cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.5.31.53 - Nicolas Coolman (31/05/2015)
~ Lancé par Remy (1/06/2015 15:52:14)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17420
MFIE: Mozilla Firefox 38.0.1
GCIE: Google Chrome v43.0.2357.81 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 6P6GT
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Norton Internet Security v21.7.0.11
Windows Defender W7 (Deactivate)

---\\ Logiciels d'optimisation du système
CCleaner v4.06

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI

---\\ Informations sur le système
~ Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2810 MB (29% free)
System Restore: Activé (Enable)
System drive C: has 82 GB (69%) free of 117 GB

---\\ Mode de connexion au système
~ Computer Name: REMY-PC
~ User Name: Remy
~ All Users Names: Remy, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Remy\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Remy\AppData\Roaming\
~ %Desktop% : C:\Users\Remy\Desktop\
~ %Favorites% : C:\Users\Remy\Favorites\
~ %LocalAppData% : C:\Users\Remy\AppData\Local\
~ %StartMenu% : C:\Users\Remy\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 82 Go of 117 Go)
D: Hard drive, Flash drive, Thumb drive (Free 151 Go of 181 Go)
O: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Explorateur Windows.) (.21/11/2010 - 04:24:11.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.6FC2819A4F80AAB2DADEDFC1EFEE3C3F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.6/11/2014 - 03:17:24.) -- C:\Windows\System32\wininet.dll [2365440]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 03:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 04:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 02s



---\\ Etat des fichiers cachés (Caché/Total)
Mes images (My Pictures) : 2/2 (Modified)
~ Mes musiques (My Musics) : 1/33
~ Mes Videos (My Videos) : 2/3
~ Mes Documents (My Documents) : 1/30
~ Mon Bureau (My Desktop) : 0/784
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 04s



---\\ Processus lancés
[MD5.0B9296AC65C6F3F32E3337490F4BEC67] - (.Symantec Corporation - Norton Internet Security.) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336] [PID.964]
[MD5.265EDDB526D442292FECFFB5B10BA41D] - (...) -- C:\Users\Remy\AppData\Local\gmsd_be_212\upgmsd_be_212.exe [3285448] [PID.3728]
[MD5.B68A736C8BD8B448DAF65FB946D57F58] - (...) -- C:\Users\Remy\AppData\Roaming\cacaoweb\cacaoweb.exe [500528] [PID.4308] =>PUP.CacaoWeb
[MD5.08DDBF4A23DE9FFC0E237DCD20393A01] - (.Amolto - Amolto Call Recorder for Skype.) -- C:\Program Files (x86)\Amolto Call Recorder for Skype\AmoltoRecorder.exe [11940488] [PID.4328]
[MD5.7ED4772FE3CBA02E4B91140C9BD29452] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [31283328] [PID.4336]
[MD5.8226F3C7ADA7E82E1F3673AEE516FF25] - (.Overwolf LTD - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe [41200] [PID.4360]
[MD5.E57E2B81EF0463738007CF89664F78CD] - (.Skillbrains - Lightshot.) -- C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe [477184] [PID.4448] =>PUP.SkillBrains
[MD5.7CDEAF14BB302E1E57876E1B85E36B27] - (...) -- C:\Program Files (x86)\gmsd_be_212\gmsd_be_212.exe [3979944] [PID.3728]
[MD5.8EFCAC04EA71727EE22260E326FB8DEC] - (.Overwolf LTD - Overwolf Helper.) -- C:\Program Files (x86)\Common Files\Overwolf\0.85.190.0\OverwolfHelper.exe [78064] [PID.1824]
[MD5.C4EF32C1C0473392EF4204890AF8E457] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896] [PID.388]
[MD5.F3198BA5BA8CC86D3F2DEA8C2ACA7385] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8212992] [PID.6024]
[MD5.2870CE9BFD6BA66FB0FFC6D11C9E41A7] - (.Arcai.com - Arp Intelligent Protection Service.) -- C:\Program Files (x86)\netcut\services\AIPS.exe [262144] [PID.1088]
[MD5.FECA9F830A5C6BAB9978E6781A26AE2B] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816] [PID.1860]
[MD5.5B33709F7FE59BB625F113EED86AFC5C] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672] [PID.1904]
[MD5.6EC042A004268B3EA2FB96D939303095] - (.TeamViewer GmbH - TeamViewer 10.) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792] [PID.2460]
[MD5.23E65CFFB215D4A2A3DCA8E8A0017E5B] - (.CyberGhost S.R.L - CyberGhost VPN Service.) -- C:\Program Files\CyberGhost 5\Service.exe [63968] [PID.1780]
~ Processes Running: Scanned in 00mn 04s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Remy\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Remy\AppData\Roaming\Mozilla\Firefox\Profiles\d7qxodck.default\prefs.js
C:\Users\Remy\AppData\Roaming\Mozilla\Firefox\Profiles\d7qxodck.default\user.js
M3 - MFPP: Plugins - [Remy] -- C:\Users\Remy\AppData\Roaming\Mozilla\Firefox\Profiles\d7qxodck.default\searchplugins\Ask.xml
M3 - MFPP: Plugins - [Remy] -- C:\Users\Remy\AppData\Roaming\Mozilla\Firefox\Profiles\d7qxodck.default\searchplugins\bingp.xml
M3 - MFPP: Plugins - [Remy] -- C:\Users\Remy\AppData\Roaming\Mozilla\Firefox\Profiles\d7qxodck.default\searchplugins\buenosearch.xml =>PUP.BuenoSearch
M2 - MFEP: RegExtension {5544A401-3DE8-5130-0859-BDA66FD7D136} . (...) -- C:\Program Files (x86)\ver5Re-markit\178.xpi =>PUP.ReMarkIt
M2 - MFEP: prefs.js [Remy - d7qxodck.default\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.34 (..) =>PUP.CacaoWeb
M2 - MFEP: prefs.js [Remy - d7qxodck.default\{1AE2033C-C518-0D7C-E250-6ABAA6D9F67D}] [] Ask New Tabs v5.0.0.12144 (..) =>Adware.Bandoo
M2 - MFEP: prefs.js [Remy - d7qxodck.default\{d1dac034-9fd9-4c13-a388-d2e10e57707f}] [] Movies Toolbar (Dist. by Bandoo Media, Inc.) v1.8.1.0 (..) =>PUP.MoviesToolbar
M2 - MFEP: Extension [Remy - d7qxodck.default] bingsearch.full@microsoft.com
M2 - MFEP: Extension [Remy - d7qxodck.default] cacaoweb@cacaoweb.org =>PUP.CacaoWeb
M2 - MFEP: Extension [Remy - d7qxodck.default] {1AE2033C-C518-0D7C-E250-6ABAA6D9F67D}
M2 - MFEP: Extension [Remy - d7qxodck.default] {d1dac034-9fd9-4c13-a388-d2e10e57707f}
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\ddg.xml
~ Firefox Browser: 34 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com =>PUP.Istart
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com =>PUP.Istart
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com =>PUP.Istart
~ IE Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (22)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com =>PUP.Istart
O4 - GS\QuickLaunch [Remy]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.Istart
O4 - GS\Program [Remy]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.Istart
O4 - GS\SystemTools [Remy]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.Istart
O4 - GS\Desktop [Remy]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Remy\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 5 Legitimates Filtered in 00mn 07s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [FAHConsole] . (.Nico Mak Computing - File Association Helper.) -- C:\Program Files\File Association Helper\FAHConsole.exe
O4 - HKLM\..\Run: [OODefragTray] . (.O&O Software GmbH - O&O Defrag TrayIcon (x64).) -- C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [18.exe] . (.Wm5n4 - j3GYi05Sf.) -- C:\Users\Remy\AppData\RoamingMicrosoft\System\Services\18.exe
O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\Remy\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Remy\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [AmoltoRecorder] . (.Amolto - Amolto Call Recorder for Skype.) -- C:\Program Files (x86)\Amolto Call Recorder for Skype\AmoltoRecorder.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [CyberGhost] . (.CyberGhost S.R.L. - CyberGhost.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe
O4 - HKCU\..\Run: [Overwolf] . (.Overwolf LTD - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
O4 - HKLM\..\Wow6432Node\Run: [Lightshot] . (.Pas de propriétaire - Starter Module.) -- C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe =>PUP.SkillBrains
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\Cmd.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [gmsd_be_212] . (...) -- C:\Program Files (x86)\gmsd_be_212\gmsd_be_212.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [upgmsd_be_212.exe] . (...) -- C:\Users\Remy\AppData\Local\gmsd_be_212\upgmsd_be_212.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1290245961-2287840350-3966946809-1000\..\Run: [18.exe] . (.Wm5n4 - j3GYi05Sf.) -- C:\Users\Remy\AppData\RoamingMicrosoft\System\Services\18.exe
O4 - HKUS\S-1-5-21-1290245961-2287840350-3966946809-1000\..\Run: [cacaoweb] . (...) -- C:\Users\Remy\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O4 - HKUS\S-1-5-21-1290245961-2287840350-3966946809-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Remy\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1290245961-2287840350-3966946809-1000\..\Run: [AmoltoRecorder] . (.Amolto - Amolto Call Recorder for Skype.) -- C:\Program Files (x86)\Amolto Call Recorder for Skype\AmoltoRecorder.exe
O4 - HKUS\S-1-5-21-1290245961-2287840350-3966946809-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1290245961-2287840350-3966946809-1000\..\Run: [CyberGhost] . (.CyberGhost S.R.L. - CyberGhost.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe
O4 - HKUS\S-1-5-21-1290245961-2287840350-3966946809-1000\..\Run: [Overwolf] . (.Overwolf LTD - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{21E786FB-1878-4AD6-9A91-308D3EABE280}: DhcpNameServer = 109.88.203.3 62.197.111.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF9F3926-E88A-422D-9B26-711110A86FFB}: DhcpNameServer = 109.88.203.3 62.197.111.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{21E786FB-1878-4AD6-9A91-308D3EABE280}: DhcpNameServer = 109.88.203.3 62.197.111.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{DF9F3926-E88A-422D-9B26-711110A86FFB}: DhcpNameServer = 109.88.203.3 62.197.111.140
O17 - HKLM\System\CS2\Services\Tcpip\..\{21E786FB-1878-4AD6-9A91-308D3EABE280}: DhcpNameServer = 109.88.203.3 62.197.111.140
O17 - HKLM\System\CS2\Services\Tcpip\..\{DF9F3926-E88A-422D-9B26-711110A86FFB}: DhcpNameServer = 109.88.203.3 62.197.111.140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.88.203.3 62.197.111.140
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\MOVIES~1\Datamngr\x64\mgrldr.dll (.not file.) =>PUP.Datamngr
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Datamngr Coordinator (DatamngrCoordinator) . (...) - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (.not file.) =>PUP.MoviesToolbar
~ Services: 11 Legitimates Filtered in 00mn 12s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (6)\*) - File not found
O34 - HKLM BootExecute: (O\*) - File not found
O34 - HKLM BootExecute: (OODons\*) - File not found
O34 - HKLM BootExecute: (s\*) - File not found
O34 - HKLM BootExecute: (OOe) - File not found
O34 - HKLM BootExecute: (L) - File not found
O34 - HKLM BootExecute: (OO) - File not found
O34 - HKLM BootExecute: (OODBS) (.O&O Software GmbH - O&O BootTimeDefrag (x64).) -- C:\Windows\System32\OODBS.exe
~ BEX: 9 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [FoxTab] (...) -- C:\Users\Remy\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.exe (.not file.) [0]
[MD5.B4F3E62D206CEC7F558325E54FB97433] [APT] [Overwolf Updater Task] (.Overwolf LTD.) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [999152]
[MD5.3D9C36AEF23B3ECFDFD1375BBF1ACAA7] [APT] [update-S-1-5-21-1290245961-2287840350-3966946809-1000] (...) -- C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [105760] =>PUP.SkillBrains
[MD5.3D9C36AEF23B3ECFDFD1375BBF1ACAA7] [APT] [update-sys] (...) -- C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [105760] =>PUP.SkillBrains
[MD5.00000000000000000000000000000000] [APT] [{254C0214-1BD0-494F-869F-A66CE4CD5F88}] (...) -- C:\Users\Remy\Documents\Downloads\trilogyi.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{33F6C2B9-46D8-4B98-83AB-CC48B95051C0}] (...) -- C:\Users\Remy\AppData\Roaming\istartsurf\UninstallManager.exe (.not file.) [0] =>PUP.Istart
[MD5.00000000000000000000000000000000] [APT] [{37FC737A-DE65-471A-BB94-6FA816B4AF42}] (...) -- C:\Users\Remy\Documents\Downloads\pulsingcolorsviz.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3B38DBA3-25CB-4618-8664-A7F64986BAB1}] (...) -- C:\Users\Remy\Documents\Downloads\blazingcolorsviz.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{84158B8A-EA4A-497A-8497-101D08088F71}] (...) -- C:\Users\Remy\Desktop\Virus (1)\Downloads\cain20.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CA9EBEDC-EDD8-4D91-A5AB-0923E210722E}] (...) -- E:\Remy\sp55063.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DFD2CC0D-07A7-4394-A606-F8DCDEF82940}] (...) -- C:\Program Files (x86)\RocketDock\unins000.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F364397A-657C-439E-8D8A-D1B6AE0708AF}] (...) -- C:\Users\Remy\Desktop\Virus (1)\Downloads\windows-live-movie-maker_16-4-3528-0331_fr_295896.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FF8A7268-991A-43F5-910A-86501579D420}] (...) -- C:\Users\Remy\Desktop\Virus (1)\Downloads\cain20 (2).exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\Tasks\Bidaily Synchronize Task[3c32].job [338] =>PUP.BidailySync
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Bidaily Synchronize Task[3c32] [338] =>PUP.BidailySync
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1290245961-2287840350-3966946809-1000Core [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1290245961-2287840350-3966946809-1000UA [924]
O39 - APT: FoxTab - (...) -- C:\Windows\Tasks\FoxTab.job [284]
O39 - APT: FoxTab - (...) -- C:\Windows\System32\Tasks\FoxTab [284]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: update-S-1-5-21-1290245961-2287840350-3966946809-1000 - (...) -- C:\Windows\Tasks\update-S-1-5-21-1290245961-2287840350-3966946809-1000.job [386]
O39 - APT: update-S-1-5-21-1290245961-2287840350-3966946809-1000 - (...) -- C:\Windows\System32\Tasks\update-S-1-5-21-1290245961-2287840350-3966946809-1000 [386]
O39 - APT: update-sys - (...) -- C:\Windows\Tasks\update-sys.job [386]
O39 - APT: update-sys - (...) -- C:\Windows\System32\Tasks\update-sys [386]
~ Scheduled Task: 35 Legitimates Filtered in 00mn 11s



---\\ Logiciels installés (O42)
O42 - Logiciel: Lost In Space version 1.0 - (.RainbowJoystick.com.) [HKLM][64Bits] -- {A75A0870-2EAB-4B6C-AC2C-2BA64C326CAC}_is1
~ Logic: 19 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Amolto]
[HKCU\Software\BatBrowse] =>PUP.BatBrowse
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstallPath]
[HKCU\Software\Popajar] =>Toolbar.Conduit
[HKCU\Software\SmileysWeLove] =>Adware.SmileyBar
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Tutorials] =>PUP.AgenceExclusive
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\iLivid] =>Adware.Bandoo
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Wow6432Node\BatBrowse] =>PUP.BatBrowse
[HKLM\Software\Wow6432Node\Client]
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
~ Key Software: 268 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 23/11/2014 - 16:55:50 - [] ----D C:\Program Files (x86)\0ca45c95134d
O43 - CFD: 27/04/2015 - 21:41:47 - [] ----D C:\Program Files (x86)\BatBrowse =>PUP.BatBrowse
O43 - CFD: 7/02/2015 - 04:42:04 - [] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 31/05/2015 - 17:18:19 - [] ----D C:\Program Files (x86)\gmsd_be_212
O43 - CFD: 16/05/2015 - 11:30:06 - [] ----D C:\Program Files (x86)\GUM1B9B.tmp
O43 - CFD: 23/11/2014 - 16:55:50 - [] ----D C:\Program Files (x86)\LostInSpace
O43 - CFD: 12/12/2014 - 20:05:35 - [] ----D C:\Program Files (x86)\ver5Re-markit =>PUP.ReMarkIt
O43 - CFD: 2/09/2014 - 00:51:14 - [] ----D C:\Program Files (x86)\Common Files\Config
O43 - CFD: 10/10/2014 - 20:41:43 - [] ----D C:\ProgramData\APN
O43 - CFD: 17/03/2014 - 01:27:50 - [0] ----D C:\ProgramData\BitGuard =>PUP.BitGuard
O43 - CFD: 17/03/2014 - 01:27:50 - [0] ----D C:\ProgramData\Browser Manager
O43 - CFD: 17/03/2014 - 01:27:50 - [0] ----D C:\ProgramData\BrowserProtect =>Hijacker.Eazel
O43 - CFD: 31/05/2015 - 23:17:00 - [] ----D C:\ProgramData\{5ade0a4b-01c8-1bf8-5ade-e0a4b01c292c}
O43 - CFD: 5/11/2013 - 13:57:45 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 23/11/2014 - 16:55:59 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lost In Space
O43 - CFD: 12/04/2011 - 10:49:50 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 15/04/2015 - 21:17:33 - [] ----D C:\Users\Remy\AppData\Roaming\Amolto
O43 - CFD: 10/04/2015 - 18:49:12 - [] ----D C:\Users\Remy\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 4/11/2013 - 23:30:44 - [] ----D C:\Users\Remy\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 7/03/2015 - 00:02:27 - [] ----D C:\Users\Remy\AppData\Local\Amolto
O43 - CFD: 7/03/2015 - 00:02:51 - [0] ----D C:\Users\Remy\AppData\Local\AmoltoCallRecorder
O43 - CFD: 5/11/2013 - 13:55:13 - [0] ----D C:\Users\Remy\AppData\Local\Conduit
O43 - CFD: 20/05/2014 - 22:59:02 - [] ----D C:\Users\Remy\AppData\Local\den
O43 - CFD: 16/07/2014 - 16:09:32 - [] ----D C:\Users\Remy\AppData\Local\det
O43 - CFD: 1/12/2014 - 21:54:42 - [] -SH-D C:\Users\Remy\AppData\Local\EmieBrowserModeList
O43 - CFD: 1/06/2015 - 15:01:25 - [] ----D C:\Users\Remy\AppData\Local\gmsd_be_212
O43 - CFD: 30/05/2015 - 14:42:40 - [] ----D C:\Users\Remy\AppData\Local\GVSE
O43 - CFD: 4/03/2014 - 20:32:50 - [0] ----D C:\Users\Remy\AppData\Local\Lollipop =>Adware.Lollipop
O43 - CFD: 24/05/2014 - 13:57:41 - [] ----D C:\Users\Remy\AppData\Local\TB
O43 - CFD: 27/04/2014 - 13:41:00 - [] ----D C:\Users\Remy\AppData\Local\WeeebStore
O43 - CFD: 7/03/2015 - 00:02:12 - [] ----D C:\Users\Remy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amolto
~ Program Folder: 247 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.C752468A48496B723291CE5CF671F4D9] - 1/06/2015 - 13:56:44 ---A- . (...) -- C:\Windows\System32\oodbs.lor [620925]
~ Files: 11 Legitimates Filtered in 00mn 42s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browsemngr.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsermngr.exe - tasklist.exe =>PUP.Babylon
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.SafeGuard
O50 - IFEO:Image File Execution Options - bundlesweetimsetup.exe - tasklist.exe =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - cltmngsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - delta babylon.exe - tasklist.exe =>PUP.Babylon
O50 - IFEO:Image File Execution Options - delta tb.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - delta2.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltainstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltasetup.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltatb.exe - tasklist.exe =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - deltatb_2501-c733154b.exe - tasklist.exe =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe =>Trojan.Staser
O50 - IFEO:Image File Execution Options - iminentsetup.exe - tasklist.exe =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - rjatydimofu.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe =>PUP.SearchProtect
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - sweetimsetup.exe - tasklist.exe =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - tbdelta.exetoolbar783881609.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe =>PUP.JumpFlip
~ IFEO: Scanned in 00mn 00s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 12 Legitimates Filtered in 00mn 01s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\cacaoweb [Key] . (...) -- C:\Users\Remy\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O53 - SMSR:HKLM\...\startupreg\LightShot [Key] . (...) -- C:\Users\Remy\AppData\Local\Skillbrains\lightshot\Lightshot.exe (.not file.) =>PUP.SkillBrains
~ SMSR Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:26/02/2013 - 16:34:06 ---A- . (.Windows (R) Win 7 DDK provider - Kinoni Virtual Audio Device.) -- C:\Windows\System32\Drivers\kinonivad.sys [23040]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:22/08/2013 - 13:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
O58 - SDL:1/09/2014 - 23:34:44 ---A- . (.Corsica - Web Instrumentation Driver.) -- C:\Windows\System32\Drivers\webinstr.sys [58040]
~ Drivers: 52 Legitimates Filtered in 00mn 08s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 1/09/2014 - C:\Windows\system32\Drivers\webinstr.sys (webinstr) .(.Corsica - Web Instrumentation Driver.) - LEGACY_WEBINSTR
~ Legacy: 102 Legitimates Filtered in 00mn 01s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com =>PUP.Istart
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.) =>PUP.Torch
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Bueno Search) - http://www.buenosearch.com =>PUP.BuenoSearch
O69 - SBI: SearchScopes [HKCU] {1144596A-00F7-47C7-8EC7-BA084A81FB23} - (uTorrentBar_FR Customized Web Search) - http://search.conduit.com =>PUP.uTorrentBar
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (istartsurf) - http://www.istartsurf.com =>PUP.Istart
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Ask.com) - http://dts.search.ask.com
O69 - SBI: SearchScopes [HKCU] {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} - (Norton Safe Search) - http://nortonsafe.search.ask.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.3A30FB4C243ADDB49BB4DDB974A4B888] [SPRF][29/07/2014] (.Wm5n4 - j3GYi05Sf.) -- C:\Users\Remy\AppData\Roaming\msconfig.exe [837248]
[MD5.AB11A6A7E1C011AD19BF674A01ACC2D5] [SPRF][22/10/2013] (.BitTorrent Inc. - µTorrent.) -- C:\Users\Remy\Desktop\µtorrent.exe [1130576] =>P2P.BitTorrent
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{FE8BDE6B-C6F7-4E01-8250-5018D998DDA3}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Remy\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{EEBDF0C0-012F-49CC-8311-D653665C4740}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Remy\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 03s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smileyswelove_RASAPI32 =>Adware.SmileyBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smileyswelove_RASMANCS =>Adware.SmileyBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmileysWeLove_SetupS_cdn_RASAPI32 =>Adware.SmileyBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SmileysWeLove_SetupS_cdn_RASMANCS =>Adware.SmileyBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBatBrowse_RASAPI32 =>PUP.BatBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBatBrowse_RASMANCS =>PUP.BatBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBatBrowse_RASAPI32 =>PUP.BatBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBatBrowse_RASMANCS =>PUP.BatBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 153 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{B5371616-B127-B89D-7185-99318D3F0F93}] (Re-markit) =>PUP.ReMarkIt
~ BCK: 4440 Legitimates Filtered in 00mn 23s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 22/07/1658 0 | (DatamngrCoordinator) . (...) - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe =>PUP.MoviesToolbar
SS - | Auto 24/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 16/05/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 4/05/2015 999152 | (OverwolfUpdater) . (.Overwolf LTD.) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 28/07/2011 262144 | (AIPS) . (.Arcai.com.) - C:\Program Files (x86)\netcut\services\AIPS.exe
SR - | Auto 30/04/2013 238080 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 29/04/2013 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 21/05/2015 63968 | (CGVPNCliService) . (.CyberGhost S.R.L.) - C:\Program Files\CyberGhost 5\Service.exe
SR - | Auto 18/02/2011 2372096 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 10/04/2015 2823496 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 7/03/2015 276336 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe
SR - | Auto 4/10/2011 3271496 | (OODefragAgent) . (.O&O Software GmbH.) - C:\Program Files\OO Software\Defrag\oodag.exe
SR - | Auto 28/11/2014 5419792 | (TeamViewer) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
SR - | Auto 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 31s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (31/05/2015)
Clés trouvées (Keys found) : 23
Valeurs trouvées (Values found) : 7
Dossiers trouvés (Folders found) : 14
Fichiers trouvés (Files found) : 17

[HKLM\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator] =>PUP.MoviesToolbar^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb] =>PUP.CacaoWeb^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\LightShot] =>PUP.SkillBrains^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>PUP.Conduit
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>PUP.Conduit
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKCU\Software\Softonic] =>PUP.Conduit
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}] =>Toolbar.Ask
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:cacaoweb =>PUP.CacaoWeb^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Lightshot =>PUP.SkillBrains^
C:\Users\Remy\AppData\Roaming\Mozilla\Firefox\Profiles\d7qxodck.default\extensions\cacaoweb@cacaoweb.org =>PUP.CacaoWeb^
C:\Users\Remy\AppData\Roaming\Mozilla\Firefox\Profiles\d7qxodck.default\extensions\{1AE2033C-C518-0D7C-E250-6ABAA6D9F67D} =>Adware.Bandoo^
C:\Users\Remy\AppData\Roaming\Mozilla\Firefox\Profiles\d7qxodck.default\extensions\{d1dac034-9fd9-4c13-a388-d2e10e57707f} =>PUP.MoviesToolbar^
C:\Program Files (x86)\BatBrowse =>PUP.BatBrowse^
C:\Program Files (x86)\ver5Re-markit =>PUP.ReMarkIt^
C:\ProgramData\BitGuard =>PUP.BitGuard^
C:\ProgramData\BrowserProtect =>Hijacker.Eazel^
C:\Users\Remy\AppData\Roaming\cacaoweb =>PUP.CacaoWeb^
C:\Users\Remy\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\Remy\AppData\Local\Lollipop =>Adware.Lollipop^
C:\Program Files (x86)\Conduit =>PUP.Conduit
C:\ProgramData\Browser Manager =>PUP.Babylon
C:\Users\Remy\AppData\Local\Conduit =>PUP.Conduit
C:\Users\Remy\AppData\LocalLow\Conduit =>PUP.Conduit
C:\Users\Remy\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb^
C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe =>PUP.SkillBrains^
C:\Users\Remy\AppData\Roaming\Mozilla\Firefox\Profiles\d7qxodck.default\Extensions\cacaoweb@cacaoweb.org =>PUP.CacaoWeb^
C:\Program Files (x86)\Skillbrains\Updater\Updater.exe =>PUP.SkillBrains^
C:\Windows\Tasks\Bidaily Synchronize Task =>PUP.BidailySync^
C:\Windows\System32\Tasks\Bidaily Synchronize Task =>PUP.BidailySync^
[HKCU\Software\BatBrowse] =>PUP.BatBrowse^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\Popajar] =>Toolbar.Conduit^
[HKCU\Software\SmileysWeLove] =>Adware.SmileyBar^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\iLivid] =>Adware.Bandoo^
[HKLM\Software\Wow6432Node\BatBrowse] =>PUP.BatBrowse^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.) =>PUP.Torch^
C:\Users\Remy\Desktop\µtorrent.exe =>P2P.BitTorrent^
[HKCR\CLSID\{B5371616-B127-B89D-7185-99318D3F0F93}] (Re-markit) =>PUP.ReMarkIt^
~ Additionnel Scan: 202200 Items scanned in 00mn 46s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pup-cacaoweb =>PUP.CacaoWeb
http://www.nicolascoolman.fr/blog/ =>PUP.SkillBrains
http://nicolascoolman.fr/pup-buenosearch =>PUP.BuenoSearch
http://nicolascoolman.fr/pup-remarkit =>PUP.ReMarkIt
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/pup-moviestoolbar =>PUP.MoviesToolbar
http://www.nicolascoolman.fr/blog/ =>PUP.Istart
http://nicolascoolman.fr/pup-datamngr =>PUP.Datamngr
http://www.nicolascoolman.fr/blog/ =>PUP.BidailySync
http://nicolascoolman.fr/pup-batbrowse =>PUP.BatBrowse
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/adware-smileybar =>Adware.SmileyBar
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://nicolascoolman.fr/adware-lollipop =>Adware.Lollipop
http://nicolascoolman.fr/pup-bitguard =>PUP.BitGuard
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy
http://nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://www.nicolascoolman.fr/blog/ =>PUP.SafeGuard
http://nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.fr/trojan-staser =>Trojan.Staser
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/spyware-protectedsearch =>Spyware.ProtectedSearch
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/pup-jumpflip =>PUP.JumpFlip
http://www.nicolascoolman.fr/blog/ =>PUP.Torch
http://www.nicolascoolman.fr/blog/ =>PUP.uTorrentBar
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
~ MSI: 35 link(s) detected in 00mn 00s



~ 961 Legitimates filtered by white list
End of the scan (695 lines in 04mn 46s)(0.11)

Publicité


Signaler le contenu de ce document

Publicité