cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.12.27.179 - Nicolas Coolman (27/12/2014)
~ Lancé par win (19/05/2015 21:05:26)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17728
GCIE: Google Chrome v42.0.2311.135
OPIE: Opera vStable 29.0.1795.47 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : MQYX4
~ Windows Remaining Initializations Number : 0
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Kaspersky Internet Security 2013 v13.0.0.3370
Kaspersky Anti-Virus 2011 v11.0.1.400
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI
Adobe Reader XI
Java 7 Update 9

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1782 MB (33% free)
System Restore: Activé (Enable)
System drive C: has 80 GB (54%) free of 147 GB

---\\ Mode de connexion au système
~ Computer Name: WIN-PC
~ User Name: win
~ All Users Names: win, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\win\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\win\AppData\Roaming\
~ %Desktop% : C:\Users\win\Desktop\
~ %Favorites% : C:\Users\win\Favorites\
~ %LocalAppData% : C:\Users\win\AppData\Local\
~ %StartMenu% : C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 80 Go of 147 Go)
D: Hard drive, Flash drive, Thumb drive (Free 52 Go of 151 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 47 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C46904F2E9E121A91DDDABB48D7648C3] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/03/2015 - 03:20:28.) -- C:\Windows\System32\wininet.dll [1888256]
[MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 02:39:27.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/4
~ Mes musiques (My Musics) : 1/1365
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/269
~ Mon Bureau (My Desktop) : 2/13
~ Menu demarrer (Programs) : 1/47
~ Hidden Files: Scanned in 00mn 18s



---\\ Processus lancés
[MD5.A73731A0B0A165907799E9AFB461F856] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [296096] [PID.3332]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848] [PID.1808]
[MD5.D88B2D487439305A2EC308A6796C3044] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3764]
[MD5.9A30BDDE96721FE6D6B2BA0593F69C81] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [177432] [PID.3888]
[MD5.FEC63BCD1A1DDE7A990223D0F12655D7] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [177944] [PID.2572]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.3028]
[MD5.F85A8FB3CF7F3EFE72AC81106BE675A9] - (.Popajar, inc - UpdateCheckerApp.) -- C:\Users\win\AppData\Local\Popajar\UpdateChecker\UpdateCheckerApp.exe [7168] [PID.2884] =>Adware.SmileyBar
[MD5.80158C097A3F87D4841B65A439619B62] - (.BitTorrent Inc. - BitTorrent.) -- C:\Users\win\AppData\Roaming\BitTorrent\BitTorrent.exe [1696104] [PID.3424] =>P2P.BitTorrent
[MD5.CFF96E0CE6F81F5968A6D61786642855] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [131584] [PID.5264]
[MD5.6FDDD18A650764A59302A018765E5521] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880] [PID.2100]
[MD5.7EDA1D46618C2F5801E4A47D80AE89ED] - (.Google Inc. - Google Chrome.) -- C:\Users\win\AppData\Local\Google\Chrome\Application\chrome.exe [812872] [PID.1920]
[MD5.E47AC731D42B2452D4C0BF096DF3DD6E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8145408] [PID.5608]
[MD5.A77ABB05ADD34E1AF4543FA7AFAC52B8] - (...) -- C:\Program Files\Ask.com\UpdateTask.exe [137864] [PID.0]
[MD5.54B8419DD679FDC3E85BCD0277AC58D6] - (...) -- C:\Program Files\Ask.com\SaUpdate.exe [198792] [PID.4364]
[MD5.C98A2183D9FBD7A1D0AEDEFBF0822DC6] - (.Ask - Wrapper Application.) -- C:\Users\win\AppData\Local\Temp\setup.exe [4001416] [PID.5596]
~ Processes Running: Scanned in 00mn 05s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\tcx141si.default\prefs.js
C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\tcx141si.default\user.js
M3 - MFPP: Plugins - [win] -- C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\tcx141si.default\searchplugins\alnaddyToolbar.xml =>Hijacker.Alnaddy
M3 - MFPP: Plugins - [win] -- C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\tcx141si.default\searchplugins\askcom.xml
M3 - MFPP: Plugins - [win] -- C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\tcx141si.default\searchplugins\babylon.xml =>PUP.Babylon
M3 - MFPP: Plugins - [win] -- C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\tcx141si.default\searchplugins\delta.xml =>Toolbar.DeltaSearch
M3 - MFPP: Plugins - [win] -- C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\tcx141si.default\searchplugins\searchgol.xml =>Hijacker.SearchGol
M2 - MFEP: prefs.js [win - tcx141si.default\ffxtlbr@alnaddyToolbar.com] [] alnaddyToolbar.com v1.5.0 (..) =>Hijacker.Alnaddy
M2 - MFEP: prefs.js [win - tcx141si.default\ffxtlbr@searchgol.com] [] SearchGol v1.6.0 (..) =>Hijacker.SearchGol
M2 - MFEP: prefs.js [win - tcx141si.default\toolbar@ask.com] [] Ask Toolbar v1.6.0 (..) =>Toolbar.Ask
M2 - MFEP: prefs.js [win - tcx141si.default\{E71B541F-5E72-5555-A47C-E47863195841}] [] SimilarSites v1.6.0 (..)
~ Firefox Browser: 39 Legitimates Filtered in 00mn 04s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} . (...) (No version) -- (.not file.)
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} . (...) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
R3 - URLSearchHook: BittorrentBar_FR Toolbar - {ef79f67a-6ad7-4715-a0f8-932fca442023} . (...) (No version) -- (.not file.) =>P2P.BitTorrent
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
O1 - Hosts: 74.208.10.249 gs.apple.com
~ Nombre lignes détournées 1/23 (Hosts file redirected)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
O2 - BHO: BittorrentBar_FR - {ef79f67a-6ad7-4715-a0f8-932fca442023} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\BittorrentBar_FR\prxtbBitt.dll =>Toolbar.Conduit
~ BHO: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: BittorrentBar_FR Toolbar - [HKLM]{ef79f67a-6ad7-4715-a0f8-932fca442023} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\BittorrentBar_FR\prxtbBitt.dll =>Toolbar.Conduit
O3 - Toolbar: Ask Toolbar - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: SimilarSites - [HKLM]{FE69C007-C452-4d3e-86D2-1730DF8BC871} . (.SimilarSites - SimilarSites Toolbar.) -- C:\Program Files\SimilarSites\similarsites.dll
O3 - Toolbar\WebBrowser: BittorrentBar_FR Toolbar - [HKCU]{EF79F67A-6AD7-4715-A0F8-932FCA442023} . (.ClientConnect Ltd. - Toolbar.) -- C:\Users\win\AppData\LocalLow\BittorrentBar_FR\prxtbBit0.dll =>P2P.BitTorrent
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D4027C7F-154A-4066-A1AD-4243D8127440} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [win]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\win\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [win]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\win\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 04s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] . (.Hewlett-Packard Company - HP UT LEDM Driver.) -- C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\win\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [GarenaPlus] . (.Pas de propriétaire - Garena Plus.) -- C:\Program Files\Garena Plus\GarenaMessenger.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\win\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [TBHostSupport] . (.Conduit Ltd. - TBHostSupport.) -- C:\Users\win\AppData\Local\TBHostSupport\TBHostSupport_0.dll =>Toolbar.Conduit
O4 - HKCU\..\Run: [APISupport] . (.ClientConnect Ltd. - Pas de description.) -- C:\Users\win\AppData\Local\TB\APISupport\APISupport.dll
O4 - HKCU\..\Run: [UpdateChecker] . (.Popajar, inc - UpdateCheckerApp.) -- C:\Users\win\AppData\Local\Popajar\UpdateChecker\UpdateCheckerApp.exe =>Adware.SmileyBar
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\win\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [BackgroundContainerV2] . (.ClientConnect Ltd. - Background Container.) -- C:\Users\win\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>PUP.Babylon
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2006587106-736592022-3620010220-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2006587106-736592022-3620010220-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\win\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-2006587106-736592022-3620010220-1000\..\Run: [GarenaPlus] . (.Pas de propriétaire - Garena Plus.) -- C:\Program Files\Garena Plus\GarenaMessenger.exe
O4 - HKUS\S-1-5-21-2006587106-736592022-3620010220-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\win\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2006587106-736592022-3620010220-1000\..\Run: [TBHostSupport] . (.Conduit Ltd. - TBHostSupport.) -- C:\Users\win\AppData\Local\TBHostSupport\TBHostSupport_0.dll =>Toolbar.Conduit
O4 - HKUS\S-1-5-21-2006587106-736592022-3620010220-1000\..\Run: [APISupport] . (.ClientConnect Ltd. - Pas de description.) -- C:\Users\win\AppData\Local\TB\APISupport\APISupport.dll
O4 - HKUS\S-1-5-21-2006587106-736592022-3620010220-1000\..\Run: [UpdateChecker] . (.Popajar, inc - UpdateCheckerApp.) -- C:\Users\win\AppData\Local\Popajar\UpdateChecker\UpdateCheckerApp.exe =>Adware.SmileyBar
O4 - HKUS\S-1-5-21-2006587106-736592022-3620010220-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2006587106-736592022-3620010220-1000\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\win\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-2006587106-736592022-3620010220-1000\..\Run: [BackgroundContainerV2] . (.ClientConnect Ltd. - Background Container.) -- C:\Users\win\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll =>PUP.Babylon
O4 - HKUS\S-1-5-21-2006587106-736592022-3620010220-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe
~ Application: Scanned in 00mn 01s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier &virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kbrd.ico
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} -- Clé orpheline
O9 - Extra button: SimilarSites - {807DF5E0-4EF7-48a8-A405-239F3E29FFA9} . (...) -- C:\Program Files\SimilarSites\hotbtn.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{24CC4F74-B9F6-4A1A-8EB3-75B577CA1363}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E0EFF71-20B5-4448-892F-54332576235B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{34510999-29E6-473F-BB3A-22F2941432AD}: DhcpNameServer = 67.150.159.81 67.150.159.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CBEFC4C-B8D7-4FEF-B56A-08615F29F7EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1648FCF-14F4-457B-86BE-2AAD5468BFA7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{24CC4F74-B9F6-4A1A-8EB3-75B577CA1363}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E0EFF71-20B5-4448-892F-54332576235B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{34510999-29E6-473F-BB3A-22F2941432AD}: DhcpNameServer = 67.150.159.81 67.150.159.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{5CBEFC4C-B8D7-4FEF-B56A-08615F29F7EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B1648FCF-14F4-457B-86BE-2AAD5468BFA7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{24CC4F74-B9F6-4A1A-8EB3-75B577CA1363}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2E0EFF71-20B5-4448-892F-54332576235B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{34510999-29E6-473F-BB3A-22F2941432AD}: DhcpNameServer = 67.150.159.81 67.150.159.13
O17 - HKLM\System\CS2\Services\Tcpip\..\{5CBEFC4C-B8D7-4FEF-B56A-08615F29F7EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B1648FCF-14F4-457B-86BE-2AAD5468BFA7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\Windows\system32\klogon.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
~ Services: 11 Legitimates Filtered in 00mn 09s



---\\ Tâches planifiées en automatique (O39)
[MD5.71D490C463014E4FB88B8CBA700B111E] [APT] [EPUpdater] (...) -- C:\Users\win\AppData\Roaming\BabSolution\Shared\BabMaint.exe [4608] =>Hijacker.BabSolution
[MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
[MD5.7016A5D74459577060366F7D1E44F495] [APT] [green_game_notification_service] (.FileProperties_CompanyName.) -- C:\Program Files\green game\green_game_notification_service.exe [1417216]
[MD5.1904F248B992D83308DFDF54E40B7F23] [APT] [Opera scheduled Autoupdate 1414522807] (.Opera Software.) -- C:\Program Files\Opera\launcher.exe [888440]
[MD5.A77ABB05ADD34E1AF4543FA7AFAC52B8] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe [137864] =>Toolbar.Ask
[MD5.00000000000000000000000000000000] [APT] [{4A8216B0-B906-48E6-9B77-C68D1843A824}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.D3C14AB1D76CC88E131BA31667326A68] [APT] [{63C3B905-322A-4116-8BE7-63498C76D72A}] (...) -- C:\Program Files\Common Files\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe [397312]
[MD5.00000000000000000000000000000000] [APT] [{76C26994-33CB-4E28-843F-57339D4EBE7F}] (...) -- C:\Users\win\Downloads\Programs\Nero-12.0.02000_trial.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A607A8BD-2A92-4288-BF17-7F1A3D33E8D0}] (...) -- F:\redist\directx80a\DXSETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FA99190C-8631-49DB-8A58-1FE61A004359}] (...) -- C:\Users\win\Downloads\Programs\Nero-12.0.02000_trial.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-1.job [3078] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-11.job [4806] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-2.job [2076] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-4.job [4460] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-5.job [2412] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-5_user.job [2412] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-6.job [4124] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-7.job [3780] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2006587106-736592022-3620010220-1000Core [898]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2006587106-736592022-3620010220-1000UA [920]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [924] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [924] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [928] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [928] =>PUP.GlobalUpdate
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2006587106-736592022-3620010220-1000Core [1018]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2006587106-736592022-3620010220-1000UA [1070]
O39 - APT: green_game_notification_service - (.FileProperties_CompanyName.) -- C:\Windows\Tasks\green_game_notification_service.job [1306]
O39 - APT: green_game_notification_service - (.FileProperties_CompanyName.) -- C:\Windows\System32\Tasks\green_game_notification_service [1306]
O39 - APT: - (..) -- C:\Windows\Tasks\green_game_updating_service.job [668]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SLOW-PCfighter [430]
~ Scheduled Task: 46 Legitimates Filtered in 00mn 10s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (ewbtmokk) . (. - .) - C:\Windows\system32\drivers\ewbtmokk.sys (.not file.)
O41 - Driver: (nrtwcovh) . (. - .) - C:\Windows\system32\drivers\nrtwcovh.sys (.not file.)
O41 - Driver: (sdwvjatu) . (. - .) - C:\Windows\system32\drivers\sdwvjatu.sys (.not file.)
O41 - Driver: (ungvowey) . (. - .) - C:\Windows\system32\drivers\ungvowey.sys (.not file.)
O41 - Driver: (ywwuyrsf) . (. - .) - C:\Windows\system32\drivers\ywwuyrsf.sys (.not file.)
~ Drivers: 80 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: SimilarSites - (.SimilarSites.) [HKLM] -- SimilarSites
O42 - Logiciel: UpdateChecker - (.Popajar, inc.) [HKCU] -- Popajar, inc UpdateChecker =>Adware.SmileyBar
O42 - Logiciel: pro-up 1.8 - (...) [HKLM] -- pro-up 1.8
~ Logic: 16 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\Alnaddy.com] =>Hijacker.Alnaddy
[HKCU\Software\Ask.com]
[HKCU\Software\AskToolbar]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Popajar] =>Toolbar.Conduit
[HKCU\Software\SmileysWeLove] =>Adware.SmileyBar
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Tbccint_HKLM] =>Toolbar.Conduit
[HKCU\Software\searchgol] =>Hijacker.SearchGol
[HKLM\Software\2A]
[HKLM\Software\35fcc579-b431-4baf-ab6d-47b0ba44456e] =>PUP.CrossRider
[HKLM\Software\APN]
[HKLM\Software\AskToolbar]
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Radio Canyon-nv]
[HKLM\Software\Radio Canyon]
~ Key Software: 313 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/01/2014 - 18:17:58 - [] ----D C:\Program Files\Ask.com
O43 - CFD: 16/04/2013 - 16:29:29 - [] ----D C:\Program Files\Babylon =>PUP.Babylon
O43 - CFD: 23/08/2012 - 14:39:19 - [] ----D C:\Program Files\Conduit
O43 - CFD: 13/04/2015 - 15:43:59 - [] ----D C:\Program Files\green game
O43 - CFD: 19/05/2015 - 20:49:53 - [] ----D C:\Program Files\Radio Canyon
O43 - CFD: 24/12/2012 - 22:03:06 - [] ----D C:\Program Files\SimilarSites
O43 - CFD: 18/07/2013 - 18:51:02 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 10/08/2013 - 15:02:55 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PESEdit.com 2013 Patch
O43 - CFD: 14/07/2009 - 11:00:22 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 18/07/2013 - 18:52:55 - [] ----D C:\Users\win\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 18/07/2013 - 18:51:01 - [] ----D C:\Users\win\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 26/01/2014 - 01:23:35 - [] ----D C:\Users\win\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 28/10/2014 - 20:56:59 - [] ----D C:\Users\win\AppData\Roaming\RHEng
O43 - CFD: 16/04/2013 - 16:28:21 - [] ----D C:\Users\win\AppData\Roaming\searchgol =>Hijacker.SearchGol
O43 - CFD: 24/12/2012 - 21:59:14 - [] ----D C:\Users\win\AppData\Roaming\SimilarSites
O43 - CFD: 23/12/2012 - 13:52:15 - [] ----D C:\Users\win\AppData\Roaming\xim
O43 - CFD: 25/10/2012 - 19:23:31 - [] ----D C:\Users\win\AppData\Local\AskToolbar
O43 - CFD: 28/10/2014 - 21:09:36 - [] ----D C:\Users\win\AppData\Local\Conduit
O43 - CFD: 19/05/2015 - 20:40:50 - [] -SH-D C:\Users\win\AppData\Local\EmieBrowserModeList
O43 - CFD: 07/09/2014 - 22:22:48 - [] ----D C:\Users\win\AppData\Local\onlysearch
O43 - CFD: 26/01/2014 - 01:32:12 - [] ----D C:\Users\win\AppData\Local\Popajar =>Toolbar.Conduit
O43 - CFD: 08/04/2014 - 20:49:33 - [] ----D C:\Users\win\AppData\Local\TB
O43 - CFD: 21/12/2013 - 15:31:55 - [] ----D C:\Users\win\AppData\Local\TBHostSupport
O43 - CFD: 08/12/2013 - 19:40:32 - [] ----D C:\Users\win\AppData\Local\WhiteListing
O43 - CFD: 18/07/2013 - 18:53:29 - [] ----D C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender =>Hijacker.Eazel
~ Program Folder: 255 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.529C10DDC29629E12F3B322F970D5A65] - 19/05/2015 - 19:00:15 ---A- . (...) -- C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7 [4]
~ Files: 9 Legitimates Filtered in 00mn 50s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:19/01/2008 - 19:48:58 ---A- . (.-- - NDIS 6.0 driver.) -- C:\Windows\System32\Drivers\MOSUMAC.SYS [41472]
O58 - SDL:17/06/2013 - 19:09:23 ---A- . (...) -- C:\Windows\System32\Drivers\PnkBstrK.sys [22328]
O58 - SDL:30/08/2012 - 18:45:45 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [477240]
O58 - SDL:22/01/2014 - 08:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [88576]
O58 - SDL:22/01/2014 - 08:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [184192]
O58 - SDL:04/06/2013 - 08:15:00 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [181912]
O58 - SDL:14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:28/07/2014 - 13:52:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 83 Legitimates Filtered in 00mn 50s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Launcher.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Launcher.exe
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\win\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\tcx141si.default\searchplugins\askcom.xml
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.FirstTime", "true");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.FirstTimeFF3", "true");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.LoginRevertSettingsEnabled", true);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.UserID", "UN96180258654778071");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.addressBarTakeOverEnabledInHidden", "true");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.autoDisableScopes", -1);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.countryCode", "DZ");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.defaultSearch", "FALSE");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.enableAlerts", "always");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.enableFix404ByUser", "FALSE");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.enableSearchFromAddressBar", "FALSE");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.firstTimeDialogOpened", "true");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.fixPageNotFoundError", "true");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.fixPageNotFoundErrorByUser", "true");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.fixPageNotFoundErrorInHidden", "true");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.fixUrls", true);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.fullUserID", "UN96180258654778071.UP.20130709223458");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.homepageuserchanged", true);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.installId", "fftC9E6.tmp.exe");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.installType", "XPE");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.isCheckedStartAsHidden", true);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.isFirstTimeToolbarLoading", "false");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.isNewTabEnabled", true);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.isPerformedSmartBarTransition", "true"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT2849852&octid=CT2[...]
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.lastVersion", "10.16.70.505");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.migrateAppsAndComponents", true);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"http%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT2849852%26oct[...]
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.openThankYouPage", "true");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.openUninstallPage", "FALSE");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.searchInNewTabEnabledByUser", "true");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.searchInNewTabEnabledInHidden", "true");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.searchSuggestEnabledByUser", "false");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2849852\"}");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://Bittorre[...]
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BittorrentBar_F[...] =>P2P.BitTorrent
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_services_Configuration_lastUpdate", "1379180876369");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_services_location_lastUpdate", "1373386806137");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_services_login_10.10.20.14_lastUpdate", "1351413543680");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_services_login_10.10.27.6_lastUpdate", "1354372907856");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_services_login_10.13.40.15_lastUpdate", "1362941429118");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364331759514");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363208520521");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369337434599");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_services_login_10.16.2.509_lastUpdate", "1373401206811");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_services_login_10.16.4.519_lastUpdate", "1375133684586");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_services_login_10.16.70.505_lastUpdate", "1379180876645");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_services_searchAPI_lastUpdate", "1379180876574");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_services_serviceMap_lastUpdate", "1379180875956");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_services_toolbarSettings_lastUpdate", "1379180877830");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.serviceLayer_services_translation_lastUpdate", "1379180882109");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.settingsINI", true);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.shouldFirstTimeDialog", "false");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.showToolbarPermission", "false");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.smartbar.CTID", "CT2849852"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.smartbar.Uninstall", "0"); =>Hijacker.SmartBar
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.smartbar.isHidden", true); =>Hijacker.SmartBar
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.smartbar.toolbarName", "BittorrentBar_FR "); =>Hijacker.SmartBar
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.startPage", "userChanged");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.toolbarBornServerTime", "17-10-2012");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.toolbarCurrentServerTime", "14-9-2013");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.toolbarLoginClientTime", "Thu Mar 14 2013 16:51:29 GMT+0100");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852.upgradeFromClearSBVersion", true);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("CT2849852_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1379180754061,\"isWithState\"[...]
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.apn_dbr", "ff_3.5.19");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.cbid", "EW");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.config-updated", false);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.crumb", "2012.09.28+04.34.07-toolbar009iad-DZ-QWxnaWVycyxBbGdlcmlh");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.default-channel-url-mask", "http://fr.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&dm=lang");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.dtid", "YYYYYYYYDZ");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "AGXX0001");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.ff-original-keyword-url", "");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.ff19-config-first-run", "true");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.first-launch-url", "http://fr.xfire.com/profile/noobdz");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.first-restart-after-config-update", true);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.fresh-install", false);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.guid", "1a306962-1c1c-4c2d-9268-1531c7b6f735");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.hpr", "YES");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"ww[...]
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.if", "first");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.keyword-toggled-in-session", false);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.l", "dis");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.last-config-req", "1415368686122");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.locale", "fr_FR");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.location", "Algiers,Algeria");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.nero.userName", "");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.nthp", "YES");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.nthp_prev", "0");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.o", "101913");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.qsrc", "2871");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.r", "21");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.sa", "YES");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.saguid", "69D055C2-F77A-40BB-B373-B562A402BDE3");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.search-suggestions-enabled", true);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.silent-upgrade", true);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.themeid", "");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.timeinstalled", "28/09/2012 13:36:37");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.to", "");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.v", "3.15.25.100013");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.asktb.version", "5.15.25.44892");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.crossrider.bic", "1496b23b33c9d2129d49c03a830abe92"); =>PUP.CrossRider
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.dfltLng", "fr");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.id", "7c3890b300000000000000ff8e49185b");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.instlDay", "15904");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.vrsn", "1.8.21.5");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.vrsnTs", "1.8.21.518:52:45");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta.vrsni", "1.8.21.5");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta_i.babExt", "");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta_i.babTrack", "affID=119557&tsp=4947");
O69 - SBI: prefs.js [win - tcx141si.default] user_pref("extensions.delta_i.srcExt", "ss");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {93A831D2-6C74-41CD-B2AC-10664F58B828} [DefaultScope] - (Alnaddy) - http://www.alnaddy.com =>Hijacker.Alnaddy
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (BittorrentBar_FR Customized Web Search) - http://search.conduit.com =>P2P.BitTorrent
O69 - SBI: SearchScopes [HKCU] {EDD7B81A-C6D9-4823-BAF0-773776A91571} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.A719B9EE6116B496F4000C0B1311EA13] [SPRF][06/10/2012] (...) -- C:\Users\win\AppData\Roaming\PnkBstrK.sys [22328]
[MD5.F5B870E40BC12B65513E543A0F8D68B9] [SPRF][17/06/2013] (...) -- C:\Users\win\AppData\Roaming\room_v3.dat [45270]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{697A1193-B411-4C28-805B-8544BFC473A8}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\win\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{BA6915BF-9623-4016-B64F-F80B862E4021}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\win\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 03s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Ask Toolbar.) -- c:\program files\ask.com\fv_15de.ico =>Toolbar.Ask
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5c55ddd1bd3cbe42]:version="2.6.1339.144"
[HKLM\Software\5c55ddd1bd3cbe42]:version="2.6.1339.144"
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\alnaddyToolbar_all_1_RASAPI32 =>Hijacker.Alnaddy
HKLM\SOFTWARE\Microsoft\Tracing\alnaddyToolbar_all_1_RASMANCS =>Hijacker.Alnaddy
HKLM\SOFTWARE\Microsoft\Tracing\ApnStub_RASAPI32 =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\ApnStub_RASMANCS =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32 =>Toolbar.AskBar
HKLM\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS =>Toolbar.AskBar
HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32 =>Toolbar.AskBar
HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS =>Toolbar.AskBar
HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32 =>P2P.GoforFiles
HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS =>P2P.GoforFiles
HKLM\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_carnotes_2_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_carnotes_2_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\UpdateCheckerApp_RASAPI32 =>Adware.SmileyBar
HKLM\SOFTWARE\Microsoft\Tracing\UpdateCheckerApp_RASMANCS =>Adware.SmileyBar
~ BTK: 246 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{0842E22B-BF8F-4307-86F7-F812FB90BC62}] (BittorrentBar_FR API Server) =>P2P.BitTorrent
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}] (globalUpdate.OneClickProcessLauncher) =>PUP.GlobalUpdate
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate
[HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] (Ask Toolbar) =>Toolbar.Ask
[HKCR\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}] (BittorrentBar_FR Toolbar) =>P2P.BitTorrent
~ BCK: 5323 Legitimates Filtered in 00mn 11s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 02/05/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 28/10/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
SS - | Demand 28/10/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe =>PUP.GlobalUpdate
SS - | Auto 24/06/2009 136704 | (HP LaserJet Service) . (.HP.) - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
SS - | Demand 04/08/2012 311448 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 10/07/2013 559016 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 28/08/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 31/05/2012 218880 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 27/10/2014 108032 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SR - | Demand 01/09/2014 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 13/07/2012 769432 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 28/10/2012 76888 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 07/02/2014 5093216 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 15s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:30/08/2012 - 18:45:45 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [477240]
~ Emulateurs: Scanned in 00mn 15s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (27/12/2014)
Clés trouvées (Keys found) : 95
Valeurs trouvées (Values found) : 6
Dossiers trouvés (Folders found) : 25
Fichiers trouvés (Files found) : 32

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF79F67A-6AD7-4715-A0F8-932FCA442023}] =>Toolbar.Conduit^
[HKLM\SYSTEM\CurrentControlSet\Services\globalUpdate) (globalUpdate] =>PUP.GlobalUpdate^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Popajar, inc UpdateChecker] =>Adware.SmileyBar^
[HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.Ask
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Adware.iWinArcade
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ef79f67a-6ad7-4715-a0f8-932fca442023}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ef79f67a-6ad7-4715-a0f8-932fca442023}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}] =>Toolbar.Conduit
[HKLM\Software\Classes\Prod.cap] =>PUP.ClaroSearch
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs] =>Toolbar.Ask
[HKLM\Software\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\APN] =>Toolbar.Ask
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\BittorrentBar_FR] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\BittorrentBar_FR] =>Toolbar.Conduit
[HKLM\Software\BittorrentBar_FR] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\Babylon_RASAPI32] =>PUP.Babylon
[HKLM\Software\Microsoft\Tracing\Babylon_RASMANCS] =>PUP.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Adware.SimilarSites
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_FR Toolbar] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE69C007-C452-4d3e-86D2-1730DF8BC871}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE69C007-C452-4d3e-86D2-1730DF8BC871}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{FE69C007-C452-4d3e-86D2-1730DF8BC871}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{FE69C007-C452-4d3e-86D2-1730DF8BC871}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKCU\Software\Alnaddy.com] =>Hijacker.Alnaddy
[HKLM\Software\Google\Chrome\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl] =>Adware.SimilarSites
[HKLM\Software\Microsoft\Internet Explorer\extensions\{807DF5E0-4EF7-48a8-A405-239F3E29FFA9}] =>Adware.SimilarSites
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{D651E893-3D08-458D-A242-0E6B862E6507}] =>Hijacker.Alnaddy
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}] =>Toolbar.SimilarSites
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\Toolbar.CT2849852] =>Toolbar.Conduit
[HKCU\Software\Classes\keepmysearch] =>Adware.MyWebSearch
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622082204}] =>PUP.CrossRider
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{ef79f67a-6ad7-4715-a0f8-932fca442023} =>P2P.BitTorrent^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{ef79f67a-6ad7-4715-a0f8-932fca442023} =>Toolbar.Conduit^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:TBHostSupport =>Toolbar.Conduit^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShopperReports
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:ApnUpdater =>Adware.GameSpyArcade
C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\tcx141si.default\extensions\ffxtlbr@alnaddyToolbar.com =>Hijacker.Alnaddy^
C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\tcx141si.default\extensions\ffxtlbr@searchgol.com =>Hijacker.SearchGol^
C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\tcx141si.default\extensions\toolbar@ask.com =>Toolbar.Ask^
C:\Program Files\Babylon =>PUP.Babylon^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\Users\win\AppData\Roaming\BabSolution =>Hijacker.BabSolution^
C:\Users\win\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\win\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\win\AppData\Roaming\searchgol =>Hijacker.SearchGol^
C:\Users\win\AppData\Local\Popajar =>Toolbar.Conduit^
C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender =>Hijacker.Eazel^
C:\Program Files\Ask.com =>Toolbar.AskBar
C:\Program Files\BittorrentBar_FR =>Toolbar.Conduit
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Program Files\SimilarSites =>Adware.SimilarSites
C:\Users\win\AppData\Roaming\SimilarSites =>Adware.SimilarSites
C:\Users\win\AppData\Local\AskToolbar =>Toolbar.AskTBar
C:\Users\win\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\win\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
C:\Users\win\AppData\LocalLow\BittorrentBar_FR =>Toolbar.Conduit
C:\Users\win\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\win\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\win\AppData\Local\Temp\BittorrentBar_FR =>Toolbar.Conduit
C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch
C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\tcx141si.default\Smartbar =>Hijacker.SmartBar
C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\tcx141si.default\bprotector_extensions.sqlite =>PUP.BProtector
C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\tcx141si.default\bprotector_prefs.js =>PUP.BProtector
C:\Users\win\AppData\Local\Popajar\UpdateChecker\UpdateCheckerApp.exe =>Adware.SmileyBar^
C:\Users\win\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent^
C:\Users\win\AppData\Roaming\BabSolution\Shared\BabMaint.exe =>Hijacker.BabSolution^
C:\Program Files\Ask.com\UpdateTask.exe =>Toolbar.Ask^
C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-1.job =>PUP.CrossRider^
C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-11.job =>PUP.CrossRider^
C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-2.job =>PUP.CrossRider^
C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-4.job =>PUP.CrossRider^
C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-5.job =>PUP.CrossRider^
C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-5_user.job =>PUP.CrossRider^
C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-6.job =>PUP.CrossRider^
C:\Windows\Tasks\2d0e2975-42e4-4ce5-afe6-c06d3bcd4617-7.job =>PUP.CrossRider^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore =>PUP.GlobalUpdate^
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job =>PUP.GlobalUpdate^
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA =>PUP.GlobalUpdate^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\Popajar] =>Toolbar.Conduit^
[HKCU\Software\SmileysWeLove] =>Adware.SmileyBar^
[HKCU\Software\Tbccint_HKLM] =>Toolbar.Conduit^
[HKCU\Software\searchgol] =>Hijacker.SearchGol^
[HKLM\Software\35fcc579-b431-4baf-ab6d-47b0ba44456e] =>PUP.CrossRider^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKCR\CLSID\{0842E22B-BF8F-4307-86F7-F812FB90BC62}] (BittorrentBar_FR API Server) =>P2P.BitTorrent^
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate^
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}] (globalUpdate.OneClickProcessLauncher) =>PUP.GlobalUpdate^
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}] (globalUpdate Update Plugin) =>PUP.GlobalUpdate^
[HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] (Ask Toolbar) =>Toolbar.Ask^
[HKCR\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}] (BittorrentBar_FR Toolbar) =>P2P.BitTorrent^
~ Additionnel Scan: 291292 Items scanned in 01mn 02s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/adware-smileybar =>Adware.SmileyBar
http://nicolascoolman.fr/hijacker-alnaddy =>Hijacker.Alnaddy
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.fr/hijacker-searchgol =>Hijacker.SearchGol
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://nicolascoolman.fr/hijacker-babsolution =>Hijacker.BabSolution
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/adware-vidsaver =>Adware.VidSaver
http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskTBar
http://nicolascoolman.fr/adware-iwinarcade =>Adware.iWinArcade
http://nicolascoolman.fr/pup-clarosearch =>PUP.ClaroSearch
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/adware-pricegong =>Adware.PriceGong
http://nicolascoolman.fr/adware-similarsites =>Adware.SimilarSites
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
http://nicolascoolman.fr/pup-bprotector =>PUP.BProtector
http://www.nicolascoolman.fr/blog/ =>Toolbar.SimilarSites
http://www.nicolascoolman.fr/blog/ =>Adware.ShopperReports
http://www.nicolascoolman.fr/blog/ =>Adware.GameSpyArcade
~ MSI: 27 link(s) detected in 00mn 00s



~ 935 Legitimates filtered by white list
End of the scan (946 lines in 04mn 39s)(0)

Publicité


Signaler le contenu de ce document

Publicité