cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.12.27.179 - Nicolas Coolman (27/12/2014)
~ Lancé par Sav (02/06/2015 13:31:44)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 39.0 (Defaut)
GCIE: Google Chrome v43.0.2357.81
OPIE: Opera vStable 29.0.1795.60

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 64-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 6P6GT
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Kaspersky Anti-Virus v15.0.0.463
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI
Adobe Reader XI

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1993 MB (8% free)
System Restore: Activé (Enable)
System drive C: has 57 GB (58%) free of 98 GB

---\\ Mode de connexion au système
~ Computer Name: SAV
~ User Name: Sav
~ All Users Names: SAV, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Sav.MEDIATEC\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Sav.MEDIATEC\AppData\Roaming\
~ %Desktop% : C:\Users\Sav.MEDIATEC\Desktop\
~ %Favorites% : C:\Users\Sav.MEDIATEC\Favorites\
~ %LocalAppData% : C:\Users\Sav.MEDIATEC\AppData\Local\
~ %StartMenu% : C:\Users\Sav.MEDIATEC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 57 Go of 98 Go)
D: Hard drive, Flash drive, Thumb drive (Free 16 Go of 51 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 01:39:10.) -- C:\Windows\Explorer.exe [2868224]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.B1037F0131C9A010D611F6914E03CD92] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 01:41:56.) -- C:\Windows\System32\wininet.dll [1193472]
[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.14/07/2009 - 01:39:52.) -- C:\Windows\System32\Winlogon.exe [389120]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 01:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 23:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 23:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 23:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 23:24:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 23:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 01:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 00:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 23:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 01:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/118
~ Mes musiques (My Musics) : 1/13
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/29
~ Mon Bureau (My Desktop) : 8/291
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 02s



---\\ Processus lancés
[MD5.A446F3898F1CE9989ACB3F6E758E179B] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe [192160] [PID.2968]
[MD5.7ED4772FE3CBA02E4B91140C9BD29452] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [31283328] [PID.3284]
[MD5.2433013FD3E14E512ADA657BF2CAD06F] - (.http://yourfiledownloader.net - YourFile Downloader.) -- C:\Program Files (x86)\YourFileDownloaderUpdater\YourFileDownloaderUpdater.exe [972912] [PID.3980] =>PUP.YourFileDownloader
[MD5.B654624161DD7C100ADAF1F0E7BBBF87] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [376944] [PID.12164]
[MD5.96CBCA06825BC911C3A0562BA7A2255E] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [277616] [PID.12304]
[MD5.411837D66846190BDEA7077046EA9038] - (.Adobe Systems, Inc. - Adobe Flash Player 17.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe [1894064] [PID.12532]
[MD5.E47AC731D42B2452D4C0BF096DF3DD6E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8145408] [PID.13244]
[MD5.058734C95991F6BEBF3D3075B8776234] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552] [PID.1576]
[MD5.FECA9F830A5C6BAB9978E6781A26AE2B] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816] [PID.1616]
[MD5.5B33709F7FE59BB625F113EED86AFC5C] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672] [PID.1660]
[MD5.08F47898814F3E42F3E77F18DFE447E1] - (.Webby - iWebar exe.) -- C:\Program Files (x86)\iWebar\2effc95a-84ba-48de-91c4-42ff5c73c5f8-6.exe [1360896] [PID.2836] =>PUP.CrossRider
[MD5.3ABCD08D9A496A85A685238E9FC5201D] - (.Sense+ - SensePlus exe.) -- C:\Program Files (x86)\SensePlus\8ec860f2-3fd0-4283-8761-b4d9c5580e60-1-6.exe [1408512] [PID.3028]
[MD5.7729B0F4675F627F8B44F4AB8D492BA1] - (.Webby - iWebar exe.) -- C:\Program Files (x86)\iWebar\2effc95a-84ba-48de-91c4-42ff5c73c5f8-1-6.exe [1408512] [PID.3968] =>PUP.CrossRider
~ Processes Running: Scanned in 00mn 16s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Sav.MEDIATEC\AppData\Roaming\Mozilla\Firefox\Profiles\5pcrh7me.default\prefs.js
M2 - MFEP: prefs.js [Sav - 5pcrh7me.default\fftoolbar2014@etech.com] [] FF Toolbar v1.0.0.1025 (..)
M2 - MFEP: prefs.js [Sav - 5pcrh7me.default\searchengine@gmail.com] [] Search Enginer v1.0.0.1027 (..)
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (...) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (.not file.)
P2 - FPN: [HKCU] [@tnt2npapi.com/Plugin] - (.Eshield - npAPI Plugin.) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\npTNT2.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com =>PUP.IsStart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com =>PUP.IsStart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.us.com =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com =>PUP.IsStart
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com =>PUP.IsStart
~ IE Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{9F355E91-E5CA-4965-8D39-3E91ADDBF22E} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (.not file.)
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Sav.MEDIATEC\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKLM\..\Wow6432Node\Run: [kbdsprt] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [RIMBBLaunchAgent.exe] . (.BlackBerry Limited - Launch Agent Service.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2253795806-4168766957-983457841-1154\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2253795806-4168766957-983457841-1154\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (.not file.)
O4 - HKUS\S-1-5-21-2253795806-4168766957-983457841-1154\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Sav.MEDIATEC\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier virtuel [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kbrd.ico
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
O9 - Extra button: Analyse des liens [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{676D139E-33A1-4FD0-80DD-D389D9C81D4D}: NameServer = 192.168.10.200,213.136.96.2,213.136.96.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{676D139E-33A1-4FD0-80DD-D389D9C81D4D}: DhcpNameServer = 213.136.96.8 213.136.96.7 192.168.10.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{676D139E-33A1-4FD0-80DD-D389D9C81D4D}: NameServer = 192.168.10.200,213.136.96.2,213.136.96.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{676D139E-33A1-4FD0-80DD-D389D9C81D4D}: DhcpNameServer = 213.136.96.8 213.136.96.7 192.168.10.150
O17 - HKLM\System\CS2\Services\Tcpip\..\{676D139E-33A1-4FD0-80DD-D389D9C81D4D}: NameServer = 192.168.10.200,213.136.96.2,213.136.96.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{676D139E-33A1-4FD0-80DD-D389D9C81D4D}: DhcpNameServer = 213.136.96.8 213.136.96.7 192.168.10.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mediatec.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.136.96.8 213.136.96.7 192.168.10.150
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.832BC388E2A5210A3B4812852F57CBD8] [APT] [One System Care Monitor] (...) -- C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [483648]
[MD5.717F331CDE69E5A32A8B9A0659374F62] [APT] [One System Care Run Delay] (...) -- C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2239808]
[MD5.9765C6373A259BFE07BF281FE70EA66C] [APT] [Opera scheduled Autoupdate 1419608655] (.Opera Software.) -- C:\Program Files (x86)\Opera\launcher.exe [888440]
[MD5.00000000000000000000000000000000] [APT] [PM] (...) -- C:\Users\Sav\AppData\Roaming\PM.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{01DD788B-A371-49BE-BF0F-4C499D676518}] (...) -- C:\Users\Sav\AppData\Roaming\istartsurf\UninstallManager.exe (.not file.) [0] =>PUP.IsStart
[MD5.00000000000000000000000000000000] [APT] [{05AE2B4C-D01A-4413-B412-BAC2D0393E1F}] (...) -- D:\Doh\LOGI\38 Dictionnaires et Recueils de Correspondanc+Manuel\setup\Sudoku\setup.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\Tasks\One System CarePeriod.job [272]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\One System CarePeriod [272]
O39 - APT: - (..) -- C:\Windows\Tasks\One System CareStartUp.job [272]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\One System CareStartUp [272]
O39 - APT: PM - (...) -- C:\Windows\Tasks\PM.job [1340]
O39 - APT: PM - (...) -- C:\Windows\System32\Tasks\PM [1340]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 06s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: ({88dab020-0802-4f33-9294-5fccbb774bac}Gw64) . (. - .) - C:\Windows\System32\drivers\{88dab020-0802-4f33-9294-5fccbb774bac}Gw64.sys (.not file.)
O41 - Driver: ({996d1aa5-d397-4272-8bde-0cf232732324}Gw64) . (. - .) - C:\Windows\System32\drivers\{996d1aa5-d397-4272-8bde-0cf232732324}Gw64.sys (.not file.)
~ Drivers: 93 Legitimates Filtered in 00mn 03s



---\\ Logiciels installés (O42)
O42 - Logiciel: Fonds d'Ecran Venise 1024 - (...) [HKLM][64Bits] -- Fonds d'Ecran Venise 1024
O42 - Logiciel: One System Care - (.OneSystemCare.) [HKLM][64Bits] -- OneSystemCare
O42 - Logiciel: SensePlus - (.Sense+.) [HKLM][64Bits] -- SensePlus
O42 - Logiciel: Update Service YourFileDownloader - (.http://yfdownloader.com.com.) [HKCU][64Bits] -- Update Service YourFileDownloader =>PUP.YourFileDownloader
O42 - Logiciel: iWebar - (.Webby.) [HKLM][64Bits] -- iWebar =>PUP.CrossRider
~ Logic: 29 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Goobzo] =>PUP.Goobzo
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\One System Care]
[HKCU\Software\SMADΔV]
[HKCU\Software\SensePlus-nv-ie]
[HKCU\Software\SensePlus-nv]
[HKCU\Software\Spyrix]
[HKCU\Software\bi]
[HKCU\Software\iLivid] =>Adware.Bandoo
[HKCU\Software\iWebar-nv-ie] =>PUP.CrossRider
[HKCU\Software\iWebar-nv] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\ShopperPro] =>PUP.ShopperPro
[HKLM\Software\Wow6432Node\0fd8793b-3d98-4f28-b2ee-c566166d9396] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\7956704a-19ba-4ff4-b000-ebafc2bdb19e] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\EnumKreg]
[HKLM\Software\Wow6432Node\Goobzo] =>PUP.Goobzo
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\LuckyTab]
[HKLM\Software\Wow6432Node\SensePlus-nv-ie]
[HKLM\Software\Wow6432Node\SensePlus-nv]
[HKLM\Software\Wow6432Node\ShopperPro] =>PUP.ShopperPro
[HKLM\Software\Wow6432Node\Spyrix]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\YourFileDownloader] =>PUP.YourFileDownloader
[HKLM\Software\Wow6432Node\iWebar-nv-ie] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\iWebar-nv] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
~ Key Software: 217 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/03/2015 - 13:34:07 - [] ----D C:\Program Files (x86)\0d5b3249-43f3-45d5-bc13-58e24e4c4f0e
O43 - CFD: 14/03/2015 - 13:34:20 - [] ----D C:\Program Files (x86)\82b7c1be-7774-4f0f-b69e-007b5605d6de
O43 - CFD: 14/04/2015 - 14:45:56 - [] ----D C:\Program Files (x86)\DLLEscort
O43 - CFD: 27/05/2015 - 10:54:49 - [] ----D C:\Program Files (x86)\fond-ecran-wallpaper
O43 - CFD: 15/04/2015 - 08:19:47 - [] ----D C:\Program Files (x86)\iWebar =>PUP.CrossRider
O43 - CFD: 01/06/2015 - 09:34:19 - [] ----D C:\Program Files (x86)\OneSystemCare
O43 - CFD: 02/05/2015 - 10:22:31 - [] ----D C:\Program Files (x86)\SensePlus
O43 - CFD: 10/03/2015 - 13:22:54 - [] --H-D C:\Program Files (x86)\Spyrix Free Keylogger
O43 - CFD: 02/06/2015 - 11:52:21 - [] ----D C:\Program Files (x86)\XTab
O43 - CFD: 10/03/2015 - 11:13:08 - [] ----D C:\Program Files (x86)\YourFileDownloaderUpdater =>PUP.YourFileDownloader
O43 - CFD: 19/11/2014 - 14:09:35 - [] ----D C:\ProgramData\26610000-7ac9-4b8c-2e63-d2ea29cbdb3
O43 - CFD: 19/11/2014 - 14:25:32 - [] ----D C:\ProgramData\55240000-eb75-4e64-65b-ed3d3d081999
O43 - CFD: 26/12/2014 - 08:10:03 - [] ----D C:\ProgramData\SettingsGuard
O43 - CFD: 27/05/2015 - 10:54:54 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fond-ecran-wallpaper.com
O43 - CFD: 01/06/2015 - 09:33:49 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSystemCare
O43 - CFD: 14/07/2009 - 07:45:37 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 26/12/2014 - 15:34:16 - [] ----D C:\Users\Sav.MEDIATEC\AppData\Roaming\IHlpr
O43 - CFD: 02/06/2015 - 13:22:55 - [] ----D C:\Users\Sav.MEDIATEC\AppData\Roaming\One System Care
O43 - CFD: 13/11/2014 - 17:09:26 - [] ----D C:\Users\Sav.MEDIATEC\AppData\Roaming\RHEng
O43 - CFD: 10/03/2015 - 11:21:48 - [] ----D C:\Users\Sav.MEDIATEC\AppData\Local\CodecPerformer =>PUP.CodecPerformer
~ Program Folder: 174 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.CA2A8AF1DBAD0F31F9B33A2827DFBC16] - 02/06/2015 - 11:50:08 ---A- . (...) -- C:\Windows\tweaking.com-regbackup-SAV-Windows-7-Professional-(64-bit).dat [207]
O44 - LFC:[MD5.5971A9CB85EB19DEFF56F9544F2F4D86] - 27/05/2015 - 10:54:55 ---A- . (...) -- C:\Windows\few-repertoire-1024.ini [90]
~ Files: 13 Legitimates Filtered in 00mn 42s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/12/2009 - 12:44:24 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [85048]
O58 - SDL:14/12/2009 - 12:44:24 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66104]
O58 - SDL:14/07/2009 - 01:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 20:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:06/05/2014 - 09:21:02 ---A- . (.BlackBerry Limited - BlackBerry Device Driver.) -- C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872]
O58 - SDL:14/07/2009 - 01:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 60 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 01/06/2015 - 13:35:18 ---A- . (...) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\chromeinst.1.dll [97792]
O61 - LFC: 01/06/2015 - 13:35:21 ---A- . (...) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\GameConsole.exe [108304]
O61 - LFC: 01/06/2015 - 13:35:22 ---A- . (...) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\GameEngine.dll [182272]
O61 - LFC: 01/06/2015 - 13:35:23 ---A- . (.Search.Us.com.) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\hmac.1.dll [93184] =>PUP.StartSearch
O61 - LFC: 01/06/2015 - 13:35:24 ---A- . (.Eshield.) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\IEToolbar.dll [144592]
O61 - LFC: 01/06/2015 - 13:35:24 ---A- . (.Eshield.) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\IEToolbar64.dll [200400]
O61 - LFC: 01/06/2015 - 13:35:24 ---A- . (.Eshield.) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\iestage2.1.dll [224768]
O61 - LFC: 01/06/2015 - 13:35:24 ---A- . (.Eshield.) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\log.dll [118784]
O61 - LFC: 01/06/2015 - 13:35:24 ---A- . (.Eshield.) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\npTNT2.dll [104448]
O61 - LFC: 01/06/2015 - 13:35:25 ---A- . (...) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\tnt2chrome.dll [203264]
O61 - LFC: 01/06/2015 - 13:35:25 ---A- . (...) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\tnt2chrome64.dll [208384]
O61 - LFC: 01/06/2015 - 13:35:25 ---A- . (.Eshield.) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\passport.dll [11472]
O61 - LFC: 01/06/2015 - 13:35:25 ---A- . (.Eshield.) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\passport64.dll [11984]
O61 - LFC: 01/06/2015 - 13:35:25 ---A- . (.Eshield.) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\regsvr.1.dll [101888]
O61 - LFC: 01/06/2015 - 13:35:25 ---A- . (.Search.Us.com.) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\sqlite.1.dll [549376] =>PUP.StartSearch
O61 - LFC: 01/06/2015 - 13:35:25 ---A- . (.TODO: .) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\progress.1.dll [83456]
O61 - LFC: 01/06/2015 - 13:35:26 ---A- . (...) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\TNT2UserPS.dll [85712]
O61 - LFC: 01/06/2015 - 13:35:26 ---A- . (...) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\TNT2UserPS64.dll [97488]
O61 - LFC: 01/06/2015 - 13:35:26 ---A- . (...) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\TntMagicDel.dll [3584]
O61 - LFC: 01/06/2015 - 13:35:26 ---A- . (...) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\UnInjLib.dll [126464]
O61 - LFC: 01/06/2015 - 13:35:26 ---A- . (...) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\UnInjLib64.dll [135680]
O61 - LFC: 01/06/2015 - 13:35:26 ---A- . (...) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\Common\GameConsole.exe [108304]
O61 - LFC: 01/06/2015 - 13:35:26 ---A- . (.Eshield.) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\TNT2User.exe [659664]
O61 - LFC: 01/06/2015 - 13:35:26 ---A- . (.Eshield.) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\UninstallDlg.1.dll [97280]
O61 - LFC: 01/06/2015 - 13:35:26 ---A- . (.Eshield.) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\untar.1.dll [90624]
O61 - LFC: 01/06/2015 - 13:35:26 ---A- . (.Eshield.) -- C:\Users\Sav.MEDIATEC\AppData\Local\TNT2\2.0.0.1983\zipunzip.1.dll [106496]
O61 - LFC: 01/06/2015 - 13:35:51 ---A- . (.Web Internet.) -- C:\Users\Sav.MEDIATEC\Downloads\flashplayer17_ha_install.exe [678080]
O61 - LFC: 27/05/2015 - 13:35:59 ---A- . (...) -- C:\Users\Sav.MEDIATEC\Downloads\setup_venise_1024.exe [1850991]
O61 - LFC: 27/05/2015 - 13:36:00 ---A- . (.SmadSoft.) -- C:\Users\Sav.MEDIATEC\Downloads\smadav10.exe [1229445]
O61 - LFC: 30/05/2015 - 13:33:40 ---A- . (...) -- C:\Users\Sav.MEDIATEC\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
~ 1195 Fichiers temporaires (Temporary files)
~ 147 Fichiers cookies (Cookies files)
~ Files: 46 Legitimates Filtered in 02mn 25s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 11/04/1745 - C:\Program Files (x86)\ShopperPro\JSDriver\Unknown\jsdrv.sys (SPDRIVER_Unknown) .(...) - LEGACY_SPDRIVER_UNKNOWN =>PUP.ShopperPro
O64 - Services: CurCS - 11/04/1745 - C:\Windows\System32\drivers\{88dab020-0802-4f33-9294-5fccbb774bac}Gw64.sys ({88dab020-0802-4f33-9294-5fccbb774bac}Gw64) .(...) - LEGACY_{88DAB020-0802-4F33-9294-5FCCBB774BAC}GW64
O64 - Services: CurCS - 11/04/1745 - C:\Windows\System32\drivers\{996d1aa5-d397-4272-8bde-0cf232732324}Gw64.sys ({996d1aa5-d397-4272-8bde-0cf232732324}Gw64) .(...) - LEGACY_{996D1AA5-D397-4272-8BDE-0CF232732324}GW64
~ Legacy: 79 Legitimates Filtered in 00mn 01s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- firefox.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6D9BAD1D-EB57-4BD8-964A-B2B7EEE33252} - (Yahoo) - http://search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\Sav.MEDIATEC\Downloads\Navigon_Mobile_Navigator_7_2_keygen_by_TSRh.zip =>.Crack,Keygen
C:\Users\Sav.MEDIATEC\Downloads\Navigon_Mobile_Navigator_7_2_keygen_by_TSRh.zip =>.Crack,Keygen
~ Files: Scanned in 00mn 30s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.B82E84BF0C13DB0C84C9502AE7F65CAA] [SPRF][06/03/2015] (...) -- C:\ProgramData\bdinstall.bin [725476]
[MD5.2440DEEDD58AE9760FFEACA0F4240DA3] [SPRF][17/03/2015] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.DD89B12A21223EE65709C540BEEB4D36] [SPRF][26/02/2015] (...) -- C:\Users\Sav.MEDIATEC\AppData\Roaming\AdobeWLCMCache.dat [34]
[MD5.8B42F98112D07050FCFA166635D214FC] [SPRF][14/03/2015] (.Sense+ - SensePlus exe.) -- C:\Users\Sav.MEDIATEC\AppData\Roaming\PM.exe [1311744]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{324B65A7-577D-4052-A7ED-329B8379CA71}" | In - Public - P6 - TRUE | .(.http://yourfile-downloader.com - YourFileDownloader Installer.) -- C:\Users\Sav.MEDIATEC\Downloads\Download_Java_Development_Kit_Jdk_1.6_downloader.exe =>PUP.YourFileDownloader
O87 - FAEL: "{AA04E604-95A5-430F-B62B-FB86891F956A}" | In - Public - P17 - TRUE | .(.http://yourfile-downloader.com - YourFileDownloader Installer.) -- C:\Users\Sav.MEDIATEC\Downloads\Download_Java_Development_Kit_Jdk_1.6_downloader.exe =>PUP.YourFileDownloader
O87 - FAEL: "{1C24627F-3B25-4C93-BDC9-EDF578839282}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Sav.MEDIATEC\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{64F6671C-817C-40EA-B0F8-14DCAAEBEDBF}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Sav.MEDIATEC\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 02s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\appshat_generic_RASAPI32 =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\appshat_generic_RASMANCS =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividMediaBar_RASAPI32 =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividMediaBar_RASMANCS =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup-r437-n-bf(1)_RASAPI32 =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup-r437-n-bf(1)_RASMANCS =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShopperPro_RASAPI32 =>PUP.ShopperPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShopperPro_RASMANCS =>PUP.ShopperPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smt_istartsurf_RASAPI32 =>PUP.IsStart
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smt_istartsurf_RASMANCS =>PUP.IsStart
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smt_mystartsearch_RASAPI32 =>PUP.StartSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\smt_mystartsearch_RASMANCS =>PUP.StartSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_v20_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_v20_RASMANCS =>PUP.WpManager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YourFileDownloaderUpdater_RASAPI32 =>PUP.YourFileDownloader
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YourFileDownloaderUpdater_RASMANCS =>PUP.YourFileDownloader
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YourFileDownloader_RASAPI32 =>PUP.YourFileDownloader
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YourFileDownloader_RASMANCS =>PUP.YourFileDownloader
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YTAHelper_RASAPI32 =>PUP.Goobzo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YTAHelper_RASMANCS =>PUP.Goobzo
~ BTK: 304 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 06/02/2009 109056 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SS - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 01/06/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 31/10/2014 588024 | (BlackBerry Device Manager) . (.BlackBerry Limited.) - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
SS - | Auto 26/12/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/12/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 29/05/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 20/04/2014 233552 | (AVP15.0.0) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
SR - | Auto 14/07/2009 27136 | C:\Users\Sav.MEDIATEC\AppData\Local\Temp\7zS5DD5\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/03/2011 341312 | (NitroDriverReadSpool) . (.Nitro PDF Software.) - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/01/2013 202824 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 13s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Sav at 02/06/2015 13:37:45
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Sav at 02/06/2015 13:37:47
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (27/12/2014)
Clés trouvées (Keys found) : 14
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 18

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Update Service YourFileDownloader] =>PUP.YourFileDownloader^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iWebar] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKCU\Software\Spyrix] =>Keylogger.Spyrix
[HKLM\Software\Wow6432Node\Spyrix] =>Keylogger.Spyrix
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PC Performer_is1] =>Rogue.PCPerformer
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\BI] =>Adware.MegaSearch
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Program Files (x86)\iWebar =>PUP.CrossRider^
C:\Program Files (x86)\YourFileDownloaderUpdater =>PUP.YourFileDownloader^
C:\Users\Sav.MEDIATEC\AppData\Local\CodecPerformer =>PUP.CodecPerformer^
C:\Program Files (x86)\Spyrix Free Keylogger =>Keylogger.Spyrix
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Program Files (x86)\YourFileDownloaderUpdater\YourFileDownloaderUpdater.exe =>PUP.YourFileDownloader^
C:\Program Files (x86)\iWebar\2effc95a-84ba-48de-91c4-42ff5c73c5f8-6.exe =>PUP.CrossRider^
C:\Program Files (x86)\iWebar\2effc95a-84ba-48de-91c4-42ff5c73c5f8-1-6.exe =>PUP.CrossRider^
[HKCU\Software\Goobzo] =>PUP.Goobzo^
[HKCU\Software\iLivid] =>Adware.Bandoo^
[HKCU\Software\iWebar-nv-ie] =>PUP.CrossRider^
[HKCU\Software\iWebar-nv] =>PUP.CrossRider^
[HKLM\Software\ShopperPro] =>PUP.ShopperPro^
[HKLM\Software\Wow6432Node\0fd8793b-3d98-4f28-b2ee-c566166d9396] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\7956704a-19ba-4ff4-b000-ebafc2bdb19e] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Goobzo] =>PUP.Goobzo^
[HKLM\Software\Wow6432Node\ShopperPro] =>PUP.ShopperPro^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\YourFileDownloader] =>PUP.YourFileDownloader^
[HKLM\Software\Wow6432Node\iWebar-nv-ie] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\iWebar-nv] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
~ Additionnel Scan: 218194 Items scanned in 00mn 24s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>Hijacker.Application
http://nicolascoolman.fr/pup-yourfiledownloader =>PUP.YourFileDownloader
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-startsearch =>PUP.StartSearch
http://nicolascoolman.fr/pup-isstart =>PUP.IsStart
http://www.nicolascoolman.fr/blog/ =>PUP.Goobzo
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/adware-vidsaver =>Adware.VidSaver
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://nicolascoolman.fr/pup-shopperpro =>PUP.ShopperPro
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://www.nicolascoolman.fr/blog/ =>PUP.CodecPerformer
http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager
http://nicolascoolman.fr/28289157-keylogger-spyrix =>Keylogger.Spyrix
http://www.nicolascoolman.fr/blog/ =>Rogue.PCPerformer
http://nicolascoolman.fr/adware-megasearch =>Adware.MegaSearch
~ MSI: 16 link(s) detected in 00mn 00s



~ 812 Legitimates filtered by white list
End of the scan (611 lines in 06mn 28s)(2)

Publicité


Signaler le contenu de ce document

Publicité