.FSPro Labs - My Lockbox.) -- C:\Program Files\My Lockbox\mylbx.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\SALS\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O4 - HKCU\..\Run: [Advanced SystemCare Ultimate] . (.IObit - Advanced SystemCare Ultimate Tray.) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCTray.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.PowerISO Computing, Inc. - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Wow6432Node\Run: [SearchSettings] . (.Spigot, Inc. - Search Settings.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe =>PUP.Dealio
O4 - HKLM\..\Wow6432Node\Run: [vProt] . (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
O4 - HKLM\..\Wow6432Node\Run: [IObit Malware Fighter] . (.IObit - IObit Malware Fighter.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
O4 - HKUS\S-1-5-21-2296688778-3092985683-382991106-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2296688778-3092985683-382991106-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKUS\S-1-5-21-2296688778-3092985683-382991106-1001\..\Run: [cacaoweb] . (...) -- C:\Users\SALS\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O4 - HKUS\S-1-5-21-2296688778-3092985683-382991106-1001\..\Run: [Advanced SystemCare Ultimate] . (.IObit - Advanced SystemCare Ultimate Tray.) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCTray.exe
O4 - HKUS\S-1-5-21-2296688778-3092985683-382991106-1001\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2296688778-3092985683-382991106-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Cliquer pour appeler Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2772F0FD-48EC-498B-B1B7-C16A98F0716A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2772F0FD-48EC-498B-B1B7-C16A98F0716A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Application Updater (Application Updater) . (.Spigot, Inc. - Application Updater.) - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe =>PUP.Dealio
O23 - Service: PasswordBox (PasswordBox) . (.PasswordBox, Inc. - PasswordBox Service.) - C:\Program Files (x86)\PasswordBox\pbbtnService.exe
O23 - Service: Torch Crash Handler (TorchCrashHandler) . (.TorchMedia Inc. - TorchCrashHandler.) - C:\Users\SALS\AppData\Local\Torch\Update\TorchCrashHandler.exe
O23 - Service: (vToolbarUpdater18.4.0) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
O23 - Service: WtuSystemSupport (WtuSystemSupport) . (...) - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
~ Services: 17 Legitimates Filtered in 00mn 32s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [AutoPico Daily Restart] (...) -- C:\Program Files\KMSpico\AutoPico.exe (.not file.) [0] =>PUP.KMSpico
O39 - APT: - (..) -- C:\Windows\Tasks\ASCU8_SkipUac_SALS.job [282]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ASCU8_SkipUac_SALS [282]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1096]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1100]
O39 - APT: - (..) -- C:\Windows\Tasks\Health-Check-auto.job [364]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Health-Check-auto [364]
O39 - APT: APT: - (..) -- C:\Windows\Tasks\Health-Check-auto.job [364] - (..) -- C:\Windows\Tasks\Health-Check.job [358]
O39 - APT: APT: - (..) -- C:\Windows\System32\Tasks\Health-Check-auto [364] - (..) -- C:\Windows\System32\Tasks\Health-Check [358]
O39 - APT: - (..) -- C:\Windows\Tasks\Uninstaller_SkipUac_SALS.job [300]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Uninstaller_SkipUac_SALS [300]
~ Scheduled Task: 44 Legitimates Filtered in 00mn 05s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (HWiNFO32) . (.REALiX(tm) - HWiNFO AMD64 Kernel Driver.) - C:\Windows\sysWOW64\drivers\HWiNFO64A.sys
~ Drivers: 44 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: KMSpico v9.0.5.20131112 - (...) [HKLM][64Bits] -- KMSpico_is1 =>PUP.KMSpico
O42 - Logiciel: My Lockbox 3.2 - (...) [HKLM][64Bits] -- My Lockbox_is1
O42 - Logiciel: PasswordBox - (.PasswordBox, Inc..) [HKLM][64Bits] -- PasswordBox
~ Logic: 24 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Search Settings] =>Adware.SearchSettings
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKLM\Software\Wow6432Node\ADSRemoval]
[HKLM\Software\Wow6432Node\Search Settings] =>Adware.SearchSettings
~ Key Software: 241 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/05/2015 - 02:54:37 - [] ----D C:\Program Files (x86)\PasswordBox
O43 - CFD: 21/05/2015 - 09:17:32 - [] ----D C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio
O43 - CFD: 26/05/2015 - 01:13:08 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 26/05/2015 - 08:56:12 - [] ----D C:\ProgramData\TorchCrashHandler
O43 - CFD: 21/05/2015 - 10:08:38 - [] ----D C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}
O43 - CFD: 18/05/2015 - 23:29:32 - [0] ----D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
O43 - CFD: 21/05/2015 - 10:08:41 - [] ----D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
O43 - CFD: 22/05/2015 - 14:57:10 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ KillDisk 9.2
O43 - CFD: 21/05/2015 - 08:47:56 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
O43 - CFD: 22/05/2015 - 08:33:18 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
O43 - CFD: 20/05/2015 - 22:23:25 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUP.KMSpico
O43 - CFD: 30/09/2013 - 04:03:03 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 26/05/2015 - 10:50:45 - [] ----D C:\Users\SALS\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 21/05/2015 - 09:21:51 - [] ----D C:\Users\SALS\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 21/05/2015 - 09:42:55 - [] ----D C:\Users\SALS\AppData\Roaming\ProductData
O43 - CFD: 21/05/2015 - 08:04:41 - [] ----D C:\Users\SALS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Lockbox
~ Program Folder: 170 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.4953BDE5420DDC78F4241761ACA45300] - 20/05/2015 - 07:41:32 ---A- . (...) -- C:\.rnd [1024]
O44 - LFC:[MD5.DAA6AAD525D12F8985695B882301336F] - 20/05/2015 - 22:10:11 ---A- . (...) -- C:\Windows\win.ini [167]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/05/2015 - 22:35:08 ---A- . (...) -- C:\Recovery.txt [0]
O44 - LFC:[MD5.F2CF417EF502555B139EDCD9FEBF9CD3] - 22/05/2015 - 08:56:49 ---A- . (...) -- C:\Windows\System32\AcpiServiceVnA64.dll [109848]
O44 - LFC:[MD5.8113D6E1884940FC3F9DED886B364A1E] - 22/05/2015 - 08:56:49 ---A- . (...) -- C:\Windows\System32\audioLibVc.dll [96568]
O44 - LFC:[MD5.B9178219A1B69431A12ED114B409E8C9] - 22/05/2015 - 08:56:52 ---A- . (.ICEpower a/s - ICEpower ICEsound audio effects.) -- C:\Windows\System32\ICEsoundAPO64.dll [328816]
O44 - LFC:[MD5.A54940F72EA866484984D2EA8FF4CC7D] - 22/05/2015 - 08:56:57 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [2014958]
O44 - LFC:[MD5.7D7FBC9504575D97885A858EA93684F5] - 22/05/2015 - 08:56:59 ---A- . (...) -- C:\Windows\System32\Drivers\rtvienna.dat [5804772]
O44 - LFC:[MD5.A6FD59F334514F0D96070578E4C451E1] - 22/05/2015 - 08:56:59 ---A- . (.Sound Research, Corp. - SEAPO.DLL.) -- C:\Windows\System32\SEAPO64.dll [435344]
O44 - LFC:[MD5.EABBBC2C130403FD3F8509E91CECC9FF] - 22/05/2015 - 08:56:59 ---A- . (.Sound Research, Corp. - SECOMN.DLL.) -- C:\Windows\System32\SECOMN64.dll [654480]
O44 - LFC:[MD5.5D7209D7BD135CA5E335A156A97C03BE] - 22/05/2015 - 08:56:59 ---A- . (.Sound Research, Corp. - SEHDRA.DLL.) -- C:\Windows\System32\SEHDRA64.dll [837776]
O44 - LFC:[MD5.110BE5198A63D3FF3CE9C30F1DC12EC3] - 22/05/2015 - 15:20:27 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386722]
O44 - LFC:[MD5.2100B28C34C4FCE916A4A61F58E31198] - 23/05/2015 - 15:16:53 ---A- . (...) -- C:\Windows\System32\connectedsearch-results.searchconnector-ms [9701]
~ Files: 342 Legitimates Filtered in 00mn 05s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.095EC1B9E18583531363280F0FA127A8] - 21/05/2015 - 09:10:20 ---A- - C:\Windows\Prefetch\IMF_FREESOFTWAREDOWNLOADER.EX-939F5599.pf =>PUP.SoftwareEngine
O45 - LFCP:[MD5.E2491F0E58F50C5409843AB510249B19] - 21/05/2015 - 14:54:24 ---A- - C:\Windows\Prefetch\PASSWORDBOX_SETUP_SOFTONIC_CP-3A016B71.pf =>Toolbar.Conduit
O45 - LFCP:[MD5.CA4F90D84F026D95FD64297E054B160D] - 25/05/2015 - 18:41:20 ---A- - C:\Windows\Prefetch\SEARCHSETTINGS.EXE-EA872291.pf =>Adware.SearchSettings
O45 - LFCP:[MD5.B6E3188037A419D339367CDE3B948DFB] - 25/05/2015 - 18:41:21 ---A- - C:\Windows\Prefetch\SEARCHSETTINGS64.EXE-5CC15363.pf =>Adware.SearchSettings
O45 - LFCP:[MD5.9D82049E5A7852866E595ABD564BB425] - 25/05/2015 - 21:16:25 ---A- - C:\Windows\Prefetch\SUC12_DISKCLEANER.EXE-AB032239.pf =>Rogue.DiskCleaner
~ Prefetcher: 5 Legitimates Filtered in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:12/08/2013 - 23:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:25/05/2013 - 15:00:14 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [168288]
O58 - SDL:15/06/2011 - 08:30:46 ---A- . (.PowerISO Computing, Inc. - PowerISO Virtual Drive.) -- C:\Windows\System32\Drivers\scdemu.sys [93240]
O58 - SDL:25/04/2007 - 11:34:12 ---A- . (.SMSC - SMSC Fast Infrared Driver.) -- C:\Windows\System32\Drivers\smscir64.sys [37760]
O58 - SDL:22/08/2013 - 12:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:22/08/2013 - 12:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
O58 - SDL:21/05/2015 - 08:22:58 ---A- . (.REALiX(tm) - HWiNFO AMD64 Kernel Driver.) -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528]
~ Drivers: 53 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 21/05/2015 - 11:08:28 ---A- . (...) -- C:\Users\SALS\AppData\Local\Microsoft\Windows\1036\StructuredQuerySchema.bin [405180]
O61 - LFC: 21/05/2015 - 11:08:28 ---A- . (...) -- C:\Users\SALS\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin [269992]
O61 - LFC: 21/05/2015 - 11:08:28 ---A- . (.Opera Software.) -- C:\Users\SALS\AppData\Local\Microsoft\Windows\INetCache\IE\ADZ840DO\Opera_29.0.1795.60_Setup[1].exe [1313792]
O61 - LFC: 21/05/2015 - 11:08:28 ---A- . (.PasswordBox, Inc..) -- C:\Users\SALS\AppData\Local\Microsoft\Windows\INetCache\IE\KJJCF1UZ\passwordbox[1].exe [5452096]
O61 - LFC: 21/05/2015 - 11:08:59 ---A- . (...) -- C:\Users\SALS\AppData\Roaming\cacaoweb\cacaoweb.exe [504112] =>PUP.CacaoWeb
O61 - LFC: 21/05/2015 - 11:09:00 ---A- . (.OpenCandy.) -- C:\Users\SALS\AppData\Roaming\OpenCandy\976EE7C2E9F44367853838501E0F0A7F\dh119c.exe [197368] =>Adware.OpenCandy
O61 - LFC: 21/05/2015 - 11:09:00 ---A- . (.Opera Software.) -- C:\Users\SALS\AppData\Roaming\OpenCandy\976EE7C2E9F44367853838501E0F0A7F\Opera_NI_stable.exe [683568] =>Adware.OpenCandy
O61 - LFC: 21/05/2015 - 11:09:01 ---A- . (.OpenCandy.) -- C:\Users\SALS\AppData\Roaming\OpenCandy\AA89521791754805AF2D0640F561A45C\dh.exe [198640] =>Adware.OpenCandy
O61 - LFC: 21/05/2015 - 11:09:02 ---A- . (...) -- C:\Users\SALS\AppData\Roaming\OpenCandy\F9BD35213AE245D59957B89311799893\WebCompanionInstaller.exe [0] =>Adware.OpenCandy
O61 - LFC: 21/05/2015 - 11:09:02 ---A- . (.OpenCandy.) -- C:\Users\SALS\AppData\Roaming\OpenCandy\F9BD35213AE245D59957B89311799893\dh119c.exe [197368] =>Adware.OpenCandy
O61 - LFC: 23/05/2015 - 11:08:57 ---A- . (.Torch Media, Inc.) -- C:\Users\SALS\AppData\Local\Torch\Update\Download\TorchSetup.exe [86042576]
O61 - LFC: 24/05/2015 - 11:08:26 ---A- . (...) -- C:\Users\SALS\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
O61 - LFC: 24/05/2015 - 11:08:58 ---A- . (.Tonec Inc..) -- C:\Users\SALS\AppData\Local\Torch\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.14_1\IDMGCExt.dll [98712]
O61 - LFC: 25/05/2015 - 11:09:00 RSHA- . (.Citigroup.) -- C:\Users\SALS\AppData\Roaming\obkmzlyzbc.exe [69128192]
O61 - LFC: 26/05/2015 - 11:09:03 ---A- . (...) -- C:\Users\SALS\Desktop\cacaoweb.exe [504112] =>PUP.CacaoWeb
~ 1020 Fichiers temporaires (Temporary files)
~ Files: 105 Legitimates Filtered in 00mn 38s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {571B872F-8457-4390-A494-2B02E211BBE9} [DefaultScope] - (Yahoo) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://mysearch.avg.com =>Toolbar.AVGSearch
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F7DB247221539D625E55F7B97B5DDDEE] [SPRF][25/05/2015] (.Citigroup - Iron Noon.) -- C:\Users\SALS\AppData\Roaming\obkmzlyzbc.exe [69128192]
[MD5.39DCA7506C56288DFA6CC243A0802A2D] [SPRF][26/05/2015] (...) -- C:\Users\SALS\Desktop\cacaoweb.exe [504112] =>PUP.CacaoWeb
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "01065C783C89E9C45B0D3C7D9CBB8591" . (.IObit Apps Toolbar v11.3.) -- C:\Windows\Installer\{87C56010-98C3-4C9E-B5D0-C3D7C9BB5819}\ARPPRODUCTICON.exe =>PUP.Dealio
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.174DD72CE2B0AA5117E22EE93279C6E8] [WIS][21/05/2015] (.Spigot, Inc. - Widgi Toolbar.) -- C:\Windows\Installer\1210c8.msi [3704320] =>PUP.Dealio
~ WIS: 1 Legitimates Filtered in 00mn 01s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] (IObit Apps Toolbar) =>PUP.Dealio
~ BCK: 5736 Legitimates Filtered in 00mn 13s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 21/05/2015 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/05/2015 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/04/2015 625640 | (Lenovo EasyPlus Hotspot) . (.Lenovo.) - C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe
SS - | Auto 11/12/2014 315496 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 07/03/2015 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 22/11/2014 911648 | (AdvancedSystemCareService8) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCService.exe
SR - | Auto 19/03/2015 812584 | (Application Updater) . (.Spigot, Inc..) - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe =>PUP.Dealio
SR - | Auto 16/03/2015 659232 | (ASCAntivirusSrv) . (.IOBit.) - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ascavsvc.exe
SR - | Auto 18/05/2015 1522664 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
SR - | Auto 18/05/2015 3438544 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
SR - | Auto 18/05/2015 311792 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
SR - | Auto 02/04/2015 878912 | (IMFservice) . (.IObit.) - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
SR - | Auto 26/03/2015 2585376 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SR - | Auto 18/07/2013 762192 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 04/05/2015 180744 | (PasswordBox) . (.PasswordBox, Inc..) - C:\Program Files (x86)\PasswordBox\pbbtnService.exe
SR - | Auto 13/03/2015 1055008 | (StartMenuService) . (.IObit.) - C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
SR - | Auto 02/06/2014 1216520 | (TorchCrashHandler) . (.TorchMedia Inc..) - C:\Users\SALS\AppData\Local\Torch\Update\TorchCrashHandler.exe
SR - | Auto 21/05/2015 1875480 | (vToolbarUpdater18.4.0) . (.AVG Secure Search.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 21/05/2015 620056 | (WtuSystemSupport) . (...) - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
~ Services: Scanned in 00mn 14s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by SALS at 26/05/2015 11:10:54
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by SALS at 26/05/2015 11:10:56
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (27/12/2014)
Clés trouvées (Keys found) : 20
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 10
Fichiers trouvés (Files found) : 6

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] =>PUP.Dealio^
[HKLM\SYSTEM\CurrentControlSet\Services\Application Updater] =>PUP.Dealio^
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.4.0] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1] =>PUP.KMSpico^
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\S] =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Application Updater] =>PUP.Dealio
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\Search Settings] =>PUP.Dealio
[HKCU\Software\AppDataLow\Software\Search Settings] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Search Settings] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9] =>PUP.Dealio
[HKCU\Software\IObit Apps] =>PUP.Dealio
[HKCU\Software\AppDataLow\Software\IObit Apps] =>PUP.Dealio
[HKLM\Software\Wow6432Node\IObit Apps] =>PUP.Dealio
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{03EB0E9C-7A91-4381-A220-9B52B641CDB1} =>PUP.Dealio^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{03EB0E9C-7A91-4381-A220-9B52B641CDB1} =>PUP.Dealio^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:cacaoweb =>PUP.CacaoWeb^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:SearchSettings =>PUP.Dealio^
C:\Program Files (x86)\Common Files\Spigot =>PUP.Dealio^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>PUP.KMSpico^
C:\Users\SALS\AppData\Roaming\cacaoweb =>PUP.CacaoWeb^
C:\Users\SALS\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Program Files (x86)\Application Updater =>PUP.Dealio
C:\Program Files (x86)\IObit Apps Toolbar =>PUP.Dealio
C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch
C:\Users\SALS\AppData\LocalLow\Search Settings =>PUP.Dealio
C:\Users\SALS\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb^
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe =>PUP.Dealio^
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe =>Toolbar.AVGSearch^
C:\Users\SALS\Desktop\cacaoweb.exe =>PUP.CacaoWeb^
C:\Windows\Installer\1210c8.msi =>PUP.Dealio^
[HKCR\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] (IObit Apps Toolbar) =>PUP.Dealio^
~ Additionnel Scan: 232057 Items scanned in 00mn 35s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-cacaoweb =>PUP.CacaoWeb
http://nicolascoolman.fr/pup-dealio =>PUP.Dealio
http://nicolascoolman.fr/pup-kmspico =>PUP.KMSpico
http://nicolascoolman.fr/adware-searchsettings =>Adware.SearchSettings
http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy
http://nicolascoolman.fr/pup-softwareengine =>PUP.SoftwareEngine
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://www.nicolascoolman.fr/blog/ =>Rogue.DiskCleaner
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
~ MSI: 9 link(s) detected in 00mn 00s



~ 1106 Legitimates filtered by white list
End of the scan (556 lines in 04mn 12s)(0)

Publicité


Signaler le contenu de ce document

Publicité