Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.12.27.179 - Nicolas Coolman (27/12/2014)
~ Lancé par Rhéda (11/06/2015 11:13:56)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17842
GCIE: Google Chrome v43.0.2357.124 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : T6MCD
Windows License : OK
~ Windows Remaining Initializations Number : 997
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Norton AntiVirus v21.7.0.11
McAfee Security Scan Plus v3.0.285.6
Windows Defender W8 (Activate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 17 PPAPI
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 55 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3984 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 595 GB (87%) free of 681 GB
---\\ Mode de connexion au système
~ Computer Name: SELECTOW
~ User Name: Rhéda
~ All Users Names: user, Rhéda, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Rhéda\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Rhéda\AppData\Roaming\
~ %Desktop% : C:\Users\Rhéda\Desktop\
~ %Favorites% : C:\Users\Rhéda\Favorites\
~ %LocalAppData% : C:\Users\Rhéda\AppData\Local\
~ %StartMenu% : C:\Users\Rhéda\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 595 Go of 681 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 17 Go)
E: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.27/01/2015 - 23:47:12.) -- C:\Windows\Explorer.exe [2501368]
[MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Application de démarrage de Windows.) (.29/10/2014 - 01:25:54.) -- C:\Windows\System32\Wininit.exe [145920]
[MD5.417F80E4AFBA1AA9EBBD618F1C6D9165] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/05/2015 - 17:50:20.) -- C:\Windows\System32\wininet.dll [2426880]
[MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.29/10/2014 - 01:22:52.) -- C:\Windows\System32\Winlogon.exe [572416]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.18/03/2014 - 09:54:52.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.30/05/2014 - 03:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 12:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 11:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 08:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 09:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/07/2014 - 11:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.D887446F3F6051C60C26F4FD1FC8D43F] - (.Microsoft Corporation - Pilote de port i8042.) (.07/10/2014 - 03:29:50.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 09:54:55.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.08/10/2014 - 07:32:10.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 11:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.15/10/2014 - 08:32:37.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 11:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 11:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.18/03/2014 - 09:37:57.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 13:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/06/2014 - 02:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/1853
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 2/14
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/73
~ Mon Bureau (My Desktop) : 2/753
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.464CB8BB12682AE462CC89B718CDE58A] - (.Symantec Corporation - Norton AntiVirus.) -- C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\NAV.exe [262928] [PID.2836]
[MD5.4AA10AEFC7E7FB30BAA8706BC5798E1D] - (.Symantec Corporation - Norton Identity Safe.) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144] [PID.2852]
[MD5.4E9AF25BA5E8219310E384AEA5B0EED8] - (.CyberLink - CyberLink MediaLibrary Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576] [PID.6016]
[MD5.85778366674083C3070834AE7A917214] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224] [PID.6024]
[MD5.34084D25BE6F48D072AA54DE630438FD] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896] [PID.4504]
[MD5.E47AC731D42B2452D4C0BF096DF3DD6E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8145408] [PID.4796]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Rhéda\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://myhome.vi-view.com =>Hijacker.MyhomeViview
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhome.vi-view.com =>Hijacker.MyhomeViview
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://myhome.vi-view.com =>Hijacker.MyhomeViview
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhome.vi-view.com =>Hijacker.MyhomeViview
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\XTab\SupTab.dll =>PUP.SupTab
~ BHO: 12 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Norton Identity Safe Toolbar - [HKLM]{A13C2648-91D4-4bf3-BC6D-0079707C4389} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{A13C2648-91D4-4BF3-BC6D-0079707C4389} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [Rhéda]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Rhéda\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Rhéda]: Continue GamesDesktop Uninstaller.lnk . (...) -- C:\Users\Rhéda\AppData\Local\Temp\is-I5QS9.tmp\SOLUN.exe (.not file.) =>Adware.PUP.GamesDesktop
O4 - GS\Desktop [Rhéda]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Rhéda\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 4 Legitimates Filtered in 00mn 16s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SimplePass] . (.Hewlett-Packard - HP SimplePass Application.) -- C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
O4 - HKLM\..\Run: [OPBHOBroker] . (.Hewlett-Packard - HP SimplePass BHO Broker.) -- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
O4 - HKLM\..\Run: [OPBHOBrokerDesktop] . (.Hewlett-Packard - HP SimplePass BHO Broker.) -- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\Rhéda\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - iCloud Photos.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudDrive] . (.Apple Inc. - iCloud Drive.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Rhéda\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [gmsd_gb_425] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [gmsd_gb_438] Clé orpheline
O4 - HKUS\S-1-5-21-1101188376-3935122507-210231845-1002\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1101188376-3935122507-210231845-1002\..\Run: [cacaoweb] . (...) -- C:\Users\Rhéda\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O4 - HKUS\S-1-5-21-1101188376-3935122507-210231845-1002\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-1101188376-3935122507-210231845-1002\..\Run: [ApplePhotoStreams] . (.Apple Inc. - iCloud Photos.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-1101188376-3935122507-210231845-1002\..\Run: [iCloudDrive] . (.Apple Inc. - iCloud Drive.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKUS\S-1-5-21-1101188376-3935122507-210231845-1002\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Rhéda\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 05s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Skype for Business Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1993ED6B-7C5C-4A28-946D-9DFA66381EE8}: NameServer = 81.218.119.5,82.163.142.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BB7C062-C794-49FE-8BE1-C4908282C1FC}: NameServer = 81.218.119.5,82.163.142.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{801034C2-F75E-4634-8F64-9A03DD1360B1}: NameServer = 81.218.119.5,82.163.142.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{801034C2-F75E-4634-8F64-9A03DD1360B1}: DhcpNameServer = 10.105.42.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BB7C062-C794-49FE-8BE1-C4908282C1FC}: DhcpDomain = hpdeploy.lab
O17 - HKLM\System\CCS\Services\Tcpip\..\{801034C2-F75E-4634-8F64-9A03DD1360B1}: DhcpDomain = popcorn
O17 - HKLM\System\CS1\Services\Tcpip\..\{1993ED6B-7C5C-4A28-946D-9DFA66381EE8}: NameServer = 81.218.119.5,82.163.142.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BB7C062-C794-49FE-8BE1-C4908282C1FC}: NameServer = 81.218.119.5,82.163.142.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{801034C2-F75E-4634-8F64-9A03DD1360B1}: NameServer = 81.218.119.5,82.163.142.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{801034C2-F75E-4634-8F64-9A03DD1360B1}: DhcpNameServer = 10.105.42.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BB7C062-C794-49FE-8BE1-C4908282C1FC}: DhcpDomain = hpdeploy.lab
O17 - HKLM\System\CS1\Services\Tcpip\..\{801034C2-F75E-4634-8F64-9A03DD1360B1}: DhcpDomain = popcorn
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.105.42.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: abengine (abengine) . (.Abengine - Pas de description.) - C:\Program Files (x86)\HighlightSearches\abengine.exe
O23 - Service: CoupoonService64 (CoupoonService64) . (...) - C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\XTab\ProtectService.exe
O23 - Service: lxqvbcbiws32 (lxqvbcbiws32) . (...) - C:\Program Files\015\lxqvbcbiws32.exe
O23 - Service: McAfee Boot Delay Start Service (mcbootdelaystartsvc) . (...) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (.not file.)
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) . (...) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (.not file.)
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) . (...) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (.not file.)
O23 - Service: McAfee Platform Services (mcpltsvc) . (...) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (.not file.)
O23 - Service: McAfee Anti-Malware Core (mfecore) . (...) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (.not file.)
O23 - Service: mtzx (mtzx) . (...) - c:\windows\mtzx.exe
O23 - Service: tzx (tzx) . (...) - c:\windows\tzx.exe
O23 - Service: Update Hatchiho (Update Hatchiho) . (...) - C:\Program Files (x86)\Hatchiho\updateHatchiho.exe (.not file.)
O23 - Service: UpdateCheck (UpdateCheck) . (...) - C:\Program Files (x86)\Coupoon\UpdateCheck.exe
O23 - Service: Util Hatchiho (Util Hatchiho) . (...) - C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe (.not file.)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.SysTool PasSame LIMITED - Windows SysTool Svr.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
O23 - Service: Technical Specifications NOT (wovelivy) . (...) - C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\nsbB112.tmpfs
O23 - Service: Device Cut (xoperoze) . (...) - C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\jnsd274.tmp
O23 - Service: Subscription Clear (zedepory) . (...) - C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\hnsz1FB2.tmp
~ Services: 26 Legitimates Filtered in 00mn 14s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [amiupdaterExd] (...) -- C:\Users\Rhéda\AppData\Local\Temp\amiupdater1055.exe (.not file.) [0] =>PUP.Dealply
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP1] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP2] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.EF80351F25593E9D7A6B4B415C1DE431] [APT] [DFOZSNJILP] (...) -- C:\ProgramData\0f3b5471928b4fd3834dad205fba7597\0f3b5471928b4fd3834dad205fba7597.exe [277504]
[MD5.2DB4E2907D04FEE2633BCD6AE9CDD0BE] [APT] [iren3006] (...) -- C:\Program Files (x86)\HighlightSearches\iren3006.exe [59986]
[MD5.00000000000000000000000000000000] [APT] [QNBKJTVHX1] (...) -- C:\ProgramData\FlashBeat\FlashBeat.exe (.not file.) [0]
[MD5.24A85EA8DDC39FC4DF76571A5D7F6926] [APT] [RocketTab] (...) -- C:\Program Files (x86)\Search Extensions\Client.exe [1449472] =>PUP.RocketTab
[MD5.109BB6B289F0203E5AFBE063839A9E49] [APT] [RocketTab Update Task] (...) -- C:\Program Files (x86)\Search Extensions\uninstall.exe [5158912] =>PUP.RocketTab
[MD5.5A661EB9CD90E25313FABA387CD5B3FF] [APT] [Trirrama] (...) -- C:\ProgramData\Trirrama\1.0.1.0\krujehar.exe [157184]
O39 - APT: - (..) -- C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job [892]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier [892]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [376] =>PUP.AnyProtect
O39 - APT: - (..) -- C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job [358]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Bidaily Synchronize Task[74c7] [358]
O39 - APT: - (..) -- C:\Windows\Tasks\gcKZ9JOYImhL8EPpRykAlc8D.job [1038]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1090]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1094]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForRhéda [350]
O39 - APT: - (..) -- C:\Windows\Tasks\IfdEB85q2g7w2.job [1016]
O39 - APT: QNBKJTVHX1 - (...) -- C:\Windows\Tasks\QNBKJTVHX1.job [348]
O39 - APT: QNBKJTVHX1 - (...) -- C:\Windows\System32\Tasks\QNBKJTVHX1 [348]
~ Scheduled Task: 48 Legitimates Filtered in 00mn 34s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (innfd_1_10_0_14) . (. - .) - C:\Windows\System32\drivers\innfd_1_10_0_14.sys (.not file.)
O41 - Driver: (MpKsl271cca7e) . (. - .) - C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5AE1AA8C-7B2F-4572-A3F4-21994040C371}\MpKsl271cca7e.sys (.not file.)
O41 - Driver: (netfilter64) . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\netfilter64.sys
O41 - Driver: (scfd_1_10_0_16) . (. - .) - C:\Windows\System32\drivers\scfd_1_10_0_16.sys (.not file.)
O41 - Driver: ({641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({94aa20ef-1a4b-4b0e-bbf0-38e4abfd28a0}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{94aa20ef-1a4b-4b0e-bbf0-38e4abfd28a0}Gw64.sys =>PUP.LinkiDoo
~ Drivers: 66 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: RocketTab - (.RocketTab.) [HKLM][64Bits] -- RocketTab =>PUP.RocketTab
~ Logic: 46 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\Cinema_Plus-1.2V10.06-nv-ie]
[HKCU\Software\Gameo] =>PUP.Gameo
[HKCU\Software\GoldenGate]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\RocketTabInstalled] =>PUP.RocketTab
[HKCU\Software\Search Extensions] =>PUP.RocketTab
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\rttasks]
[HKLM\Software\ArenaHD]
[HKLM\Software\Flashbeat]
[HKLM\Software\HighDefAction]
[HKLM\Software\Wow6432Node\12dd3dd9-2549-5dae-4b1f-7ed4363699f6] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\ArenaHD]
[HKLM\Software\Wow6432Node\Flashbeat]
[HKLM\Software\Wow6432Node\Hatchiho]
[HKLM\Software\Wow6432Node\HighDefAction]
[HKLM\Software\Wow6432Node\Infonaut_1.10.0.14]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\SuperClick_1.10.0.16]
[HKLM\Software\Wow6432Node\TabNav]
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\YorkNewCin]
[HKLM\Software\Wow6432Node\coupoon]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\YorkNewCin]
[HKLM\Software\coupoon]
~ Key Software: 307 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/06/2015 - 18:12:54 - [] ----D C:\Program Files (x86)\ControlThis Parental Control
O43 - CFD: 11/06/2015 - 11:06:42 - [] ----D C:\Program Files (x86)\coupoon
O43 - CFD: 11/06/2015 - 11:04:13 - [] ----D C:\Program Files (x86)\Hatchiho
O43 - CFD: 10/06/2015 - 23:13:04 - [] ----D C:\Program Files (x86)\HighlightSearches
O43 - CFD: 10/06/2015 - 17:01:18 - [] ----D C:\Program Files (x86)\Search Extensions =>PUP.RocketTab
O43 - CFD: 11/06/2015 - 10:55:10 - [] ----D C:\Program Files (x86)\Super Optimizer =>PUP.SuperOptimizer
O43 - CFD: 20/01/2015 - 19:50:57 - [] ----D C:\Program Files (x86)\XTab
O43 - CFD: 11/06/2015 - 09:45:56 - [] ----D C:\ProgramData\0f3b5471928b4fd3834dad205fba7597
O43 - CFD: 10/06/2015 - 17:59:22 - [] ----D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
O43 - CFD: 19/05/2015 - 15:04:01 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 11/06/2015 - 09:03:10 - [] ----D C:\ProgramData\f0ee011600004dd3
O43 - CFD: 11/06/2015 - 10:55:01 - [] ----D C:\ProgramData\f75bf4fa00007a7c
O43 - CFD: 11/06/2015 - 11:04:12 - [] ----D C:\ProgramData\FlashBeat
O43 - CFD: 02/04/2015 - 00:17:54 - [0] ----D C:\ProgramData\NCOTEMP
O43 - CFD: 10/06/2015 - 17:05:12 - [] ----D C:\ProgramData\Trirrama
O43 - CFD: 11/06/2015 - 10:55:10 - [] --H-D C:\ProgramData\tzx
O43 - CFD: 28/05/2015 - 16:28:53 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 10/06/2015 - 23:06:58 - [] ----D C:\ProgramData\{78093132-311e-fc35-7809-93132311c4c8}
O43 - CFD: 07/05/2014 - 03:03:48 - [] ----D C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}
O43 - CFD: 11/06/2015 - 10:49:14 - [] ----D C:\ProgramData\{f82457f8-2401-7686-f824-457f82405fe0}
O43 - CFD: 19/05/2015 - 15:32:03 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
O43 - CFD: 08/07/2014 - 13:24:40 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
O43 - CFD: 08/07/2014 - 13:24:40 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
O43 - CFD: 08/07/2014 - 13:24:40 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
O43 - CFD: 18/03/2014 - 10:38:02 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 10/06/2015 - 16:52:12 - [] ----D C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928
O43 - CFD: 10/06/2015 - 16:55:03 - [] ----D C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951701-E311-B2A0-A02BB840B928
O43 - CFD: 10/06/2015 - 23:08:10 - [] ----D C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433974081-E311-B2A0-A02BB840B928
O43 - CFD: 10/06/2015 - 22:35:19 - [] -SH-D C:\Users\Rhéda\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 13/05/2015 - 12:56:40 - [] ----D C:\Users\Rhéda\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 20/01/2015 - 20:08:44 - [] ----D C:\Users\Rhéda\AppData\Roaming\Gameo =>PUP.Gameo
O43 - CFD: 20/01/2015 - 19:52:32 - [] --H-D C:\Users\Rhéda\AppData\Roaming\GoldenGate
O43 - CFD: 10/06/2015 - 23:37:52 - [] ----D C:\Users\Rhéda\AppData\Roaming\One System Care
O43 - CFD: 20/01/2015 - 20:06:33 - [] ----D C:\Users\Rhéda\AppData\Roaming\vi-view =>Hijacker.MyhomeViview
O43 - CFD: 20/05/2015 - 08:59:15 - [] ----D C:\Users\Rhéda\AppData\Local\70BE3DD0-4D59-4661-B2B7-A27ECF767A98.aplzod
O43 - CFD: 10/06/2015 - 17:01:29 - [] ----D C:\Users\Rhéda\AppData\Local\AB6E0556-1433955315-E311-B2A0-A02BB840B928
O43 - CFD: 02/01/2015 - 13:40:53 - [] -SH-D C:\Users\Rhéda\AppData\Local\EmieBrowserModeList
O43 - CFD: 20/01/2015 - 22:51:17 - [] ----D C:\Users\Rhéda\AppData\Local\Gameo =>PUP.Gameo
O43 - CFD: 11/06/2015 - 09:51:05 - [] ----D C:\Users\Rhéda\AppData\Local\SmartWeb
~ Program Folder: 207 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.3D0F24135CB0195DF157100CB53745C7] - 10/06/2015 - 13:51:20 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{94aa20ef-1a4b-4b0e-bbf0-38e4abfd28a0}Gw64.sys [48776] =>PUP.LinkiDoo
O44 - LFC:[MD5.9EFBBCB01D55B504F9CB0670D49AC512] - 10/06/2015 - 15:49:54 ---A- . (...) -- C:\Windows\tzx.exe [417792]
O44 - LFC:[MD5.A054BF51A9358CA92D06D9B6509233B8] - 10/06/2015 - 15:49:57 ---A- . (...) -- C:\Windows\mtzx.exe [408576]
O44 - LFC:[MD5.828AE71F67ACDB05C94F76FE37E55099] - 10/06/2015 - 15:50:00 ---A- . (...) -- C:\Windows\tzx.dat [631296]
O44 - LFC:[MD5.1C7D24960F83827296721A8D870E849A] - 10/06/2015 - 22:12:45 ---A- . (.Abengine - Pas de description.) -- C:\Windows\System32\abengine64.dll [409168]
O44 - LFC:[MD5.91633D8F0AA7F1FA94155291D778CF81] - 10/06/2015 - 22:34:22 ---A- . (...) -- C:\Windows\System32\abengineOff.ini [9248]
O44 - LFC:[MD5.E1FC5041B720D2C4BDE008045629A057] - 11/06/2015 - 09:01:46 ---A- . (...) -- C:\Windows\win.ini [226]
O44 - LFC:[MD5.74D9A83219CABAAB06A69FD318873F33] - 11/06/2015 - 10:06:42 ---A- . (...) -- C:\end [5]
~ Files: 36 Legitimates Filtered in 00mn 08s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.E14940051B30BA87C4CD9366B0F989BC] - 11/06/2015 - 09:32:47 ---A- - C:\Windows\Prefetch\ANYPROTECT.EXE-53752276.pf =>PUP.AnyProtect
O45 - LFCP:[MD5.B9E7E45FFD1B173797446200B529A2C8] - 10/06/2015 - 15:54:51 ---A- - C:\Windows\Prefetch\CLOUDSCOUT_14_05--B8D7A6C0.EX-82DBE454.pf =>PUP.CloudScout
O45 - LFCP:[MD5.B301CD79704EEF07817242D094645854] - 10/06/2015 - 15:54:51 ---A- - C:\Windows\Prefetch\CLOUDSCOUT_14_05--B8D7A6C0.TM-2A7147AF.pf =>PUP.CloudScout
O45 - LFCP:[MD5.4C97BE208B1A35554A85A250E4DDA07E] - 10/06/2015 - 22:06:22 ---A- - C:\Windows\Prefetch\GAMESDESKTOP3-GBINSTALLER.EXE-4EB9307F.pf =>Adware.PUP.GamesDesktop
O45 - LFCP:[MD5.5B159A451272952F67075EF42CB2C9A4] - 10/06/2015 - 22:06:24 ---A- - C:\Windows\Prefetch\GAMESDESKTOP3-GBINSTALLER.TMP-4D94D295.pf =>Adware.PUP.GamesDesktop
O45 - LFCP:[MD5.1338EC92EA16F9376B79A12816B6C232] - 10/06/2015 - 16:03:03 ---A- - C:\Windows\Prefetch\GLOBALUPDATE.EXE-2303F446.pf =>PUP.GlobalUpdate
O45 - LFCP:[MD5.9FDDBFBE49FBABA6843C34D0235888AE] - 10/06/2015 - 22:04:41 ---A- - C:\Windows\Prefetch\GLOBALUPDATE.EXE-262DDC98.pf =>PUP.GlobalUpdate
O45 - LFCP:[MD5.5874465A0A485E45AA531A6A5CE8B467] - 11/06/2015 - 10:09:05 ---A- - C:\Windows\Prefetch\GLOBALUPDATE.EXE-2956FB3E.pf =>PUP.GlobalUpdate
O45 - LFCP:[MD5.4653DEC05F20AC202185D0A7DEF725BB] - 11/06/2015 - 10:06:57 ---A- - C:\Windows\Prefetch\GLOBALUPDATECRASHHANDLER.EXE-0D97AF76.pf =>PUP.GlobalUpdate
O45 - LFCP:[MD5.7E6FCF7678ED5BD37BF107F77F1ED91A] - 10/06/2015 - 22:06:23 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO-UNINSTALLER.EXE-D569AA73.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.2E46D3B5CB1258FCA5BC084E0FA842E4] - 10/06/2015 - 22:15:01 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO.EXE-A9AB85D3.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.08D0A502EC29EE4BC3EDCA1C14AC293E] - 10/06/2015 - 22:47:29 ---A- - C:\Windows\Prefetch\PACKAGE_VUUPC_INSTALLER_MULTI-321596AC.pf =>PUP.VuuPC
O45 - LFCP:[MD5.242E20387AF58D839B702E86BA37A5F0] - 10/06/2015 - 22:47:29 ---A- - C:\Windows\Prefetch\PACKAGE_VUUPC_INSTALLER_MULTI-7CCD4BEB.pf =>PUP.VuuPC
O45 - LFCP:[MD5.96EA3A09F9C954635E6DC72B99A55A4D] - 20/01/2015 - 18:46:40 ---A- - C:\Windows\Prefetch\PCSPEEDMAXIMIZER_AQFR_AFD_PPI-751A9E11.pf =>Rogue.PCSpeedMaximizer
O45 - LFCP:[MD5.52952845D85F8BC0EC08D47FFC81245F] - 10/06/2015 - 15:49:44 ---A- - C:\Windows\Prefetch\PEPPERZIPINSTALLER.EXE-FE001B87.pf =>PUP.PepperZip
O45 - LFCP:[MD5.6AF2E00F0383CFF6BACA8EA325BBE654] - 10/06/2015 - 22:45:34 ---A- - C:\Windows\Prefetch\PREDM.EXE-893DD324.pf =>Adware.Downware
O45 - LFCP:[MD5.3A31D9F39838EFFD4E4792FF2039350E] - 10/06/2015 - 22:45:34 ---A- - C:\Windows\Prefetch\PREDM.TMP-213FB4E7.pf =>Adware.Downware
O45 - LFCP:[MD5.9A3E73F50F01A1E2B8C2CDAF14E72B55] - 11/06/2015 - 08:01:17 ---A- - C:\Windows\Prefetch\UNINSTALL_OPTIMIZERPRO.EXE-75D39110.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.5699649042DFEC2BFDAB8ADB95AFC2B4] - 01/06/2015 - 19:21:43 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-7F675E75.pf =>P2P.µTorrent
O45 - LFCP:[MD5.C4E2CD82F5FD72AC30A579191251D281] - 11/06/2015 - 08:12:07 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-D8FBECD5.pf =>P2P.µTorrent
O45 - LFCP:[MD5.C17FAE77DA28C21B53C07BEC6DC97ADB] - 10/06/2015 - 22:06:22 ---A- - C:\Windows\Prefetch\VOPACKAGE.EXE-45F548A6.pf =>Adware.Downware
O45 - LFCP:[MD5.0CD4CE5A6531DA2D46467D17E79DF3E9] - 11/06/2015 - 08:14:33 ---A- - C:\Windows\Prefetch\VOPACKAGE_1712.EXE-EEDE5F20.pf =>Adware.Downware
O45 - LFCP:[MD5.88E25B2BB2CACE1B55B24CDD66B2FBAF] - 10/06/2015 - 15:54:51 ---A- - C:\Windows\Prefetch\VUUPCINSTALLER.EXE-6061DF53.pf =>PUP.VuuPC
O45 - LFCP:[MD5.5B445690A6458EF3539A140D823569C1] - 10/06/2015 - 22:48:15 ---A- - C:\Windows\Prefetch\VUUPC_SOFT_PARTNER.EXE-17D74DD8.pf =>PUP.VuuPC
O45 - LFCP:[MD5.BBEA434E66F567D7816F06C3F9C35AE0] - 10/06/2015 - 15:59:42 ---A- - C:\Windows\Prefetch\ZOMBIEINVASIONINSTALL.EXE-3F438D38.pf =>PUP.ZombieInvasion
O45 - LFCP:[MD5.7E01CCD66ED7FC13024880924EAADB09] - 10/06/2015 - 17:09:34 ---A- - C:\Windows\Prefetch\ZOMBIEINVASIONUNINSTALL.EXE-245F6B71.pf =>PUP.ZombieInvasion
~ Prefetcher: 26 Legitimates Filtered in 00mn 02s
---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:12/08/2013 - 23:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:19/10/2012 - 03:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:19/10/2012 - 03:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:02/04/2015 - 22:22:32 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter64.sys [46376]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:22/08/2013 - 12:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:15/08/2014 - 22:35:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:20/01/2015 - 07:41:10 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64.sys [48792] =>PUP.LinkiDoo
O58 - SDL:10/06/2015 - 13:51:20 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{94aa20ef-1a4b-4b0e-bbf0-38e4abfd28a0}Gw64.sys [48776] =>PUP.LinkiDoo
~ Drivers: 73 Legitimates Filtered in 00mn 06s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/06/2015 - 11:15:54 ---A- . (...) -- C:\Users\Rhéda\AppData\Local\AB6E0556-1433955315-E311-B2A0-A02BB840B928\pnsr123A.exe [114500]
O61 - LFC: 10/06/2015 - 11:15:54 ---A- . (...) -- C:\Users\Rhéda\AppData\Local\AB6E0556-1433955315-E311-B2A0-A02BB840B928\Uninstall.exe [52188]
O61 - LFC: 10/06/2015 - 11:15:54 ---A- . (...) -- C:\Users\Rhéda\AppData\Local\AB6E0556-1433955315-E311-B2A0-A02BB840B928\rnsb1228.exe [162816]
O61 - LFC: 10/06/2015 - 11:20:26 ---A- . (...) -- C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\rnsdF65A.exe [162816]
O61 - LFC: 10/06/2015 - 11:20:27 ---A- . (...) -- C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\Uninstall.exe [66675]
O61 - LFC: 10/06/2015 - 11:20:27 ---A- . (...) -- C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951701-E311-B2A0-A02BB840B928\Uninstall.exe [67614]
O61 - LFC: 10/06/2015 - 11:20:28 ---A- . (...) -- C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433974081-E311-B2A0-A02BB840B928\Uninstall.exe [65092]
O61 - LFC: 11/06/2015 - 11:15:55 ---A- . (...) -- C:\Users\Rhéda\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
O61 - LFC: 11/06/2015 - 11:16:28 ---A- . (.SoftBrain Technologies Ltd..) -- C:\Users\Rhéda\AppData\Local\SmartWeb\__u.exe [172673]
~ 3840 Fichiers temporaires (Temporary files)
~ 2 Fichiers cookies (Cookies files)
~ Files: 71 Legitimates Filtered in 06mn 56s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://myhome.vi-view.com =>Hijacker.MyhomeViview
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://myhome.vi-view.com =>Hijacker.MyhomeViview
O69 - SBI: SearchScopes [HKCU] {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} - (Norton Safe Search) - http://myhome.vi-view.com =>Hijacker.MyhomeViview
O69 - SBI: SearchScopes [HKCU] {E6BCDD7B-D8EA-48C7-B590-0EF0E3A61E60} - (Propositions de recherche Amazon.fr) - http://myhome.vi-view.com =>Hijacker.MyhomeViview
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://myhome.vi-view.com =>Hijacker.MyhomeViview
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.3A1D89B89C9D62951957F0839578DD9B] [SPRF][20/04/2015] (...) -- C:\Users\Rhéda\AppData\Roaming\gcKZ9JOYImhL8EPpRykAlc8D.exe [1579520]
[MD5.3A1D89B89C9D62951957F0839578DD9B] [SPRF][20/04/2015] (...) -- C:\Users\Rhéda\AppData\Roaming\IfdEB85q2g7w2.exe [1579520]
[MD5.0BB8A77B544C70FE6599300D275B9D96] [SPRF][15/05/2015] (...) -- C:\Users\Rhéda\Desktop\cacaoweb.exe [515888] =>PUP.CacaoWeb
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection Rogue (SRI) (O86)
O43 - CFD: 11/06/2015 - 09:45:56 - [] ----D C:\ProgramData\0f3b5471928b4fd3834dad205fba7597
[MD5.EF80351F25593E9D7A6B4B415C1DE431] [SRI] (.Pas de propriétaire - 0f3b5471928b4fd3834dad205fba7597.) -- C:\ProgramData\0f3b5471928b4fd3834dad205fba7597\0f3b5471928b4fd3834dad205fba7597.exe [277504]
O43 - CFD: 10/06/2015 - 17:59:22 - [] ----D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
~ Files: Scanned in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{73F8A67B-998B-4E5A-B250-861E71FD2508}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Rhéda\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{B291137F-E2E8-4398-8FF6-F17361514DA2}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Rhéda\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 04s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 07/06/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 02/04/2015 172344 | (CoupoonService64) . (...) - C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe
SS - | Demand 17/02/2014 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 19/12/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/12/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SS - | Demand 01/07/2013 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
SS - | Auto 10/07/1658 0 | (mcbootdelaystartsvc) . (...) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
SS - | Demand 05/09/2012 234776 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
SS - | Auto 10/07/1658 0 | (McMPFSvc) . (...) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SS - | Auto 10/07/1658 0 | (McNaiAnn) . (...) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
SS - | Demand 10/07/1658 0 | (McODS) . (...) - C:\ProgramData\McAfee\msc\Updates\Installs\1\vso\%VSINSTALL_DIR64%\mcods.exe
SS - | Auto 10/07/1658 0 | (mcpltsvc) . (...) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 10/07/1658 0 | (Update Hatchiho) . (...) - C:\Program Files (x86)\Hatchiho\updateHatchiho.exe
SS - | Auto 10/07/1658 0 | (Util Hatchiho) . (...) - C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe
SR - | Auto 22/04/2015 2329600 | (abengine) . (.Abengine.) - C:\Program Files (x86)\HighlightSearches\abengine.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 19/01/2015 77128 | (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 19/05/2015 99128 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 29/10/2014 38792 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 08/10/2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 08/01/2015 158864 | (IHProtect Service) . (.XTab system.) - C:\Program Files (x86)\XTab\ProtectService.exe
SR - | Auto 01/07/2013 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
SR - | Demand 06/04/2015 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 07/04/2015 622392 | (lxqvbcbiws32) . (...) - C:\Program Files\015\lxqvbcbiws32.exe
SR - | Auto 10/07/1658 0 | (mfecore) . (...) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 20/06/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 20/06/2014 189912 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 10/06/2015 408576 | (mtzx) . (...) - c:\windows\mtzx.exe
SR - | Auto 07/03/2015 262928 | (NAV) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\NAV.exe
SR - | Auto 05/03/2015 131144 | (NCO) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
SR - | Auto 29/10/2014 38792 | C:\Windows\System32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 28/03/2014 88064 | (omniserv) . (.Softex Inc..) - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
SR - | Auto 29/10/2014 38792 | C:\Windows\System32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/01/2014 290520 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 10/06/2015 417792 | (tzx) . (...) - c:\windows\tzx.exe
SR - | Auto 11/06/2015 53040 | (UpdateCheck) . (...) - C:\Program Files (x86)\Coupoon\UpdateCheck.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 20/05/2015 315392 | (WindowsMangerProtect) . (.SysTool PasSame LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 10/06/2015 744960 | (wovelivy) . (...) - C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\nsbB112.tmpfs
SR - | Demand 29/10/2014 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/06/2015 219136 | (xoperoze) . (...) - C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\jnsd274.tmp
SR - | Auto 10/06/2015 166912 | (zedepory) . (...) - C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\hnsz1FB2.tmp
~ Services: Scanned in 00mn 26s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Rhéda at 11/06/2015 11:25:26
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Rhéda at 11/06/2015 11:25:28
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (27/12/2014)
Clés trouvées (Keys found) : 12
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 8
Fichiers trouvés (Files found) : 15
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab] =>PUP.RocketTab^
[HKLM\Software\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}] =>PUP.GetNow
[HKLM\Software\Wow6432Node\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}] =>PUP.GetNow
[HKLM\Software\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}] =>PUP.GetNow
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}] =>Toolbar.Ask
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:cacaoweb =>PUP.CacaoWeb^
C:\Program Files (x86)\Search Extensions =>PUP.RocketTab^
C:\Program Files (x86)\Super Optimizer =>PUP.SuperOptimizer^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\Users\Rhéda\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect^
C:\Users\Rhéda\AppData\Roaming\cacaoweb =>PUP.CacaoWeb^
C:\Users\Rhéda\AppData\Roaming\Gameo =>PUP.Gameo^
C:\Users\Rhéda\AppData\Roaming\vi-view =>Hijacker.MyhomeViview^
C:\Users\Rhéda\AppData\Local\Gameo =>PUP.Gameo^
C:\Program Files (x86)\Search Extensions\Client.exe =>PUP.RocketTab^
C:\Program Files (x86)\Search Extensions\uninstall.exe =>PUP.RocketTab^
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.AnyProtect^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCU\Software\Gameo] =>PUP.Gameo^
[HKCU\Software\RocketTabInstalled] =>PUP.RocketTab^
[HKCU\Software\Search Extensions] =>PUP.RocketTab^
[HKLM\Software\Wow6432Node\12dd3dd9-2549-5dae-4b1f-7ed4363699f6] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
C:\Users\Rhéda\Desktop\cacaoweb.exe =>PUP.CacaoWeb^
C:\Users\Rhéda\Downloads\cacaoweb.exe =>PUP.CacaoWeb
~ Additionnel Scan: 319745 Items scanned in 03mn 19s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>Hijacker.MyhomeViview
http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://www.nicolascoolman.fr/blog/ =>Adware.PUP.GamesDesktop
http://nicolascoolman.fr/pup-cacaoweb =>PUP.CacaoWeb
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://nicolascoolman.fr/pup-dealply =>PUP.Dealply
http://nicolascoolman.fr/pup-anyprotect =>PUP.AnyProtect
http://www.nicolascoolman.fr/blog/ =>PUP.RocketTab
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://www.nicolascoolman.fr/blog/ =>PUP.Gameo
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://www.nicolascoolman.fr/blog/ =>PUP.SuperOptimizer
http://www.nicolascoolman.fr/blog/ =>PUP.CloudScout
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.fr/pup-vuupc =>PUP.VuuPC
http://nicolascoolman.fr/rogue-pcspeedmaximizer =>Rogue.PCSpeedMaximizer
http://www.nicolascoolman.fr/blog/ =>PUP.PepperZip
http://nicolascoolman.fr/adware-downware =>Adware.Downware
http://www.nicolascoolman.fr/blog/ =>PUP.ZombieInvasion
http://nicolascoolman.fr/pup-getnow =>PUP.GetNow
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
~ MSI: 26 link(s) detected in 00mn 00s
---\\ Alert Messages
WARNING : Hijacker Proxy found, Clean with ZHPCleaner Tool
~ 885 Legitimates filtered by white list
End of the scan (719 lines in 14mn 55s)(0)
~ Lancé par Rhéda (11/06/2015 11:13:56)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17842
GCIE: Google Chrome v43.0.2357.124 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : T6MCD
Windows License : OK
~ Windows Remaining Initializations Number : 997
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Norton AntiVirus v21.7.0.11
McAfee Security Scan Plus v3.0.285.6
Windows Defender W8 (Activate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 17 PPAPI
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 55 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3984 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 595 GB (87%) free of 681 GB
---\\ Mode de connexion au système
~ Computer Name: SELECTOW
~ User Name: Rhéda
~ All Users Names: user, Rhéda, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Rhéda\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Rhéda\AppData\Roaming\
~ %Desktop% : C:\Users\Rhéda\Desktop\
~ %Favorites% : C:\Users\Rhéda\Favorites\
~ %LocalAppData% : C:\Users\Rhéda\AppData\Local\
~ %StartMenu% : C:\Users\Rhéda\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 595 Go of 681 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 17 Go)
E: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.27/01/2015 - 23:47:12.) -- C:\Windows\Explorer.exe [2501368]
[MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Application de démarrage de Windows.) (.29/10/2014 - 01:25:54.) -- C:\Windows\System32\Wininit.exe [145920]
[MD5.417F80E4AFBA1AA9EBBD618F1C6D9165] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/05/2015 - 17:50:20.) -- C:\Windows\System32\wininet.dll [2426880]
[MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.29/10/2014 - 01:22:52.) -- C:\Windows\System32\Winlogon.exe [572416]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.18/03/2014 - 09:54:52.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.30/05/2014 - 03:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 12:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 11:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 08:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 09:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/07/2014 - 11:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.D887446F3F6051C60C26F4FD1FC8D43F] - (.Microsoft Corporation - Pilote de port i8042.) (.07/10/2014 - 03:29:50.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 09:54:55.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.08/10/2014 - 07:32:10.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 11:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.15/10/2014 - 08:32:37.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 11:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 11:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.18/03/2014 - 09:37:57.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 13:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/06/2014 - 02:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/1853
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 2/14
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/73
~ Mon Bureau (My Desktop) : 2/753
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.464CB8BB12682AE462CC89B718CDE58A] - (.Symantec Corporation - Norton AntiVirus.) -- C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\NAV.exe [262928] [PID.2836]
[MD5.4AA10AEFC7E7FB30BAA8706BC5798E1D] - (.Symantec Corporation - Norton Identity Safe.) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144] [PID.2852]
[MD5.4E9AF25BA5E8219310E384AEA5B0EED8] - (.CyberLink - CyberLink MediaLibrary Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576] [PID.6016]
[MD5.85778366674083C3070834AE7A917214] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224] [PID.6024]
[MD5.34084D25BE6F48D072AA54DE630438FD] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896] [PID.4504]
[MD5.E47AC731D42B2452D4C0BF096DF3DD6E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8145408] [PID.4796]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Rhéda\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://myhome.vi-view.com =>Hijacker.MyhomeViview
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhome.vi-view.com =>Hijacker.MyhomeViview
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://myhome.vi-view.com =>Hijacker.MyhomeViview
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://myhome.vi-view.com =>Hijacker.MyhomeViview
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\XTab\SupTab.dll =>PUP.SupTab
~ BHO: 12 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Norton Identity Safe Toolbar - [HKLM]{A13C2648-91D4-4bf3-BC6D-0079707C4389} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{A13C2648-91D4-4BF3-BC6D-0079707C4389} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [Rhéda]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Rhéda\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Rhéda]: Continue GamesDesktop Uninstaller.lnk . (...) -- C:\Users\Rhéda\AppData\Local\Temp\is-I5QS9.tmp\SOLUN.exe (.not file.) =>Adware.PUP.GamesDesktop
O4 - GS\Desktop [Rhéda]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Rhéda\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 4 Legitimates Filtered in 00mn 16s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SimplePass] . (.Hewlett-Packard - HP SimplePass Application.) -- C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
O4 - HKLM\..\Run: [OPBHOBroker] . (.Hewlett-Packard - HP SimplePass BHO Broker.) -- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
O4 - HKLM\..\Run: [OPBHOBrokerDesktop] . (.Hewlett-Packard - HP SimplePass BHO Broker.) -- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\Rhéda\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - iCloud Photos.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudDrive] . (.Apple Inc. - iCloud Drive.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Rhéda\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [gmsd_gb_425] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [gmsd_gb_438] Clé orpheline
O4 - HKUS\S-1-5-21-1101188376-3935122507-210231845-1002\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1101188376-3935122507-210231845-1002\..\Run: [cacaoweb] . (...) -- C:\Users\Rhéda\AppData\Roaming\cacaoweb\cacaoweb.exe =>PUP.CacaoWeb
O4 - HKUS\S-1-5-21-1101188376-3935122507-210231845-1002\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-1101188376-3935122507-210231845-1002\..\Run: [ApplePhotoStreams] . (.Apple Inc. - iCloud Photos.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-1101188376-3935122507-210231845-1002\..\Run: [iCloudDrive] . (.Apple Inc. - iCloud Drive.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKUS\S-1-5-21-1101188376-3935122507-210231845-1002\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Rhéda\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 05s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Skype for Business Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1993ED6B-7C5C-4A28-946D-9DFA66381EE8}: NameServer = 81.218.119.5,82.163.142.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BB7C062-C794-49FE-8BE1-C4908282C1FC}: NameServer = 81.218.119.5,82.163.142.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{801034C2-F75E-4634-8F64-9A03DD1360B1}: NameServer = 81.218.119.5,82.163.142.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{801034C2-F75E-4634-8F64-9A03DD1360B1}: DhcpNameServer = 10.105.42.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BB7C062-C794-49FE-8BE1-C4908282C1FC}: DhcpDomain = hpdeploy.lab
O17 - HKLM\System\CCS\Services\Tcpip\..\{801034C2-F75E-4634-8F64-9A03DD1360B1}: DhcpDomain = popcorn
O17 - HKLM\System\CS1\Services\Tcpip\..\{1993ED6B-7C5C-4A28-946D-9DFA66381EE8}: NameServer = 81.218.119.5,82.163.142.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BB7C062-C794-49FE-8BE1-C4908282C1FC}: NameServer = 81.218.119.5,82.163.142.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{801034C2-F75E-4634-8F64-9A03DD1360B1}: NameServer = 81.218.119.5,82.163.142.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{801034C2-F75E-4634-8F64-9A03DD1360B1}: DhcpNameServer = 10.105.42.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BB7C062-C794-49FE-8BE1-C4908282C1FC}: DhcpDomain = hpdeploy.lab
O17 - HKLM\System\CS1\Services\Tcpip\..\{801034C2-F75E-4634-8F64-9A03DD1360B1}: DhcpDomain = popcorn
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.105.42.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: abengine (abengine) . (.Abengine - Pas de description.) - C:\Program Files (x86)\HighlightSearches\abengine.exe
O23 - Service: CoupoonService64 (CoupoonService64) . (...) - C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\XTab\ProtectService.exe
O23 - Service: lxqvbcbiws32 (lxqvbcbiws32) . (...) - C:\Program Files\015\lxqvbcbiws32.exe
O23 - Service: McAfee Boot Delay Start Service (mcbootdelaystartsvc) . (...) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (.not file.)
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) . (...) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (.not file.)
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) . (...) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (.not file.)
O23 - Service: McAfee Platform Services (mcpltsvc) . (...) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (.not file.)
O23 - Service: McAfee Anti-Malware Core (mfecore) . (...) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (.not file.)
O23 - Service: mtzx (mtzx) . (...) - c:\windows\mtzx.exe
O23 - Service: tzx (tzx) . (...) - c:\windows\tzx.exe
O23 - Service: Update Hatchiho (Update Hatchiho) . (...) - C:\Program Files (x86)\Hatchiho\updateHatchiho.exe (.not file.)
O23 - Service: UpdateCheck (UpdateCheck) . (...) - C:\Program Files (x86)\Coupoon\UpdateCheck.exe
O23 - Service: Util Hatchiho (Util Hatchiho) . (...) - C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe (.not file.)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.SysTool PasSame LIMITED - Windows SysTool Svr.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
O23 - Service: Technical Specifications NOT (wovelivy) . (...) - C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\nsbB112.tmpfs
O23 - Service: Device Cut (xoperoze) . (...) - C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\jnsd274.tmp
O23 - Service: Subscription Clear (zedepory) . (...) - C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\hnsz1FB2.tmp
~ Services: 26 Legitimates Filtered in 00mn 14s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [amiupdaterExd] (...) -- C:\Users\Rhéda\AppData\Local\Temp\amiupdater1055.exe (.not file.) [0] =>PUP.Dealply
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP1] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP2] (...) -- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.EF80351F25593E9D7A6B4B415C1DE431] [APT] [DFOZSNJILP] (...) -- C:\ProgramData\0f3b5471928b4fd3834dad205fba7597\0f3b5471928b4fd3834dad205fba7597.exe [277504]
[MD5.2DB4E2907D04FEE2633BCD6AE9CDD0BE] [APT] [iren3006] (...) -- C:\Program Files (x86)\HighlightSearches\iren3006.exe [59986]
[MD5.00000000000000000000000000000000] [APT] [QNBKJTVHX1] (...) -- C:\ProgramData\FlashBeat\FlashBeat.exe (.not file.) [0]
[MD5.24A85EA8DDC39FC4DF76571A5D7F6926] [APT] [RocketTab] (...) -- C:\Program Files (x86)\Search Extensions\Client.exe [1449472] =>PUP.RocketTab
[MD5.109BB6B289F0203E5AFBE063839A9E49] [APT] [RocketTab Update Task] (...) -- C:\Program Files (x86)\Search Extensions\uninstall.exe [5158912] =>PUP.RocketTab
[MD5.5A661EB9CD90E25313FABA387CD5B3FF] [APT] [Trirrama] (...) -- C:\ProgramData\Trirrama\1.0.1.0\krujehar.exe [157184]
O39 - APT: - (..) -- C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job [892]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier [892]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [378] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [376] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [376] =>PUP.AnyProtect
O39 - APT: - (..) -- C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job [358]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Bidaily Synchronize Task[74c7] [358]
O39 - APT: - (..) -- C:\Windows\Tasks\gcKZ9JOYImhL8EPpRykAlc8D.job [1038]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1090]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1094]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForRhéda [350]
O39 - APT: - (..) -- C:\Windows\Tasks\IfdEB85q2g7w2.job [1016]
O39 - APT: QNBKJTVHX1 - (...) -- C:\Windows\Tasks\QNBKJTVHX1.job [348]
O39 - APT: QNBKJTVHX1 - (...) -- C:\Windows\System32\Tasks\QNBKJTVHX1 [348]
~ Scheduled Task: 48 Legitimates Filtered in 00mn 34s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (innfd_1_10_0_14) . (. - .) - C:\Windows\System32\drivers\innfd_1_10_0_14.sys (.not file.)
O41 - Driver: (MpKsl271cca7e) . (. - .) - C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5AE1AA8C-7B2F-4572-A3F4-21994040C371}\MpKsl271cca7e.sys (.not file.)
O41 - Driver: (netfilter64) . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\netfilter64.sys
O41 - Driver: (scfd_1_10_0_16) . (. - .) - C:\Windows\System32\drivers\scfd_1_10_0_16.sys (.not file.)
O41 - Driver: ({641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({94aa20ef-1a4b-4b0e-bbf0-38e4abfd28a0}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{94aa20ef-1a4b-4b0e-bbf0-38e4abfd28a0}Gw64.sys =>PUP.LinkiDoo
~ Drivers: 66 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: RocketTab - (.RocketTab.) [HKLM][64Bits] -- RocketTab =>PUP.RocketTab
~ Logic: 46 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\Cinema_Plus-1.2V10.06-nv-ie]
[HKCU\Software\Gameo] =>PUP.Gameo
[HKCU\Software\GoldenGate]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\RocketTabInstalled] =>PUP.RocketTab
[HKCU\Software\Search Extensions] =>PUP.RocketTab
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\rttasks]
[HKLM\Software\ArenaHD]
[HKLM\Software\Flashbeat]
[HKLM\Software\HighDefAction]
[HKLM\Software\Wow6432Node\12dd3dd9-2549-5dae-4b1f-7ed4363699f6] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\ArenaHD]
[HKLM\Software\Wow6432Node\Flashbeat]
[HKLM\Software\Wow6432Node\Hatchiho]
[HKLM\Software\Wow6432Node\HighDefAction]
[HKLM\Software\Wow6432Node\Infonaut_1.10.0.14]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\SuperClick_1.10.0.16]
[HKLM\Software\Wow6432Node\TabNav]
[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\YorkNewCin]
[HKLM\Software\Wow6432Node\coupoon]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\YorkNewCin]
[HKLM\Software\coupoon]
~ Key Software: 307 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/06/2015 - 18:12:54 - [] ----D C:\Program Files (x86)\ControlThis Parental Control
O43 - CFD: 11/06/2015 - 11:06:42 - [] ----D C:\Program Files (x86)\coupoon
O43 - CFD: 11/06/2015 - 11:04:13 - [] ----D C:\Program Files (x86)\Hatchiho
O43 - CFD: 10/06/2015 - 23:13:04 - [] ----D C:\Program Files (x86)\HighlightSearches
O43 - CFD: 10/06/2015 - 17:01:18 - [] ----D C:\Program Files (x86)\Search Extensions =>PUP.RocketTab
O43 - CFD: 11/06/2015 - 10:55:10 - [] ----D C:\Program Files (x86)\Super Optimizer =>PUP.SuperOptimizer
O43 - CFD: 20/01/2015 - 19:50:57 - [] ----D C:\Program Files (x86)\XTab
O43 - CFD: 11/06/2015 - 09:45:56 - [] ----D C:\ProgramData\0f3b5471928b4fd3834dad205fba7597
O43 - CFD: 10/06/2015 - 17:59:22 - [] ----D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
O43 - CFD: 19/05/2015 - 15:04:01 - [] ----D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 11/06/2015 - 09:03:10 - [] ----D C:\ProgramData\f0ee011600004dd3
O43 - CFD: 11/06/2015 - 10:55:01 - [] ----D C:\ProgramData\f75bf4fa00007a7c
O43 - CFD: 11/06/2015 - 11:04:12 - [] ----D C:\ProgramData\FlashBeat
O43 - CFD: 02/04/2015 - 00:17:54 - [0] ----D C:\ProgramData\NCOTEMP
O43 - CFD: 10/06/2015 - 17:05:12 - [] ----D C:\ProgramData\Trirrama
O43 - CFD: 11/06/2015 - 10:55:10 - [] --H-D C:\ProgramData\tzx
O43 - CFD: 28/05/2015 - 16:28:53 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 10/06/2015 - 23:06:58 - [] ----D C:\ProgramData\{78093132-311e-fc35-7809-93132311c4c8}
O43 - CFD: 07/05/2014 - 03:03:48 - [] ----D C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}
O43 - CFD: 11/06/2015 - 10:49:14 - [] ----D C:\ProgramData\{f82457f8-2401-7686-f824-457f82405fe0}
O43 - CFD: 19/05/2015 - 15:32:03 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
O43 - CFD: 08/07/2014 - 13:24:40 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
O43 - CFD: 08/07/2014 - 13:24:40 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
O43 - CFD: 08/07/2014 - 13:24:40 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
O43 - CFD: 18/03/2014 - 10:38:02 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 10/06/2015 - 16:52:12 - [] ----D C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928
O43 - CFD: 10/06/2015 - 16:55:03 - [] ----D C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951701-E311-B2A0-A02BB840B928
O43 - CFD: 10/06/2015 - 23:08:10 - [] ----D C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433974081-E311-B2A0-A02BB840B928
O43 - CFD: 10/06/2015 - 22:35:19 - [] -SH-D C:\Users\Rhéda\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect
O43 - CFD: 13/05/2015 - 12:56:40 - [] ----D C:\Users\Rhéda\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 20/01/2015 - 20:08:44 - [] ----D C:\Users\Rhéda\AppData\Roaming\Gameo =>PUP.Gameo
O43 - CFD: 20/01/2015 - 19:52:32 - [] --H-D C:\Users\Rhéda\AppData\Roaming\GoldenGate
O43 - CFD: 10/06/2015 - 23:37:52 - [] ----D C:\Users\Rhéda\AppData\Roaming\One System Care
O43 - CFD: 20/01/2015 - 20:06:33 - [] ----D C:\Users\Rhéda\AppData\Roaming\vi-view =>Hijacker.MyhomeViview
O43 - CFD: 20/05/2015 - 08:59:15 - [] ----D C:\Users\Rhéda\AppData\Local\70BE3DD0-4D59-4661-B2B7-A27ECF767A98.aplzod
O43 - CFD: 10/06/2015 - 17:01:29 - [] ----D C:\Users\Rhéda\AppData\Local\AB6E0556-1433955315-E311-B2A0-A02BB840B928
O43 - CFD: 02/01/2015 - 13:40:53 - [] -SH-D C:\Users\Rhéda\AppData\Local\EmieBrowserModeList
O43 - CFD: 20/01/2015 - 22:51:17 - [] ----D C:\Users\Rhéda\AppData\Local\Gameo =>PUP.Gameo
O43 - CFD: 11/06/2015 - 09:51:05 - [] ----D C:\Users\Rhéda\AppData\Local\SmartWeb
~ Program Folder: 207 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.3D0F24135CB0195DF157100CB53745C7] - 10/06/2015 - 13:51:20 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{94aa20ef-1a4b-4b0e-bbf0-38e4abfd28a0}Gw64.sys [48776] =>PUP.LinkiDoo
O44 - LFC:[MD5.9EFBBCB01D55B504F9CB0670D49AC512] - 10/06/2015 - 15:49:54 ---A- . (...) -- C:\Windows\tzx.exe [417792]
O44 - LFC:[MD5.A054BF51A9358CA92D06D9B6509233B8] - 10/06/2015 - 15:49:57 ---A- . (...) -- C:\Windows\mtzx.exe [408576]
O44 - LFC:[MD5.828AE71F67ACDB05C94F76FE37E55099] - 10/06/2015 - 15:50:00 ---A- . (...) -- C:\Windows\tzx.dat [631296]
O44 - LFC:[MD5.1C7D24960F83827296721A8D870E849A] - 10/06/2015 - 22:12:45 ---A- . (.Abengine - Pas de description.) -- C:\Windows\System32\abengine64.dll [409168]
O44 - LFC:[MD5.91633D8F0AA7F1FA94155291D778CF81] - 10/06/2015 - 22:34:22 ---A- . (...) -- C:\Windows\System32\abengineOff.ini [9248]
O44 - LFC:[MD5.E1FC5041B720D2C4BDE008045629A057] - 11/06/2015 - 09:01:46 ---A- . (...) -- C:\Windows\win.ini [226]
O44 - LFC:[MD5.74D9A83219CABAAB06A69FD318873F33] - 11/06/2015 - 10:06:42 ---A- . (...) -- C:\end [5]
~ Files: 36 Legitimates Filtered in 00mn 08s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.E14940051B30BA87C4CD9366B0F989BC] - 11/06/2015 - 09:32:47 ---A- - C:\Windows\Prefetch\ANYPROTECT.EXE-53752276.pf =>PUP.AnyProtect
O45 - LFCP:[MD5.B9E7E45FFD1B173797446200B529A2C8] - 10/06/2015 - 15:54:51 ---A- - C:\Windows\Prefetch\CLOUDSCOUT_14_05--B8D7A6C0.EX-82DBE454.pf =>PUP.CloudScout
O45 - LFCP:[MD5.B301CD79704EEF07817242D094645854] - 10/06/2015 - 15:54:51 ---A- - C:\Windows\Prefetch\CLOUDSCOUT_14_05--B8D7A6C0.TM-2A7147AF.pf =>PUP.CloudScout
O45 - LFCP:[MD5.4C97BE208B1A35554A85A250E4DDA07E] - 10/06/2015 - 22:06:22 ---A- - C:\Windows\Prefetch\GAMESDESKTOP3-GBINSTALLER.EXE-4EB9307F.pf =>Adware.PUP.GamesDesktop
O45 - LFCP:[MD5.5B159A451272952F67075EF42CB2C9A4] - 10/06/2015 - 22:06:24 ---A- - C:\Windows\Prefetch\GAMESDESKTOP3-GBINSTALLER.TMP-4D94D295.pf =>Adware.PUP.GamesDesktop
O45 - LFCP:[MD5.1338EC92EA16F9376B79A12816B6C232] - 10/06/2015 - 16:03:03 ---A- - C:\Windows\Prefetch\GLOBALUPDATE.EXE-2303F446.pf =>PUP.GlobalUpdate
O45 - LFCP:[MD5.9FDDBFBE49FBABA6843C34D0235888AE] - 10/06/2015 - 22:04:41 ---A- - C:\Windows\Prefetch\GLOBALUPDATE.EXE-262DDC98.pf =>PUP.GlobalUpdate
O45 - LFCP:[MD5.5874465A0A485E45AA531A6A5CE8B467] - 11/06/2015 - 10:09:05 ---A- - C:\Windows\Prefetch\GLOBALUPDATE.EXE-2956FB3E.pf =>PUP.GlobalUpdate
O45 - LFCP:[MD5.4653DEC05F20AC202185D0A7DEF725BB] - 11/06/2015 - 10:06:57 ---A- - C:\Windows\Prefetch\GLOBALUPDATECRASHHANDLER.EXE-0D97AF76.pf =>PUP.GlobalUpdate
O45 - LFCP:[MD5.7E6FCF7678ED5BD37BF107F77F1ED91A] - 10/06/2015 - 22:06:23 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO-UNINSTALLER.EXE-D569AA73.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.2E46D3B5CB1258FCA5BC084E0FA842E4] - 10/06/2015 - 22:15:01 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO.EXE-A9AB85D3.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.08D0A502EC29EE4BC3EDCA1C14AC293E] - 10/06/2015 - 22:47:29 ---A- - C:\Windows\Prefetch\PACKAGE_VUUPC_INSTALLER_MULTI-321596AC.pf =>PUP.VuuPC
O45 - LFCP:[MD5.242E20387AF58D839B702E86BA37A5F0] - 10/06/2015 - 22:47:29 ---A- - C:\Windows\Prefetch\PACKAGE_VUUPC_INSTALLER_MULTI-7CCD4BEB.pf =>PUP.VuuPC
O45 - LFCP:[MD5.96EA3A09F9C954635E6DC72B99A55A4D] - 20/01/2015 - 18:46:40 ---A- - C:\Windows\Prefetch\PCSPEEDMAXIMIZER_AQFR_AFD_PPI-751A9E11.pf =>Rogue.PCSpeedMaximizer
O45 - LFCP:[MD5.52952845D85F8BC0EC08D47FFC81245F] - 10/06/2015 - 15:49:44 ---A- - C:\Windows\Prefetch\PEPPERZIPINSTALLER.EXE-FE001B87.pf =>PUP.PepperZip
O45 - LFCP:[MD5.6AF2E00F0383CFF6BACA8EA325BBE654] - 10/06/2015 - 22:45:34 ---A- - C:\Windows\Prefetch\PREDM.EXE-893DD324.pf =>Adware.Downware
O45 - LFCP:[MD5.3A31D9F39838EFFD4E4792FF2039350E] - 10/06/2015 - 22:45:34 ---A- - C:\Windows\Prefetch\PREDM.TMP-213FB4E7.pf =>Adware.Downware
O45 - LFCP:[MD5.9A3E73F50F01A1E2B8C2CDAF14E72B55] - 11/06/2015 - 08:01:17 ---A- - C:\Windows\Prefetch\UNINSTALL_OPTIMIZERPRO.EXE-75D39110.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.5699649042DFEC2BFDAB8ADB95AFC2B4] - 01/06/2015 - 19:21:43 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-7F675E75.pf =>P2P.µTorrent
O45 - LFCP:[MD5.C4E2CD82F5FD72AC30A579191251D281] - 11/06/2015 - 08:12:07 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-D8FBECD5.pf =>P2P.µTorrent
O45 - LFCP:[MD5.C17FAE77DA28C21B53C07BEC6DC97ADB] - 10/06/2015 - 22:06:22 ---A- - C:\Windows\Prefetch\VOPACKAGE.EXE-45F548A6.pf =>Adware.Downware
O45 - LFCP:[MD5.0CD4CE5A6531DA2D46467D17E79DF3E9] - 11/06/2015 - 08:14:33 ---A- - C:\Windows\Prefetch\VOPACKAGE_1712.EXE-EEDE5F20.pf =>Adware.Downware
O45 - LFCP:[MD5.88E25B2BB2CACE1B55B24CDD66B2FBAF] - 10/06/2015 - 15:54:51 ---A- - C:\Windows\Prefetch\VUUPCINSTALLER.EXE-6061DF53.pf =>PUP.VuuPC
O45 - LFCP:[MD5.5B445690A6458EF3539A140D823569C1] - 10/06/2015 - 22:48:15 ---A- - C:\Windows\Prefetch\VUUPC_SOFT_PARTNER.EXE-17D74DD8.pf =>PUP.VuuPC
O45 - LFCP:[MD5.BBEA434E66F567D7816F06C3F9C35AE0] - 10/06/2015 - 15:59:42 ---A- - C:\Windows\Prefetch\ZOMBIEINVASIONINSTALL.EXE-3F438D38.pf =>PUP.ZombieInvasion
O45 - LFCP:[MD5.7E01CCD66ED7FC13024880924EAADB09] - 10/06/2015 - 17:09:34 ---A- - C:\Windows\Prefetch\ZOMBIEINVASIONUNINSTALL.EXE-245F6B71.pf =>PUP.ZombieInvasion
~ Prefetcher: 26 Legitimates Filtered in 00mn 02s
---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:12/08/2013 - 23:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:19/10/2012 - 03:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:19/10/2012 - 03:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:02/04/2015 - 22:22:32 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter64.sys [46376]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:22/08/2013 - 12:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:15/08/2014 - 22:35:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:20/01/2015 - 07:41:10 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64.sys [48792] =>PUP.LinkiDoo
O58 - SDL:10/06/2015 - 13:51:20 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{94aa20ef-1a4b-4b0e-bbf0-38e4abfd28a0}Gw64.sys [48776] =>PUP.LinkiDoo
~ Drivers: 73 Legitimates Filtered in 00mn 06s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/06/2015 - 11:15:54 ---A- . (...) -- C:\Users\Rhéda\AppData\Local\AB6E0556-1433955315-E311-B2A0-A02BB840B928\pnsr123A.exe [114500]
O61 - LFC: 10/06/2015 - 11:15:54 ---A- . (...) -- C:\Users\Rhéda\AppData\Local\AB6E0556-1433955315-E311-B2A0-A02BB840B928\Uninstall.exe [52188]
O61 - LFC: 10/06/2015 - 11:15:54 ---A- . (...) -- C:\Users\Rhéda\AppData\Local\AB6E0556-1433955315-E311-B2A0-A02BB840B928\rnsb1228.exe [162816]
O61 - LFC: 10/06/2015 - 11:20:26 ---A- . (...) -- C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\rnsdF65A.exe [162816]
O61 - LFC: 10/06/2015 - 11:20:27 ---A- . (...) -- C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\Uninstall.exe [66675]
O61 - LFC: 10/06/2015 - 11:20:27 ---A- . (...) -- C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951701-E311-B2A0-A02BB840B928\Uninstall.exe [67614]
O61 - LFC: 10/06/2015 - 11:20:28 ---A- . (...) -- C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433974081-E311-B2A0-A02BB840B928\Uninstall.exe [65092]
O61 - LFC: 11/06/2015 - 11:15:55 ---A- . (...) -- C:\Users\Rhéda\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
O61 - LFC: 11/06/2015 - 11:16:28 ---A- . (.SoftBrain Technologies Ltd..) -- C:\Users\Rhéda\AppData\Local\SmartWeb\__u.exe [172673]
~ 3840 Fichiers temporaires (Temporary files)
~ 2 Fichiers cookies (Cookies files)
~ Files: 71 Legitimates Filtered in 06mn 56s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://myhome.vi-view.com =>Hijacker.MyhomeViview
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - http://myhome.vi-view.com =>Hijacker.MyhomeViview
O69 - SBI: SearchScopes [HKCU] {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} - (Norton Safe Search) - http://myhome.vi-view.com =>Hijacker.MyhomeViview
O69 - SBI: SearchScopes [HKCU] {E6BCDD7B-D8EA-48C7-B590-0EF0E3A61E60} - (Propositions de recherche Amazon.fr) - http://myhome.vi-view.com =>Hijacker.MyhomeViview
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://myhome.vi-view.com =>Hijacker.MyhomeViview
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.3A1D89B89C9D62951957F0839578DD9B] [SPRF][20/04/2015] (...) -- C:\Users\Rhéda\AppData\Roaming\gcKZ9JOYImhL8EPpRykAlc8D.exe [1579520]
[MD5.3A1D89B89C9D62951957F0839578DD9B] [SPRF][20/04/2015] (...) -- C:\Users\Rhéda\AppData\Roaming\IfdEB85q2g7w2.exe [1579520]
[MD5.0BB8A77B544C70FE6599300D275B9D96] [SPRF][15/05/2015] (...) -- C:\Users\Rhéda\Desktop\cacaoweb.exe [515888] =>PUP.CacaoWeb
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection Rogue (SRI) (O86)
O43 - CFD: 11/06/2015 - 09:45:56 - [] ----D C:\ProgramData\0f3b5471928b4fd3834dad205fba7597
[MD5.EF80351F25593E9D7A6B4B415C1DE431] [SRI] (.Pas de propriétaire - 0f3b5471928b4fd3834dad205fba7597.) -- C:\ProgramData\0f3b5471928b4fd3834dad205fba7597\0f3b5471928b4fd3834dad205fba7597.exe [277504]
O43 - CFD: 10/06/2015 - 17:59:22 - [] ----D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
~ Files: Scanned in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{73F8A67B-998B-4E5A-B250-861E71FD2508}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Rhéda\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{B291137F-E2E8-4398-8FF6-F17361514DA2}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Rhéda\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 04s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 07/06/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 02/04/2015 172344 | (CoupoonService64) . (...) - C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe
SS - | Demand 17/02/2014 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 19/12/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/12/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SS - | Demand 01/07/2013 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
SS - | Auto 10/07/1658 0 | (mcbootdelaystartsvc) . (...) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
SS - | Demand 05/09/2012 234776 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
SS - | Auto 10/07/1658 0 | (McMPFSvc) . (...) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SS - | Auto 10/07/1658 0 | (McNaiAnn) . (...) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
SS - | Demand 10/07/1658 0 | (McODS) . (...) - C:\ProgramData\McAfee\msc\Updates\Installs\1\vso\%VSINSTALL_DIR64%\mcods.exe
SS - | Auto 10/07/1658 0 | (mcpltsvc) . (...) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 10/07/1658 0 | (Update Hatchiho) . (...) - C:\Program Files (x86)\Hatchiho\updateHatchiho.exe
SS - | Auto 10/07/1658 0 | (Util Hatchiho) . (...) - C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe
SR - | Auto 22/04/2015 2329600 | (abengine) . (.Abengine.) - C:\Program Files (x86)\HighlightSearches\abengine.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 19/01/2015 77128 | (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 19/05/2015 99128 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 29/10/2014 38792 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 08/10/2013 1039160 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 08/01/2015 158864 | (IHProtect Service) . (.XTab system.) - C:\Program Files (x86)\XTab\ProtectService.exe
SR - | Auto 01/07/2013 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
SR - | Demand 06/04/2015 643880 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 07/04/2015 622392 | (lxqvbcbiws32) . (...) - C:\Program Files\015\lxqvbcbiws32.exe
SR - | Auto 10/07/1658 0 | (mfecore) . (...) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 20/06/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 20/06/2014 189912 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 10/06/2015 408576 | (mtzx) . (...) - c:\windows\mtzx.exe
SR - | Auto 07/03/2015 262928 | (NAV) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\NAV.exe
SR - | Auto 05/03/2015 131144 | (NCO) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
SR - | Auto 29/10/2014 38792 | C:\Windows\System32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 28/03/2014 88064 | (omniserv) . (.Softex Inc..) - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
SR - | Auto 29/10/2014 38792 | C:\Windows\System32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/01/2014 290520 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 10/06/2015 417792 | (tzx) . (...) - c:\windows\tzx.exe
SR - | Auto 11/06/2015 53040 | (UpdateCheck) . (...) - C:\Program Files (x86)\Coupoon\UpdateCheck.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 20/05/2015 315392 | (WindowsMangerProtect) . (.SysTool PasSame LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 10/06/2015 744960 | (wovelivy) . (...) - C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\nsbB112.tmpfs
SR - | Demand 29/10/2014 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/06/2015 219136 | (xoperoze) . (...) - C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\jnsd274.tmp
SR - | Auto 10/06/2015 166912 | (zedepory) . (...) - C:\Users\Rhéda\AppData\Roaming\AB6E0556-1433951464-E311-B2A0-A02BB840B928\hnsz1FB2.tmp
~ Services: Scanned in 00mn 26s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Rhéda at 11/06/2015 11:25:26
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Rhéda at 11/06/2015 11:25:28
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (27/12/2014)
Clés trouvées (Keys found) : 12
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 8
Fichiers trouvés (Files found) : 15
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab] =>PUP.RocketTab^
[HKLM\Software\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}] =>PUP.GetNow
[HKLM\Software\Wow6432Node\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}] =>PUP.GetNow
[HKLM\Software\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}] =>PUP.GetNow
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}] =>Toolbar.Ask
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:cacaoweb =>PUP.CacaoWeb^
C:\Program Files (x86)\Search Extensions =>PUP.RocketTab^
C:\Program Files (x86)\Super Optimizer =>PUP.SuperOptimizer^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\Users\Rhéda\AppData\Roaming\AnyProtectEx =>PUP.AnyProtect^
C:\Users\Rhéda\AppData\Roaming\cacaoweb =>PUP.CacaoWeb^
C:\Users\Rhéda\AppData\Roaming\Gameo =>PUP.Gameo^
C:\Users\Rhéda\AppData\Roaming\vi-view =>Hijacker.MyhomeViview^
C:\Users\Rhéda\AppData\Local\Gameo =>PUP.Gameo^
C:\Program Files (x86)\Search Extensions\Client.exe =>PUP.RocketTab^
C:\Program Files (x86)\Search Extensions\uninstall.exe =>PUP.RocketTab^
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.AnyProtect^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCU\Software\Gameo] =>PUP.Gameo^
[HKCU\Software\RocketTabInstalled] =>PUP.RocketTab^
[HKCU\Software\Search Extensions] =>PUP.RocketTab^
[HKLM\Software\Wow6432Node\12dd3dd9-2549-5dae-4b1f-7ed4363699f6] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
C:\Users\Rhéda\Desktop\cacaoweb.exe =>PUP.CacaoWeb^
C:\Users\Rhéda\Downloads\cacaoweb.exe =>PUP.CacaoWeb
~ Additionnel Scan: 319745 Items scanned in 03mn 19s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>Hijacker.MyhomeViview
http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://www.nicolascoolman.fr/blog/ =>Adware.PUP.GamesDesktop
http://nicolascoolman.fr/pup-cacaoweb =>PUP.CacaoWeb
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://nicolascoolman.fr/pup-dealply =>PUP.Dealply
http://nicolascoolman.fr/pup-anyprotect =>PUP.AnyProtect
http://www.nicolascoolman.fr/blog/ =>PUP.RocketTab
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://www.nicolascoolman.fr/blog/ =>PUP.Gameo
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://www.nicolascoolman.fr/blog/ =>PUP.SuperOptimizer
http://www.nicolascoolman.fr/blog/ =>PUP.CloudScout
http://nicolascoolman.fr/pup-globalupdate =>PUP.GlobalUpdate
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.fr/pup-vuupc =>PUP.VuuPC
http://nicolascoolman.fr/rogue-pcspeedmaximizer =>Rogue.PCSpeedMaximizer
http://www.nicolascoolman.fr/blog/ =>PUP.PepperZip
http://nicolascoolman.fr/adware-downware =>Adware.Downware
http://www.nicolascoolman.fr/blog/ =>PUP.ZombieInvasion
http://nicolascoolman.fr/pup-getnow =>PUP.GetNow
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
~ MSI: 26 link(s) detected in 00mn 00s
---\\ Alert Messages
WARNING : Hijacker Proxy found, Clean with ZHPCleaner Tool
~ 885 Legitimates filtered by white list
End of the scan (719 lines in 14mn 55s)(0)