cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.5.25.52 - Nicolas Coolman (25-05-15)
~ Lancé par illyas (29-05-15 18:02:15)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17801 (Defaut)
GCIE: Google Chrome v43.0.2357.81

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows(R) Operating System, VOLUME_KMSCLIENT channel
Windows ID Activation : OK
~ Windows Partial Key : 6XWKK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1, 64-bit (Build 9600)

---\\ Logiciels de protection du système
Windows Defender W8 (Deactivate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3978 MB (42% free)
System Restore: Activé (Enable)
System drive C: has 356 GB (79%) free of 448 GB

---\\ Mode de connexion au système
~ Computer Name: SISTERSLOFT
~ User Name: illyas
~ All Users Names: illyas, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\samira\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\samira\AppData\Roaming\
~ %Desktop% : C:\Users\samira\Desktop\
~ %Favorites% : C:\Users\samira\Favorites\
~ %LocalAppData% : C:\Users\samira\AppData\Local\
~ %StartMenu% : C:\Users\samira\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 356 Go of 448 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.28-01-15 - 00:47:12.) -- C:\Windows\Explorer.exe [2501368]
[MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Application de démarrage de Windows.) (.29-10-14 - 02:25:54.) -- C:\Windows\System32\Wininit.exe [145920]
[MD5.F0289B3A341429117696F0279DA977B6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21-04-15 - 16:27:25.) -- C:\Windows\System32\wininet.dll [2352128]
[MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.29-10-14 - 02:22:52.) -- C:\Windows\System32\Winlogon.exe [572416]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21-12-13 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.30-05-14 - 04:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22-08-13 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22-08-13 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22-08-13 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06-03-14 - 10:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24-07-14 - 12:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.D887446F3F6051C60C26F4FD1FC8D43F] - (.Microsoft Corporation - Pilote de port i8042.) (.07-10-14 - 04:29:50.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27-11-13 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.08-10-14 - 08:32:10.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22-08-13 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.15-10-14 - 09:32:37.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22-08-13 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22-08-13 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.22-08-13 - 20:11:06.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22-08-13 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19-06-14 - 03:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/61
~ Mes musiques (My Musics) : 1/59
~ Mes Videos (My Videos) : 1/6
~ Mes Favoris (My Favorites) : 1/180
~ Mes Documents (My Documents) : 1/228
~ Mon Bureau (My Desktop) : 2/18031
~ Menu demarrer (Programs) : 1/144
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.0BB8A77B544C70FE6599300D275B9D96] - (...) -- C:\Users\samira\AppData\Roaming\cacaoweb\cacaoweb.exe [515888] [PID.5212] =>PUP.CacaoWeb
[MD5.CA595FA53E6C797EC1AB43AFB4B4F183] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816] [PID.5236]
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [4085896] [PID.5368]
[MD5.82F68EBA0FCEA46BA8919D6A264A833E] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe [1065024] [PID.5708]
[MD5.5F1B1148C830C0F149A476A58CE0D09D] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [815248] [PID.5888]
[MD5.096407F0CB75519F4DBFBA5BB413187B] - (.Apple Inc. - iCloud Photos.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816] [PID.1908]
[MD5.F6B0935B23E3C5B54DF33D3C180CA063] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8211968] [PID.1988]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\samira\AppData\Roaming\Mozilla\Firefox\Profiles\3h2u6cqd.default\prefs.js
M3 - MFPP: Plugins - [illyas] -- C:\Users\samira\AppData\Roaming\Mozilla\Firefox\Profiles\3h2u6cqd.default\searchplugins\bing-avast.xml
M3 - MFPP: Plugins - [illyas] -- C:\Users\samira\AppData\Roaming\Mozilla\Firefox\Profiles\3h2u6cqd.default\searchplugins\bingp.xml
M3 - MFPP: Plugins - [illyas] -- C:\Users\samira\AppData\Roaming\Mozilla\Firefox\Profiles\3h2u6cqd.default\searchplugins\default-search.xml =>Hijacker.Browsers
M3 - MFPP: Plugins - [illyas] -- C:\Users\samira\AppData\Roaming\Mozilla\Firefox\Profiles\3h2u6cqd.default\searchplugins\trovi.xml
M0 - MFSP: prefs.js [illyas - 3h2u6cqd.default] http://www.delta-homes.com =>Hijacker.DeltaHomes
M2 - MFEP: prefs.js [illyas - 3h2u6cqd.default\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.34 (..) =>PUP.CacaoWeb
M2 - MFEP: prefs.js [illyas - 3h2u6cqd.default\quick_searchff@gmail.com] [] QuickSearch v1.0.34 (..) =>PUP.QuickSearch
M2 - MFEP: prefs.js [illyas - 3h2u6cqd.default\TUIlTi@m.net] [] bUyfasT v1.2 (..)
M2 - MFEP: Extension [illyas - 3h2u6cqd.default] cacaoweb@cacaoweb.org =>PUP.CacaoWeb
M2 - MFEP: Extension [illyas - 3h2u6cqd.default] quick_searchff@gmail.com =>PUP.QuickSearch
M2 - MFEP: Extension [illyas - 3h2u6cqd.default] TUIlTi@m.net
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml =>Hijacker.Browsers
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\delta-homes.xml =>Hijacker.DeltaHomes
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml =>PUP.Istart
~ Firefox Browser: 32 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com =>Hijacker.DeltaHomes
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com =>PUP.Istart
~ IE Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: LuckyTab Class [64Bits] - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\XTab\SupTab.dll =>PUP.LuckyTab
O2 - BHO: offeurdeal [64Bits] - {F6B9E1A4-49EC-4134-B86E-089C02D5B6CA} Clé orpheline =>PUP.OfferDeal
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Acheter en ligne.lnk . (...) -- C:\Program Files (x86)\Accessory Store\StartUrl.exe (.not file.)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.delta-homes.com =>Hijacker.DeltaHomes
~ Global Startup: 4 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\samira\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\samira\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILEE.exe =>.Epson Seiko Corporation
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Qualcomm®Atheros® - Extension Core.) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
O4 - HKUS\S-1-5-21-3694105734-3757946631-3295022164-1001\..\Run: [cacaoweb] . (...) -- C:\Users\samira\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O4 - HKUS\S-1-5-21-3694105734-3757946631-3295022164-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\samira\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3694105734-3757946631-3295022164-1001\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-3694105734-3757946631-3295022164-1001\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILEE.exe =>.Epson Seiko Corporation
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D875F3B-96D1-40A7-85DB-8F086372D1C8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{73591BC8-72D0-4714-B6C7-A6FA154A44CF}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D875F3B-96D1-40A7-85DB-8F086372D1C8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{73591BC8-72D0-4714-B6C7-A6FA154A44CF}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: LighterInit (00977a63) . (...) - c:\Program Files (x86)\LighterInit\LighterInit.dll =>PUP.LighterInit
O23 - Service: AtherosSvc (AtherosSvc) . (.Windows (R) Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: Elan Service (ETDService) . (.ELAN Microelectronics Corp. - Elan Service.) - C:\Program Files\Elantech\ETDService.exe
O23 - Service: GamesAppIntegrationService (GamesAppIntegrationService) . (.TODO: - TODO: .) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.Windows SysTool - Windows SysTool.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
~ Services: 24 Legitimates Filtered in 00mn 06s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.MyPCBackup
[MD5.00000000000000000000000000000000] [APT] [{8A8DC461-97EA-4EE8-AAB9-58AF10A974D0}] (...) -- C:\Program Files (x86)\Advanced System Protector\unins000.exe (.not file.) [0] =>PUP.AdvancedSystemProtector
[MD5.00000000000000000000000000000000] [APT] [{A3A66DF0-1C02-4B0C-B2CD-EB731320ADBE}] (...) -- C:\Users\illyas\AppData\Roaming\istartsurf\UninstallManager.exe (.not file.) [0] =>PUP.Istart
[MD5.00000000000000000000000000000000] [APT] [{C81601E8-2E67-49EA-AEED-EF0550CD07E3}] (...) -- C:\ProgramData\MovieWizard\uninstall.exe (.not file.) [0] =>PUP.MovieWizard
O39 - APT: - (..) -- C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {062DAD03-AAA2-421A-9218-22E1C219E1A6}.job [757]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\EPSON XP-412 413 415 Series Invitation {062DAD03-AAA2-421A-9218-22E1C219E1A6} [757]
O39 - APT: - (..) -- C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {062DAD03-AAA2-421A-9218-22E1C219E1A6}.job [943]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\EPSON XP-412 413 415 Series Update {062DAD03-AAA2-421A-9218-22E1C219E1A6} [943]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3694105734-3757946631-3295022164-1001Core [934]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3694105734-3757946631-3295022164-1001UA [956]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1096]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1100]
~ Scheduled Task: 180 Legitimates Filtered in 00mn 05s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (innfd_1_10_0_14) . (. - .) - C:\Windows\System32\drivers\innfd_1_10_0_14.sys (.not file.)
O41 - Driver: ({2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys =>PUP.LinkiDoo
~ Drivers: 50 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: LighterInit - (.Software Publisher.) [HKLM][64Bits] -- {12DA0E6F-5543-440C-BAA2-28BF01070AFA}{977a63} =>PUP.LighterInit
~ Logic: 5 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Linkey] =>PUP.LinkeySearch
[HKCU\Software\OB]
[HKCU\Software\Reg]
[HKCU\Software\Super Optimizer] =>PUP.SuperOptimizer
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKLM\Software\Linkey] =>PUP.LinkeySearch
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Infonaut_1.10.0.14] =>PUP.Infonaut
[HKLM\Software\Wow6432Node\MaxPower]
[HKLM\Software\Wow6432Node\Reg]
[HKLM\Software\Wow6432Node\SmdmF] =>PUP.SystemK
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\V9]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
~ Key Software: 170 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12-05-15 - 19:41:37 - [] ----D C:\Program Files (x86)\AdviceAnimals Meme Strip
O43 - CFD: 27-04-15 - 14:15:32 - [] ----D C:\Program Files (x86)\Assets Manager =>PUP.SystemK
O43 - CFD: 29-05-15 - 15:26:25 - [] ----D C:\Program Files (x86)\bUyfasT
O43 - CFD: 29-05-15 - 16:41:37 - [] ----D C:\Program Files (x86)\daiLyprizze
O43 - CFD: 29-05-15 - 15:06:37 - [] ----D C:\Program Files (x86)\freee22you
O43 - CFD: 29-05-15 - 15:26:03 - [] ----D C:\Program Files (x86)\Goodness
O43 - CFD: 11-05-15 - 15:25:58 - [] ----D C:\Program Files (x86)\LighterInit =>PUP.LighterInit
O43 - CFD: 12-05-15 - 19:40:51 - [] ----D C:\Program Files (x86)\loworatE
O43 - CFD: 29-05-15 - 16:41:37 - [] ----D C:\Program Files (x86)\offeurdeal =>PUP.OfferDeal
O43 - CFD: 29-05-15 - 15:06:37 - [] ----D C:\Program Files (x86)\offiErsoftt =>OfferSoft
O43 - CFD: 29-05-15 - 16:41:37 - [] ----D C:\Program Files (x86)\XTab
O43 - CFD: 29-05-15 - 16:41:34 - [] ----D C:\ProgramData\15617885885272633135
O43 - CFD: 11-05-15 - 15:26:08 - [0] ----D C:\ProgramData\b31f07d9000026c8
O43 - CFD: 06-07-14 - 14:05:16 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 19-04-15 - 01:26:14 - [] ----D C:\ProgramData\Browser
O43 - CFD: 29-05-15 - 16:41:29 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 08-02-14 - 23:22:45 - [] ----D C:\ProgramData\OEM_YAHOO
O43 - CFD: 29-05-15 - 16:44:53 - [] ----D C:\ProgramData\smdmf =>PUP.SystemK
O43 - CFD: 17-04-15 - 23:49:06 - [] ----D C:\ProgramData\T122078ED
O43 - CFD: 29-05-15 - 15:09:45 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 18-04-15 - 00:07:11 - [0] ----D C:\ProgramData\{85169c70-60c7-886e-8516-69c7060c71c1}
O43 - CFD: 17-06-14 - 10:59:36 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 29-05-15 - 16:41:29 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
O43 - CFD: 22-08-13 - 21:11:12 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 29-05-15 - 16:23:37 - [] ----D C:\Users\samira\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 08-02-14 - 23:32:31 - [] ----D C:\Users\samira\AppData\Local\Doc
O43 - CFD: 13-11-14 - 23:13:20 - [] -SH-D C:\Users\samira\AppData\Local\EmieBrowserModeList
O43 - CFD: 27-05-15 - 15:55:33 - [] ----D C:\Users\samira\AppData\Local\FF8A93F3-8D4E-4FAE-9049-A7C7EE93699F.aplzod
~ Program Folder: 195 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.5B6A502943AEA31C569B8E976A4399F4] - 29-05-15 - 16:08:06 ---A- - C:\Windows\Prefetch\CACAOWEB.EXE-A2A9905A.pf =>PUP.CacaoWeb
O45 - LFCP:[MD5.D59CE7AB74903846D1FF7A9D3C66F676] - 01-05-15 - 07:54:48 ---A- - C:\Windows\Prefetch\INFONAUT_SOFT_PARTNER.TMP-EF4822A1.pf =>PUP.Infonaut
O45 - LFCP:[MD5.CB4A0B7D525C9E2C28C23C6CBCED6EEF] - 18-04-15 - 00:00:28 ---A- - C:\Windows\Prefetch\PACKAGE_BROWSERGOOD_INSTALLER-77917B08.pf =>PUP.BrowserGood
O45 - LFCP:[MD5.7AD981491CBDC4A539C0B06387EC720B] - 22-04-15 - 10:04:41 ---A- - C:\Windows\Prefetch\PACKAGE_BROWSERGOOD_INSTALLER-7AB4DDCE.pf =>PUP.BrowserGood
O45 - LFCP:[MD5.E8A43D9FB5414943569AF456AF97F049] - 01-05-15 - 07:54:47 ---A- - C:\Windows\Prefetch\PACKAGE_INFONAUT_INSTALLER_MU-EAB9F466.pf =>PUP.Infonaut
O45 - LFCP:[MD5.121E4F0222374E1BCCB6052C2A0A68DB] - 02-05-15 - 19:19:16 ---A- - C:\Windows\Prefetch\PERFORMANCEOPTIMIZER.EXE-0D5E8F18.pf =>PUP.PerformanceOptimizer
O45 - LFCP:[MD5.19CE0C6F173298F2F446D199D4E79836] - 29-05-15 - 14:22:38 ---A- - C:\Windows\Prefetch\WINZIPERSVC.EXE-7CACFFF7.pf =>Adware.D365
~ Prefetcher: 7 Legitimates Filtered in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 30 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14-07-14 - 01:53:51 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:14-07-14 - 01:53:51 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:14-07-14 - 01:53:51 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:13-08-13 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:06-09-13 - 06:00:02 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [370504]
O58 - SDL:22-08-13 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:15-08-14 - 22:35:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:04-07-14 - 04:35:40 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys [61120] =>PUP.LinkiDoo
~ Drivers: 75 Legitimates Filtered in 00mn 02s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 29-05-15 - 18:02:48 ---A- . (...) -- C:\Users\samira\Desktop\cacaoweb.exe [515888] =>PUP.CacaoWeb
~ 14093 Fichiers temporaires (Temporary files)
~ 8 Fichiers cookies (Cookies files)
~ Files: 18 Legitimates Filtered in 00mn 02s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.delta-homes.com =>Hijacker.DeltaHomes
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.delta-homes.com =>Hijacker.DeltaHomes
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.Istart
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} - (Trovi) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (delta-homes) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} - (default-search.net) - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {BB0FD4E0-7464-48A8-84C3-B2AD22A927B3} - () - http://do-search.com =>PUP.DoSearches
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://do-search.com =>PUP.DoSearches
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.0BB8A77B544C70FE6599300D275B9D96] [SPRF][29-05-15] (...) -- C:\Users\samira\Desktop\cacaoweb.exe [515888] =>PUP.CacaoWeb
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:060df2cd="blAu/YP/c/Am/XJ/blAg/B2/axAu/YP////%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:0c230bcb="///%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:0dc3ee96="/P////%%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:0e93c3f3="///%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:1520c6f1="V/////%%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:1c311243="blAu/YP/c/Am/XJ/blAg/B2/alAf/Xb////%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:27ddcf6f="///%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:2d71d5ab="V/////%%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:2e22d94e="///%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:340d3099="/P////%%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:37b7a6d8="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:38583bc3="Ml/2/CF/M//g/CZ////%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:3c09c42b="///%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:414bc593="///%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:48bd1aff="V/////%%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:51d2f2ea="I/Ap/Xb/H/Ah/XJ/bxAS/X2/HPAh////"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:587b5709="V/////%%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:6185d035="Vx/2/Cx/V//l////"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:65114b36="VP/l////"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:72758a5d="///%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:7367429f="///%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:7f69fa1f="///%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:8b9e4cbc="V/////%%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:a0743acc="N/////%%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:a1dcff5b="V/////%%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:a2e3b941="///%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:bbf88800="///%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:c24899a6="Vl/3/CJ/MP/g/CZ////%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:c5705860="Vx////%%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:c6c5dd44="V/////%%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:c99a5f5c="///%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:d1abcdb6="///%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:d94388d2="blAu/YP/c/Am/XJ/blAg/B2/alAf/Xb////%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:e46c271e="///%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:e8f9dcc7="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:f0bf0bde="///%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:f1f24e29="Vl/l/C/////%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:f2c53c49="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:f6ad6fa6="V/////%%"
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf\176462680558185\eae10f9d]:fe94ce1e="V/////%%"
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\MixVideoPlayer_RASAPI32 =>PUP.MixVideoPlayer
HKLM\SOFTWARE\Microsoft\Tracing\MixVideoPlayer_RASMANCS =>PUP.MixVideoPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\netengine_RASAPI32 =>PUP.NetEngine
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\netengine_RASMANCS =>PUP.NetEngine
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PerformanceOptimizer_RASAPI32 =>PUP.PerformanceOptimizer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PerformanceOptimizer_RASMANCS =>PUP.PerformanceOptimizer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateAdvanceElite_RASAPI32 =>PUP.AdvanceElite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateAdvanceElite_RASMANCS =>PUP.AdvanceElite
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatefocusbase_RASAPI32 =>PUP.Focusbase
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatefocusbase_RASMANCS =>PUP.Focusbase
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilfocusbase_RASAPI32 =>PUP.Focusbase
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilfocusbase_RASMANCS =>PUP.Focusbase
~ BTK: 92 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12-09-13 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12-10-10 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 14-07-14 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14-07-14 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14-07-14 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 24-04-12 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SS - | Demand 12-05-13 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 06-04-15 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 28-06-14 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 14-07-12 769432 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SS - | Auto 03-04-14 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 29-10-14 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 11-05-15 2369024 | (00977a63) . (...) - c:\Program Files (x86)\LighterInit\LighterInit.dll =>PUP.LighterInit
SR - | Auto 19-01-15 77128 | (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 07-09-13 312448 | (AtherosSvc) . (.Windows (R) Win 7 DDK provider.) - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
SR - | Auto 14-07-14 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 14-07-14 106488 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 30-08-11 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 06-12-13 2797312 | (CCDMonitorService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
SR - | Demand 06-07-13 663592 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
SR - | Auto 17-05-12 144560 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\system32\EscSvc64.exe
SR - | Auto 06-09-13 101192 | (ETDService) . (.ELAN Microelectronics Corp..) - C:\Program Files\Elantech\ETDService.exe
SR - | System 15-04-15 46752 | (F06DEFF2-5B9C-490D-910F-35D3A9119622) . (.Aztec Media Inc.) - C:\Program Files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg =>PUP.SystemK
SR - | Auto 16-07-13 235008 | (GamesAppIntegrationService) . (.TODO: .) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
SR - | Auto 29-05-15 157824 | (IHProtect Service) . (.XTab system.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
SR - | Auto 12-05-13 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 04-09-13 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 04-09-13 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 03-08-13 457768 | (LMSvc) . (.Acer Incorporate.) - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
SR - | Auto 27-01-14 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 27-01-14 185792 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Demand 03-08-13 457768 | (QASvc) . (.Acer Incorporate.) - C:\Program Files\Acer\Acer Quick Access\QASvc.exe
SR - | Demand 03-08-13 448040 | (RMSvc) . (.Acer Incorporate.) - C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
SR - | Auto 15-04-15 3203840 | (SmdmFService) . (.Aztec Media Inc.) - C:\Program Files (x86)\Assets Manager\smdmf\SmdmFService.exe =>PUP.SystemK
SR - | Auto 18-12-13 2103096 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
SR - | Auto 29-10-14 38792 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe
SR - | Demand 22-07-58 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 22-07-58 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 29-05-15 487424 | (WindowsMangerProtect) . (.Windows SysTool.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
SR - | Auto 22-07-58 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 12s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by illyas at 29-05-15 18:03:18
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by illyas at 29-05-15 18:03:20
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (25-05-15)
Clés trouvées (Keys found) : 19
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 8
Fichiers trouvés (Files found) : 15

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}] =>PUP.LuckyTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6B9E1A4-49EC-4134-B86E-089C02D5B6CA}] =>PUP.OfferDeal^
[HKLM\SYSTEM\CurrentControlSet\Services\00977a63] =>PUP.LighterInit^
[HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{977a63}] =>PUP.LighterInit^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\delta-homesSoftware] =>Toolbar.DeltaSearch
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}] =>Adware.Bandoo^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:cacaoweb =>PUP.CacaoWeb^
C:\Users\samira\AppData\Roaming\Mozilla\Firefox\Profiles\3h2u6cqd.default\extensions\cacaoweb@cacaoweb.org =>PUP.CacaoWeb^
C:\Users\samira\AppData\Roaming\Mozilla\Firefox\Profiles\3h2u6cqd.default\extensions\quick_searchff@gmail.com =>PUP.QuickSearch^
C:\Program Files (x86)\Assets Manager =>PUP.SystemK^
C:\Program Files (x86)\LighterInit =>PUP.LighterInit^
C:\Program Files (x86)\offeurdeal =>PUP.OfferDeal^
C:\ProgramData\smdmf =>PUP.SystemK^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\Users\samira\AppData\Roaming\cacaoweb =>PUP.CacaoWeb^
C:\Users\samira\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb^
C:\Users\samira\AppData\Roaming\Mozilla\Firefox\Profiles\3h2u6cqd.default\Extensions\cacaoweb@cacaoweb.org =>PUP.CacaoWeb^
C:\Users\samira\AppData\Roaming\Mozilla\Firefox\Profiles\3h2u6cqd.default\Extensions\quick_searchff@gmail.com =>PUP.QuickSearch^
[HKCU\Software\Linkey] =>PUP.LinkeySearch^
[HKCU\Software\Super Optimizer] =>PUP.SuperOptimizer^
[HKLM\Software\Linkey] =>PUP.LinkeySearch^
[HKLM\Software\Wow6432Node\236bea65-b4b6-60c6-efd1-23fb2320d1cf] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Infonaut_1.10.0.14] =>PUP.Infonaut^
[HKLM\Software\Wow6432Node\SmdmF] =>PUP.SystemK^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
C:\Users\samira\Desktop\cacaoweb.exe =>PUP.CacaoWeb^
C:\Users\samira\Downloads\cacaoweb.exe =>PUP.CacaoWeb
C:\Users\samira\AppData\Local\Temp\SearchProtectINT.exe =>Toolbar.Conduit
~ Additionnel Scan: 337943 Items scanned in 00mn 42s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-cacaoweb =>PUP.CacaoWeb
http://nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsers
http://www.nicolascoolman.fr/blog/ =>Hijacker.DeltaHomes
http://www.nicolascoolman.fr/blog/ =>PUP.QuickSearch
http://www.nicolascoolman.fr/blog/ =>PUP.Istart
http://www.nicolascoolman.fr/blog/ =>PUP.LuckyTab
http://www.nicolascoolman.fr/blog/ =>PUP.OfferDeal
http://www.nicolascoolman.fr/blog/ =>PUP.LighterInit
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://nicolascoolman.fr/pup-advancedsystemprotector =>PUP.AdvancedSystemProtector
http://www.nicolascoolman.fr/blog/ =>PUP.MovieWizard
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/pup-linkeysearch =>PUP.LinkeySearch
http://www.nicolascoolman.fr/blog/ =>PUP.SuperOptimizer
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://www.nicolascoolman.fr/blog/ =>PUP.Infonaut
http://nicolascoolman.fr/pup-systemk =>PUP.SystemK
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://www.nicolascoolman.fr/blog/ =>OfferSoft
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserGood
http://www.nicolascoolman.fr/blog/ =>PUP.PerformanceOptimizer
http://www.nicolascoolman.fr/blog/ =>Adware.D365
http://nicolascoolman.fr/pup-dosearches =>PUP.DoSearches
http://www.nicolascoolman.fr/blog/ =>PUP.MixVideoPlayer
http://www.nicolascoolman.fr/blog/ =>PUP.NetEngine
http://nicolascoolman.fr/pup-advanceelite =>PUP.AdvanceElite
http://nicolascoolman.fr/pup-focusbase =>PUP.Focusbase
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/pup-bprotector =>PUP.BProtector
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
~ MSI: 40 link(s) detected in 00mn 00s



~ 894 Legitimates filtered by white list
End of the scan (670 lines in 01mn 50s)(0.10)

Publicité


Signaler le contenu de ce document

Publicité