cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.6.16.57 - Nicolas Coolman (16/06/2015)
~ Lancé par David (26/06/2015 18:30:37)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://www.forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17843

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : DFCKX
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Microsoft Security Client v4.8.0204.0
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système
CCleaner v5.04

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 18 NPAPI
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8140 MB (67% free)
System Restore: Activé (Enable)
System drive C: has 741 GB (79%) free of 931 GB

---\\ Mode de connexion au système
~ Computer Name: DAVID-PC
~ User Name: David
~ All Users Names: UpdatusUser, David, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\David\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\David\AppData\Roaming\
~ %Desktop% : C:\Users\David\Desktop\
~ %Favorites% : C:\Users\David\Favorites\
~ %LocalAppData% : C:\Users\David\AppData\Local\
~ %StartMenu% : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 741 Go of 931 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.417F80E4AFBA1AA9EBBD618F1C6D9165] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/05/2015 - 18:50:20.) -- C:\Windows\System32\wininet.dll [2426880]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/39028
~ Mes musiques (My Musics) : 5/220
~ Mes Favoris (My Favorites) : 1/34
~ Mes Documents (My Documents) : 1/16
~ Mon Bureau (My Desktop) : 2/1344
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 16s



---\\ Processus lancés
[MD5.FD8AA90A78160E4374EE44D892E0DE3A] - (.Panicware, Inc. - Pop-Up Stopper Free Edition.) -- C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe [536576] [PID.2944]
[MD5.F34E7705751BB413283434697BF8E55D] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696] [PID.2952]
[MD5.659474582C6E060DBD8FFFF97DC892C5] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968] [PID.2076]
[MD5.761D8D6B74782F5A23142AABD9A80684] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480] [PID.2464]
[MD5.60F348942A3D537DBF9FB5B59DDE23CC] - (...) -- C:\Program Files (x86)\PenWes\dnshelper.exe [982016] [PID.1128]
[MD5.C773F1B6EE4D7A29AE0AF1EC1570E030] - (.Garmin Ltd. or its subsidiaries - Garmin Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224] [PID.2176]
[MD5.98FA788238E71D9563D4BF177A4FC22C] - (.Google Inc. - Google Chrome.) -- C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe [813896] [PID.2768]
[MD5.4D1DA8CE5E364D22B4FF00F163194514] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.3224]
[MD5.FDB2FB392B20797AF3F4ED9D7699938E] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152] [PID.3320]
[MD5.50650A6B920C576FC1C8266E17DD28BD] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480] [PID.5632]
[MD5.E7B58CE9BD61BF575E2880088F4E5447] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8218112] [PID.7000]
[MD5.A9D26626BEADF5A0641BF6B5095EF309] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [414496] [PID.980]
[MD5.11F6F9216D8F77EAC196B07D66E819EA] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048] [PID.1092] =>PUP.Elex
[MD5.A03A95B389479B2ADE3A288FA2EA11D1] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe [118048] [PID.1176] =>PUP.Elex
[MD5.311AE21913FE3FB0C391CFC3A797324F] - (.Taiwan Shui Mu Chih Ching Technology Limite - dsk service.) -- C:\Program Files (x86)\WinZipper\winzipersvc.exe [426160] [PID.1764] =>Adware.D365
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.1108]
[MD5.A542C712794FB8FBD27E37271C730F36] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82112] [PID.2356]
[MD5.D75A41E9D515D061ABD0D542157E0780] - (.Freemake - FreemakeUtilsService.) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888] [PID.2472]
[MD5.65C2D3C4BAE4C0EF1CD92BBC8BB57F2B] - (.Ellora Assets Corp. - CaptureLibService.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216] [PID.3760]
[MD5.3508984B2B45F48C15B495E87CBFE5C5] - (.Garmin Ltd. or its subsidiaries - Garmin Service.) -- C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [717768] [PID.3960]
[MD5.F46458404BA3728430ACB7EC1E371E59] - (...) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280] [PID.4432]
[MD5.468F7516B4030603BA9D1427CCEACDF9] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560] [PID.4552]
[MD5.40D7D0A208EE863BCA8D89E299216F15] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864] [PID.4612]
[MD5.610FB042ACDDD74BABF934BF229439A4] - (...) -- C:\Program Files (x86)\PenWes\DNSService.exe [1655808] [PID.4692]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Windows\SysWOW64\IoctlSvc.exe [81920] [PID.4720]
[MD5.506B0B498216371D64ABB69145B70E4C] - (...) -- C:\Program Files (x86)\Tor\tor.exe [3233806] [PID.4792]
[MD5.1F35EFEC56CD1BF62435EAF97EABC3B3] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13632] [PID.6712]
[MD5.B114B200CCDEBC7EBD8EF5D783819386] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.6720]
[MD5.AA130938A27BB80A8B6438EF83232275] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1364256] [PID.348]
[MD5.6617E7CC9DC6729A11BFF54C47CEA7D0] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.4608]
[MD5.16DF912A1C88B7AE46E907661F31AA77] - (.Intel Corporation - Intel® SBA WindowsService.) -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [49376] [PID.5912]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [David - r1jogmt7.default-1399481810494\{737cd3ee-f9fe-48c1-89f5-74d7ba5ee1f3}] [] Start Page v2.7 (..)
M2 - MFEP: Extension [David - r1jogmt7.default-1399481810494] pdfforge@mybrowserbar.com =>Adware.WidgiToolbar
M2 - MFEP: Extension [David - r1jogmt7.default-1399481810494] staged
M2 - MFEP: Extension [David - r1jogmt7.default-1399481810494] {737cd3ee-f9fe-48c1-89f5-74d7ba5ee1f3}
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com =>PUP.V9Software
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com =>PUP.V9Software
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com =>PUP.V9Software
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com =>PUP.V9Software
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com =>PUP.V9Software
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.portaldosites.com =>Hijacker.PortaldoSites
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com =>PUP.V9Software
R3 - URLSearchHook: pdfforge Toolbar [64Bits] - {B922D405-6D13-4A2B-AE89-08A030DA4402} . (...) (No version) -- C:\Program Files (x86)\pdfforge Toolbar\IE\11.3\pdfforgeToolbarIE.dll =>PUP.Dealio
~ IE Browser: 25 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:56789
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: roockeetdeal [64Bits] - {2AB82514-2DD6-4E65-AA84-E620337125B6} . (...) -- C:\Program Files (x86)\roockeetdeal\010Y33HxmO8441.dll
O2 - BHO: RocketdEal [64Bits] - {739381D9-0AFD-4ED8-991E-662BA249D1A1} . (...) -- C:\Program Files (x86)\RocketdEal\5FfqkLMk9VrlV8.dll
~ BHO: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{32099AAC-C132-4136-9E9A-4E364A424E17} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{32099AAC-C132-4136-9E9A-4E364A424E17} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [David]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com =>PUP.StartSearch
O4 - GS\TaskBar [David]: Unico Browser.lnk . (...) -- C:\Users\David\AppData\Local\UnicoBrowser\Application\unicobrowser.exe (.not file.) =>PUP.UnicoBrowser
~ Global Startup: 2 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [ASRockXTU] Clé orpheline
O4 - HKCU\..\Run: [zASRockInstantBoot] Clé orpheline
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] . (.Panicware, Inc. - Pop-Up Stopper Free Edition.) -- C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd. or its subsidiaries - Garmin Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe =>.Garmin Corporation
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] . (.Google Inc. - Google Chrome.) -- C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [IntelSBA] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe
O4 - HKLM\..\Wow6432Node\Run: [NBKeyScan] . (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
O4 - HKLM\..\Wow6432Node\Run: [NPSStartup] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Wow6432Node\Run: [WinCheck] . (...) -- C:\Users\David\AppData\Local\03000200-1428225858-0500-0006-000700080009\bnsp4E32.exe =>PUP.Wincheck
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2978129612-837246721-528179015-1000\..\Run: [ASRockXTU] Clé orpheline
O4 - HKUS\S-1-5-21-2978129612-837246721-528179015-1000\..\Run: [zASRockInstantBoot] Clé orpheline
O4 - HKUS\S-1-5-21-2978129612-837246721-528179015-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-2978129612-837246721-528179015-1000\..\Run: [PopUpStopperFreeEdition] . (.Panicware, Inc. - Pop-Up Stopper Free Edition.) -- C:\Program Files (x86)\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
O4 - HKUS\S-1-5-21-2978129612-837246721-528179015-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2978129612-837246721-528179015-1000\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKUS\S-1-5-21-2978129612-837246721-528179015-1000\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKUS\S-1-5-21-2978129612-837246721-528179015-1000\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd. or its subsidiaries - Garmin Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe =>.Garmin Corporation
O4 - HKUS\S-1-5-21-2978129612-837246721-528179015-1000\..\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] . (.Google Inc. - Google Chrome.) -- C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B60A7BB6-4178-4A3B-8C2F-4BA3FD78A7FA}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B60A7BB6-4178-4A3B-8C2F-4BA3FD78A7FA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B60A7BB6-4178-4A3B-8C2F-4BA3FD78A7FA}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B60A7BB6-4178-4A3B-8C2F-4BA3FD78A7FA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B60A7BB6-4178-4A3B-8C2F-4BA3FD78A7FA}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B60A7BB6-4178-4A3B-8C2F-4BA3FD78A7FA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: TampaModule (891e9dd5) . (...) - c:\Program Files (x86)\TampaModule\TampaModule.dll
O23 - Service: YAC Service (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>PUP.Elex
O23 - Service: ISCT Always Updated Agent (ISCTAgent) . (.Pas de propriétaire - ISCT Agent Application.) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: DNS Service (PenWesController) . (...) - C:\Program Files (x86)\PenWes\DNSService.exe
O23 - Service: Tor Win32 Service (tor) . (...) - C:\Program Files (x86)\Tor\tor.exe
O23 - Service: WinZiper service (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - dsk service.) - C:\Program Files (x86)\WinZipper\winzipersvc.exe =>Adware.D365
~ Services: 23 Legitimates Filtered in 00mn 03s



---\\ Tâches planifiées en automatique (O39)
[MD5.2534CEBBDE0BBFB2146E3A9022497C51] [APT] [GarminUpdaterTask] (...) -- C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [25944]
[MD5.60F348942A3D537DBF9FB5B59DDE23CC] [APT] [PenWes] (...) -- C:\Program Files (x86)\PenWes\dnshelper.exe [982016]
[MD5.00000000000000000000000000000000] [APT] [Run_Browser] (...) -- C:\Users\David\AppData\Local\UnicoBrowser\Application\unicobrowser.exe (.not file.) [0] =>PUP.UnicoBrowser
[MD5.7F80234141850FB181A3DC6D3582425C] [APT] [StPrsSW] (...) -- C:\Users\David\AppData\Roaming\StPrsSW\stprss.exe [14336]
[MD5.00000000000000000000000000000000] [APT] [{7AA8577C-11FA-47FD-B37F-61EAA88269C6}] (...) -- C:\Program Files (x86)\Adobe\Adobe Photoshop CS5 Portable\Adobe Photoshop CS5.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DD21E6D6-A331-47D9-BA7B-0D4C757321DC}] (...) -- C:\Users\David\Downloads\vdownloader_vdownloader_3.9.1195_open_candy_anglais_38422.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2978129612-837246721-528179015-1000Core [1026]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2978129612-837246721-528179015-1000UA [1078]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon [830]
O39 - APT: APT: - (..) -- C:\Windows\System32\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon [830] - (..) -- C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d [832]
~ Scheduled Task: 26 Legitimates Filtered in 00mn 03s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (iSafeKrnl) . (.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys =>PUP.Elex
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys =>PUP.Elex
O41 - Driver: (iSafeKrnlMon) . (.Elex do Brasil Participações Ltda - YAC Monitor Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys =>PUP.Elex
O41 - Driver: (iSafeKrnlR3) . (.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys =>PUP.Elex
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys =>PUP.Elex
O41 - Driver: (uclzbfhy) . (. - .) - C:\Windows\system32\drivers\uclzbfhy.sys (.not file.)
~ Drivers: 84 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Ambient Aurea - (."".) [HKLM][64Bits] -- {1E38F0E0-5499-CDAF-F946-BA3D053AABC2}
O42 - Logiciel: Anti virus et publicités sur Internet [11355] - (...) [HKLM][64Bits] -- Penwes
O42 - Logiciel: Cloudy for Gmail - (."".) [HKLM][64Bits] -- {144AC25F-D7A7-B233-BFB8-433771ECB92D}
O42 - Logiciel: Mainframe Page Layout - (.Mainframe Page Layout.) [HKLM][64Bits] -- wincheck =>PUP.Wincheck
O42 - Logiciel: Saleprizes - (."".) [HKLM][64Bits] -- {450F78BE-2B5E-C81D-0656-897759985405}
O42 - Logiciel: TampaModule - (.Software Publisher.) [HKLM][64Bits] -- {12DA0E6F-5543-440C-BAA2-28BF01070AFA}{891e9dd5} =>Adware.Graftor
O42 - Logiciel: Vittalia Installer - (.TELECHARGERS.net.) [HKLM][64Bits] -- Vittalia =>PUP.Vittalia
O42 - Logiciel: WebAdSystem - (.KalityWeb.) [HKLM][64Bits] -- {AF59773E-3245-46A3-B418-DD84AB6C3C50} =>Adware.WebAdSystem
O42 - Logiciel: YAC(Yet Another Cleaner!) - (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM][64Bits] -- iSafe =>PUP.Elex
O42 - Logiciel: Yontoo 2.052 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} =>Adware.Yontoo
O42 - Logiciel: bRowseandshop - (."".) [HKLM][64Bits] -- {B54A674B-5B6E-A4E6-4E71-FB7182E9D18F}
O42 - Logiciel: bueyfast - (."".) [HKLM][64Bits] -- {78B72F2B-0468-A7AC-ECEE-02C79EC3EF0B}
O42 - Logiciel: ceHaeap4aLol - (."".) [HKLM][64Bits] -- {26453017-2C54-574B-7597-9EA6652686A6}
O42 - Logiciel: roocketdeaul - (."".) [HKLM][64Bits] -- {E0D1F60C-E9D9-15B6-AAE9-066CD1EC25A2}
~ Logic: 37 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\80de8d]
[HKCU\Software\80de8db06ebd48] =>Hijacker.Eazel
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\ArenaHD] =>PUP.CrossRider
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\Browser]
[HKCU\Software\Delta]
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\HighDefAction] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\KalityWeb] =>Adware.WebAdSystem
[HKCU\Software\ShieldBt]
[HKCU\Software\Super Optimizer] =>PUP.SuperOptimizer
[HKCU\Software\Tutorials] =>PUP.AgenceExclusive
[HKCU\Software\V9]
[HKCU\Software\YorkNewCin] =>PUP.CrossRider
[HKLM\Software\ArenaHD] =>PUP.CrossRider
[HKLM\Software\HighDefAction] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\80de8db06ebd48] =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\ArenaHD] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Clara]
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\Elex-tech] =>PUP.Elex
[HKLM\Software\Wow6432Node\HighDefAction] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\IGS]
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\Wow6432Node\KalityWeb] =>Adware.WebAdSystem
[HKLM\Software\Wow6432Node\ORBTR] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp
[HKLM\Software\Wow6432Node\SpeedBrowser] =>PUP.SpeedBrowser
[HKLM\Software\Wow6432Node\V9]
[HKLM\Software\Wow6432Node\YorkNewCin] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\deskSvc] =>Hijacker.22Find
[HKLM\Software\Wow6432Node\eSafeSecControl] =>PUP.eSafeSecurity
[HKLM\Software\YorkNewCin] =>PUP.CrossRider
~ Key Software: 399 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/05/2015 - 18:56:04 - [] ----D C:\Program Files (x86)\Ambient Aurea
O43 - CFD: 14/04/2015 - 19:53:48 - [0] ----D C:\Program Files (x86)\Assets Manager =>PUP.SystemK
O43 - CFD: 06/06/2015 - 17:58:40 - [] ----D C:\Program Files (x86)\browseandsHop
O43 - CFD: 04/05/2015 - 16:33:27 - [] ----D C:\Program Files (x86)\bueyfast
O43 - CFD: 24/05/2015 - 18:56:13 - [] ----D C:\Program Files (x86)\ceHaeap4aLol
O43 - CFD: 04/05/2015 - 16:34:25 - [] ----D C:\Program Files (x86)\Cloudy for Gmail
O43 - CFD: 01/04/2015 - 19:52:41 - [] ----D C:\Program Files (x86)\Convertisseur YouTube
O43 - CFD: 26/04/2013 - 23:55:29 - [] ----D C:\Program Files (x86)\Delta
O43 - CFD: 05/05/2015 - 19:26:59 - [] ----D C:\Program Files (x86)\Elex-tech =>PUP.Elex
O43 - CFD: 30/04/2013 - 19:52:24 - [] ----D C:\Program Files (x86)\Iminent =>Adware.IMBooster
O43 - CFD: 08/04/2015 - 19:29:13 - [] ----D C:\Program Files (x86)\PenWes
O43 - CFD: 15/06/2015 - 16:11:09 - [] ----D C:\Program Files (x86)\RocketdEal
O43 - CFD: 06/06/2015 - 19:09:07 - [] ----D C:\Program Files (x86)\roickketdeal
O43 - CFD: 15/06/2015 - 16:10:58 - [] ----D C:\Program Files (x86)\roockeetdeal
O43 - CFD: 15/06/2015 - 16:11:14 - [] ----D C:\Program Files (x86)\roocketdeaul
O43 - CFD: 06/06/2015 - 19:09:07 - [] ----D C:\Program Files (x86)\Saleprizes
O43 - CFD: 15/06/2015 - 16:10:43 - [] ----D C:\Program Files (x86)\Textverter for RussianEnglish keyboard
O43 - CFD: 06/05/2013 - 18:45:01 - [] ----D C:\Program Files (x86)\Vittalia =>PUP.Vittalia
O43 - CFD: 14/04/2015 - 19:48:13 - [0] ----D C:\Program Files (x86)\Common Files\337 =>Hijacker.22Find
O43 - CFD: 15/06/2015 - 16:11:19 - [] ----D C:\ProgramData\13085661328469624040
O43 - CFD: 14/04/2015 - 19:46:04 - [0] ----D C:\ProgramData\4e88125930c74e2aa1d5089ca830e1cf
O43 - CFD: 26/04/2013 - 23:55:18 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 04/05/2015 - 07:39:15 - [0] ----D C:\ProgramData\bc9d387000006597
O43 - CFD: 14/04/2015 - 19:48:56 - [0] ----D C:\ProgramData\BitGuard =>PUP.BitGuard
O43 - CFD: 26/06/2015 - 17:34:45 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 08/04/2015 - 19:29:10 - [] ----D C:\ProgramData\Browser
O43 - CFD: 26/04/2015 - 09:07:57 - [0] ----D C:\ProgramData\d0be8b8e00005e7e
O43 - CFD: 11/04/2015 - 12:08:57 - [] ----D C:\ProgramData\ea13102e9eb04ca8847b00834ba06e8e
O43 - CFD: 14/04/2015 - 19:47:29 - [] ----D C:\ProgramData\eSafe =>PUP.eSafeSecurity
O43 - CFD: 27/04/2015 - 07:03:58 - [] ----D C:\ProgramData\Penwes
O43 - CFD: 07/04/2015 - 09:09:37 - [0] ----D C:\ProgramData\T122078ED
O43 - CFD: 30/04/2013 - 18:33:11 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 14/04/2015 - 19:53:34 - [] ----D C:\ProgramData\ZHAXlYL
O43 - CFD: 14/04/2015 - 19:46:04 - [] ----D C:\ProgramData\{54dba1f1-791c-9d22-54db-ba1f179187c5}
O43 - CFD: 18/04/2015 - 20:21:14 - [] ----D C:\ProgramData\{b0411164-9c3c-9abd-b041-111649c34592}
O43 - CFD: 19/09/2013 - 22:21:58 - [] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 01/04/2015 - 19:19:55 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 08/04/2015 - 19:07:00 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convertisseur YouTube
O43 - CFD: 04/05/2015 - 16:45:46 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes audio
O43 - CFD: 30/05/2013 - 22:00:15 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RUGBY Down HD
O43 - CFD: 08/04/2015 - 19:07:00 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RUGBY Downloader HD
O43 - CFD: 12/04/2011 - 11:27:52 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 23/05/2015 - 09:14:18 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
O43 - CFD: 14/04/2015 - 19:48:29 - [] ----D C:\Users\David\AppData\Roaming\BabSolution =>Hijacker.BabSolution
O43 - CFD: 26/04/2013 - 23:55:18 - [] ----D C:\Users\David\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 01/04/2015 - 19:56:46 - [] ----D C:\Users\David\AppData\Roaming\Convertisseur YouTube
O43 - CFD: 06/05/2013 - 15:55:29 - [] ----D C:\Users\David\AppData\Roaming\eIntaller
O43 - CFD: 05/05/2015 - 19:26:59 - [] ----D C:\Users\David\AppData\Roaming\Elex-tech =>PUP.Elex
O43 - CFD: 08/04/2015 - 19:26:04 - [] ----D C:\Users\David\AppData\Roaming\RHEng =>PUP.Conduit
O43 - CFD: 08/04/2015 - 19:26:04 - [] ----D C:\Users\David\AppData\Roaming\StPrsSW
O43 - CFD: 08/04/2015 - 19:29:08 - [] ----D C:\Users\David\AppData\Local\03000200-1428225858-0500-0006-000700080009
O43 - CFD: 10/04/2015 - 20:16:12 - [] ----D C:\Users\David\AppData\Local\Boxore =>Adware.Boxore
O43 - CFD: 14/04/2015 - 10:53:49 - [] ----D C:\Users\David\AppData\Local\delta
O43 - CFD: 14/11/2014 - 17:52:16 - [] -SH-D C:\Users\David\AppData\Local\EmieBrowserModeList
O43 - CFD: 14/04/2015 - 19:48:38 - [0] ----D C:\Users\David\AppData\Local\KalityWeb =>Adware.WebAdSystem
O43 - CFD: 14/04/2015 - 11:53:42 - [] ----D C:\Users\David\AppData\Local\RtbSync
O43 - CFD: 14/04/2015 - 10:53:40 - [] ----D C:\Users\David\AppData\Local\ShdUpdate
O43 - CFD: 09/06/2013 - 09:55:01 - [] ----D C:\Users\David\AppData\Local\{17B9C6E5-9ABA-4153-B1DF-F963B3449BCD}
O43 - CFD: 01/10/2013 - 15:46:28 - [] ----D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard
O43 - CFD: 08/02/2014 - 09:32:14 - [] ----D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
~ 16 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 302 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7CA09731EB7FC99B910C7F239E57720F] - 26/06/2015 - 16:35:31 ---A- . (...) -- C:\Windows\System32\Drivers\WPRO_41_2001.sys [34752]
~ Files: 11 Legitimates Filtered in 00mn 02s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{abf2feef-ae80-11e2-8631-806e6f6e6963}\AutoRun\command. (...) -- D:\ASRSetup.exe (.not file.)
O51 - MPSK:{fee1e9b7-8cd8-11e4-a0dd-bc5ff4691600}\AutoRun\command. (...) -- J:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:10/05/2011 - 15:28:48 ---A- . (.Windows (R) Win 7 DDK provider - ASRock App Charger Driver.) -- C:\Windows\System32\Drivers\AsrAppCharger.sys [17192]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:09/02/2012 - 15:24:14 ---A- . (.Pas de propriétaire - Intel Keyboard Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\ikbevent.sys [25536]
O58 - SDL:09/02/2012 - 15:24:16 ---A- . (.Pas de propriétaire - Intel Mouse Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\imsevent.sys [25536]
O58 - SDL:04/05/2015 - 10:21:09 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [53568] =>PUP.Elex
O58 - SDL:17/04/2015 - 03:43:55 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [52392] =>PUP.Elex
O58 - SDL:09/02/2012 - 15:24:16 ---A- . (.Pas de propriétaire - ISCT and IFFS Driver.) -- C:\Windows\System32\Drivers\ISCTD64.sys [44992]
O58 - SDL:17/05/2011 - 15:44:46 ---A- . (.http://libusb-win32.sourceforge.net - LibUSB-Win32 - Kernel Driver.) -- C:\Windows\System32\Drivers\libusb0.sys [44480]
O58 - SDL:14/04/2015 - 18:52:47 ---A- . (...) -- C:\Windows\System32\Drivers\SPPD.sys [21976]
O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [508472]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:22/01/2014 - 07:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [206080]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:14/06/2010 - 08:32:54 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
O58 - SDL:26/06/2015 - 16:35:31 ---A- . (...) -- C:\Windows\System32\Drivers\WPRO_41_2001.sys [34752]
O58 - SDL:25/10/2007 - 16:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632]
O58 - SDL:14/06/2010 - 08:32:54 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
~ Drivers: 77 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 04/05/2015 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - LEGACY_ISAFEKRNL =>PUP.Elex
O64 - Services: CurCS - 04/05/2015 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys (iSafeKrnlKit) .(.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - LEGACY_ISAFEKRNLKIT =>PUP.Elex
O64 - Services: CurCS - 04/05/2015 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys (iSafeKrnlMon) .(.Elex do Brasil Participações Ltda - YAC Monitor Driver.) - LEGACY_ISAFEKRNLMON =>PUP.Elex
O64 - Services: CurCS - 04/05/2015 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys (iSafeKrnlR3) .(.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - LEGACY_ISAFEKRNLR3 =>PUP.Elex
O64 - Services: CurCS - 17/04/2015 - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER =>PUP.Elex
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 26/06/2015 - C:\Windows\System32\drivers\WPRO_41_2001.sys (WPRO_41_2001) .(...) - LEGACY_WPRO_41_2001
~ Legacy: 82 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Yahoo) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {425ED333-6083-428a-92C9-0CFC28B9D1BF} [DefaultScope] - (V9) - http://www.v9.com =>PUP.V9Software
O69 - SBI: SearchScopes [HKCU] {4FCC8FDB-90CD-4cd3-9078-3E0FCD7B9618} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Goo) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} - (DAEMON Search) - http://www.daemon-search.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.1AB565CCC0DBB7F03E4715A098F72453] [SPRF][26/04/2013] (...) -- C:\ProgramData\NTUser.dat [262144]
[MD5.FBCE04D7415CC232C30E08BAEF70DEA6] [SPRF][24/06/2015] (...) -- C:\Users\David\AppData\Roaming\appdataFr25.bin [24]
[MD5.C57B6ECBF01B147F6F27E489B7AFD602] [SPRF][12/05/2015] (...) -- C:\Users\David\AppData\Roaming\appdataFr3.bin [20]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection Rogue (SRI) (O86)
O43 - CFD: 14/04/2015 - 19:46:04 - [0] ----D C:\ProgramData\4e88125930c74e2aa1d5089ca830e1cf
O43 - CFD: 11/04/2015 - 12:08:57 - [] ----D C:\ProgramData\ea13102e9eb04ca8847b00834ba06e8e
~ Files: Scanned in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "6295B0BED1247E64BAC2747CDBFE9F6D" . (.pdfforge Toolbar v11.3.) -- C:\Windows\Installer\{EB0B5926-421D-46E7-AB2C-47C7BDEFF9D6}\ARPPRODUCTICON.exe =>PUP.Dealio
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\80de8db06ebd48\2.6.1339.144\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\80de8db06ebd48\2.6.1519.190\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\80de8db06ebd48\2.6.1673.238\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\80de8db06ebd48\2.6.1694.246\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:version="2.6.1249.132" =>Hijacker.Eazel
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version="2.6.1339.144" =>Hijacker.Eazel
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:version="2.6.1519.190" =>Hijacker.Eazel
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:exeName="BitGuard.exe" =>PUP.BitGuard
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:folderName="BitGuard" =>PUP.BitGuard
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:serviceName="BitGuard" =>PUP.BitGuard
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:version="2.6.1673.238" =>Hijacker.Eazel
[HKCU\Software\80de8db06ebd48]:version="2.6.1694.246" =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:060df2cd="blAu/YP/c/Am/XJ/blAg/B2/axAu/YP////%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:0c230bcb="///%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:0dc3ee96="/P////%%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:0e93c3f3="///%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:1520c6f1="V/////%%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:1c311243="blAu/YP/c/Am/XJ/blAg/B2/alAf/Xb////%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:27ddcf6f="///%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:2d71d5ab="V/////%%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:2e22d94e="///%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:340d3099="/P////%%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:37b7a6d8="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:38583bc3="Ml/2/CF/M//g/CZ////%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:3c09c42b="///%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:414bc593="///%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:48bd1aff="V/////%%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:51d2f2ea="K/Ay/Xh/b/Ay/Dh/alAt/YJ/a/Au////"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:587b5709="V/////%%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:6185d035="Vx/2/Cx/V//l////"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:65114b36="VP/l////"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:72758a5d="///%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:7367429f="///%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:7f69fa1f="///%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:8b9e4cbc="V/////%%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:a0743acc="N/////%%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:a1dcff5b="V/////%%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:a2e3b941="///%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:bbf88800="///%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:c24899a6="Vl/3/CJ/MP/g/CZ////%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:c5705860="Vx////%%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:c6c5dd44="V/////%%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:c99a5f5c="///%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:d1abcdb6="///%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:d94388d2="blAu/YP/c/Am/XJ/blAg/B2/alAf/Xb////%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:e46c271e="///%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:e8f9dcc7="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:f0bf0bde="///%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:f1f24e29="Vl/l/C/////%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:f2c53c49="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:f6ad6fa6="V/////%%"
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53\40892399012892735\eae10f9d]:fe94ce1e="V/////%%"
[HKLM\Software\Wow6432Node\80de8db06ebd48]:version="2.6.1694.246" =>Hijacker.Eazel
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASAPI32 =>PUP.StormWatch
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASMANCS =>PUP.StormWatch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASAPI32 =>Hijacker.BabSolution
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASMANCS =>Hijacker.BabSolution
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\delta-homes_RASAPI32 =>Hijacker.DeltaHomes
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\delta-homes_RASMANCS =>Hijacker.DeltaHomes
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\desk365_RASAPI32 =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\desk365_RASMANCS =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASAPI32 =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASMANCS =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_2203-bd84cda8_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_2203-bd84cda8_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\netengine_RASAPI32 =>PUP.NetEngine
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\netengine_RASMANCS =>PUP.NetEngine
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OCBrowserHelper_1_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OCBrowserHelper_1_RASMANCS =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASAPI32 =>PUP.Dealio
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASMANCS =>PUP.Dealio
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\portaldosites_2404_clean-7185bb28_RASAPI32 =>Hijacker.PortaldoSites
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\portaldosites_2404_clean-7185bb28_RASMANCS =>Hijacker.PortaldoSites
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASAPI32 =>Adware.SearchSettings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASMANCS =>Adware.SearchSettings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\softwareupdater_RASAPI32 =>PUP.Eorezo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\softwareupdater_RASMANCS =>PUP.Eorezo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\winzipersvc_RASAPI32 =>Adware.D365
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\winzipersvc_RASMANCS =>Adware.D365
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS =>Adware.Yontoo
~ BTK: 290 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}] (pdfforge Toolbar) =>PUP.Dealio
~ BCK: 4768 Legitimates Filtered in 00mn 06s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 24/06/2015 268976 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 20/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 20/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/02/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 04/05/2015 2354176 | (891e9dd5) . (...) - c:\Program Files (x86)\TampaModule\TampaModule.dll
SR - | Auto 12/06/2015 82112 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 26/08/2013 101888 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SR - | Auto 26/08/2013 9216 | (FreemakeVideoCapture) . (.Ellora Assets Corp..) - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
SR - | Auto 21/05/2015 717768 | (Garmin Device Interaction Service) . (.Garmin Ltd. or its subsidiaries.) - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
SR - | Auto 30/05/2012 13632 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 02/02/2012 628448 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 07/02/2012 128280 | (Intel(R) ME Service) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 27/02/2012 49376 | (Intel(R) Small Business Advantage) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
SR - | Auto 04/05/2015 118048 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>PUP.Elex
SR - | Auto 09/02/2012 133632 | (ISCTAgent) . (...) - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
SR - | Auto 07/02/2012 161560 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 07/02/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 30/04/2015 23816 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 18/02/2008 877864 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
SR - | Auto 23/10/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 27/10/2013 1364256 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 16/09/2014 1655808 | (PenWesController) . (...) - C:\Program Files (x86)\PenWes\DNSService.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\SysWOW64\IoctlSvc.exe
SR - | Auto 23/10/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 31/08/2013 3233806 | (tor) . (...) - C:\Program Files (x86)\Tor\tor.exe
SR - | Auto 07/02/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 04/05/2015 426160 | (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files (x86)\WinZipper\winzipersvc.exe =>Adware.D365
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 07s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [508472]
~ Emulateurs: Scanned in 00mn 07s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (16/06/2015)
Clés trouvées (Keys found) : 177
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 23
Fichiers trouvés (Files found) : 29

[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService] =>PUP.Elex^
[HKLM\SYSTEM\CurrentControlSet\Services\winzipersvc] =>Adware.D365^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\wincheck] =>PUP.Wincheck^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{891e9dd5}] =>Adware.Graftor^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vittalia] =>PUP.Vittalia^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AF59773E-3245-46A3-B418-DD84AB6C3C50}] =>Adware.WebAdSystem^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe] =>PUP.Elex^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo^
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Prod.cap] =>PUP.ClaroSearch
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\KalityWeb] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\KalityWeb] =>Toolbar.Agent
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\secman.DLL] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9] =>PUP.Dealio
[HKLM\Software\Wow6432Node\eSafeSecControl] =>PUP.eSafeSecurity
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}] =>Toolbar.Freemake
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}] =>Toolbar.Freemake
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}] =>Toolbar.Freemake
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKCU\Software\usyndication.com] =>Trojan.USyndication
[HKLM\Software\Wow6432Node\portaldositesSoftware] =>Hijacker.PortaldoSites
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc] =>PUP.eSafeSecurity
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{B922D405-6D13-4A2B-AE89-08A030DA4402} =>PUP.Dealio^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:WinCheck =>PUP.Wincheck^
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{32099aac-c132-4136-9e9a-4e364a424e17} =>Toolbar.DaemonTools
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{32099aac-c132-4136-9e9a-4e364a424e17} =>Toolbar.DaemonTools
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{B922D405-6D13-4A2B-AE89-08A030DA4402} =>PUP.Dealio
C:\Program Files (x86)\Assets Manager =>PUP.SystemK^
C:\Program Files (x86)\Elex-tech =>PUP.Elex^
C:\Program Files (x86)\Iminent =>Adware.IMBooster^
C:\Program Files (x86)\Vittalia =>PUP.Vittalia^
C:\Program Files (x86)\Common Files\337 =>Hijacker.22Find^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\BitGuard =>PUP.BitGuard^
C:\ProgramData\eSafe =>PUP.eSafeSecurity^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\Users\David\AppData\Roaming\BabSolution =>Hijacker.BabSolution^
C:\Users\David\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\David\AppData\Roaming\Elex-tech =>PUP.Elex^
C:\Users\David\AppData\Roaming\RHEng =>PUP.Conduit^
C:\Users\David\AppData\Local\Boxore =>Adware.Boxore^
C:\Users\David\AppData\Local\KalityWeb =>Adware.WebAdSystem^
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard =>PUP.BitGuard^
C:\Program Files (x86)\Application Updater =>PUP.Dealio
C:\Program Files (x86)\DAEMON Tools Toolbar =>Toolbar.Agent
C:\Program Files (x86)\pdfforge Toolbar =>Toolbar.Agent
C:\Program Files (x86)\Software =>Adware.Boxore
C:\Program Files (x86)\Optimizer Pro =>PUP.OptimizerPro
C:\Users\David\AppData\Roaming\eIntaller =>PUP.eSafeSecurity
C:\Users\David\AppData\Local\Software =>Adware.Boxore
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\r1jogmt7.default-1399481810494\Extensions\pdfforge@mybrowserbar.com =>Toolbar.Agent
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>PUP.Elex^
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe =>PUP.Elex^
C:\Program Files (x86)\WinZipper\winzipersvc.exe =>Adware.D365^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCU\Software\ArenaHD] =>PUP.CrossRider^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKCU\Software\HighDefAction] =>PUP.CrossRider^
[HKCU\Software\Super Optimizer] =>PUP.SuperOptimizer^
[HKCU\Software\YorkNewCin] =>PUP.CrossRider^
[HKLM\Software\ArenaHD] =>PUP.CrossRider^
[HKLM\Software\HighDefAction] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\161c9fc9-6a0a-bc3b-1b09-689614815f53] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\ArenaHD] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^
[HKLM\Software\Wow6432Node\Elex-tech] =>PUP.Elex^
[HKLM\Software\Wow6432Node\HighDefAction] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\ORBTR] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp^
[HKLM\Software\Wow6432Node\SpeedBrowser] =>PUP.SpeedBrowser^
[HKLM\Software\Wow6432Node\YorkNewCin] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\deskSvc] =>Hijacker.22Find^
[HKLM\Software\YorkNewCin] =>PUP.CrossRider^
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\80de8db06ebd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1673.238]:dllName="BitGuard.dll" =>PUP.BitGuard^
[HKCR\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}] (pdfforge Toolbar) =>PUP.Dealio^
~ Additionnel Scan: 263831 Items scanned in 01mn 37s



---\\ Informations complémentaires sur les modules
~ http://www.nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://www.nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://www.nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://www.nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://www.nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/pup-elex =>PUP.Elex
http://www.nicolascoolman.fr/blog/ =>Adware.D365
http://www.nicolascoolman.fr/27881234-adware-widgitoolbar =>Adware.WidgiToolbar
http://www.nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://www.nicolascoolman.fr/hijacker-portaldosites =>Hijacker.PortaldoSites
http://www.nicolascoolman.fr/pup-dealio =>PUP.Dealio
http://www.nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
http://www.nicolascoolman.fr/blog/ =>PUP.UnicoBrowser
http://www.nicolascoolman.fr/blog/ =>PUP.Wincheck
http://www.nicolascoolman.fr/blog/ =>Adware.Graftor
http://www.nicolascoolman.fr/pup-vittalia =>PUP.Vittalia
http://www.nicolascoolman.fr/adware-webadsystem =>Adware.WebAdSystem
http://www.nicolascoolman.fr/adware-yontoo =>Adware.Yontoo
http://www.nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://www.nicolascoolman.fr/pup-anyprotect =>PUP.AnyProtect
http://www.nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://www.nicolascoolman.fr/hijacker-babsolution =>Hijacker.BabSolution
http://www.nicolascoolman.fr/adware-boxore =>Adware.Boxore
http://www.nicolascoolman.fr/pup-filescout =>PUP.FileScout
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://www.nicolascoolman.fr/blog/ =>PUP.SuperOptimizer
http://www.nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://www.nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://www.nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://www.nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://www.nicolascoolman.fr/rogue-pcspeedup =>Rogue.PCSpeedUp
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedBrowser
http://www.nicolascoolman.fr/hijacker-22find =>Hijacker.22Find
http://www.nicolascoolman.fr/pup-esafesecurity =>PUP.eSafeSecurity
http://www.nicolascoolman.fr/pup-systemk =>PUP.SystemK
http://www.nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://www.nicolascoolman.fr/pup-bitguard =>PUP.BitGuard
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://www.nicolascoolman.fr/blog/ =>PUP.StormWatch
http://www.nicolascoolman.fr/blog/ =>Hijacker.DeltaHomes
http://www.nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy
http://www.nicolascoolman.fr/blog/ =>PUP.NetEngine
http://www.nicolascoolman.fr/adware-searchsettings =>Adware.SearchSettings
http://www.nicolascoolman.fr/pup-eorezo =>PUP.Eorezo
http://www.nicolascoolman.fr/pup-wajam =>PUP.Wajam
http://www.nicolascoolman.fr/adware-recordnrip =>Adware.RecordNRip
http://www.nicolascoolman.fr/pup-rewardsarcade =>PUP.RewardsArcade
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
http://www.nicolascoolman.fr/pup-whitesmoke =>PUP.Whitesmoke
http://www.nicolascoolman.fr/pup-clarosearch =>PUP.ClaroSearch
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://www.nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://www.nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://www.nicolascoolman.fr/pup-funmoods =>PUP.Funmoods
http://www.nicolascoolman.fr/blog/ =>Toolbar.Freemake
http://www.nicolascoolman.fr/trojan-usyndication =>Trojan.USyndication
http://www.nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://www.nicolascoolman.fr/blog/ =>Toolbar.DaemonTools
~ MSI: 53 link(s) detected in 00mn 00s



~ 1007 Legitimates filtered by white list
End of the scan (1035 lines in 02mn 33s)(0.10)

Publicité


Signaler le contenu de ce document

Publicité