cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.6.16.57 - Nicolas Coolman (16/06/2015)
~ Lancé par User (20/06/2015 22:49:45)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://www.forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17843
GCIE: Google Chrome v43.0.2357.124 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : GCFF6
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 7 Starter, 32-bit Service Pack 1 (Build 7601)

---\\ Logiciels de protection du système
Microsoft Security Client v4.8.0204.0
Windows Defender W7 (Deactivate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 18 NPAPI
Adobe Reader XI
Java 7 Update 51

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1011 MB (19% free)
System Restore: Activé (Enable)
System drive C: has 166 GB (76%) free of 216 GB

---\\ Mode de connexion au système
~ Computer Name: USER-PC
~ User Name: User
~ All Users Names: User, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\User\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\User\AppData\Roaming\
~ %Desktop% : C:\Users\User\Desktop\
~ %Favorites% : C:\Users\User\Favorites\
~ %LocalAppData% : C:\Users\User\AppData\Local\
~ %StartMenu% : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 166 Go of 216 Go)
D: Hard drive, Flash drive, Thumb drive (Free 4 Go of 4 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4EB138060BAE0DBAB1A3B71A3141FE7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/05/2015 - 03:20:35.) -- C:\Windows\System32\wininet.dll [1950720]
[MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/07/2014 - 02:39:27.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.7FE680A3DFA421C4A8E4879AE4C5AAB0] - (.Microsoft Corporation - TDI Translation Driver.) (.11/11/2014 - 02:32:14.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/89
~ Mes Favoris (My Favorites) : 1/13
~ Mes Documents (My Documents) : 2/5
~ Mon Bureau (My Desktop) : 2/674
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 05s



---\\ Processus lancés
[MD5.0203706E97B7286EDDBC62B1D16025C3] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files\Launch Manager\LMworker.exe [334416] [PID.2008]
[MD5.4A73AB8412D3AA6CFAD24051FF9DBFA7] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160] [PID.664]
[MD5.ADC10BE320A29259270B4A93A24A78D3] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576] [PID.380]
[MD5.1C5259D56FE964E28C3000A453E25D83] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.592]
[MD5.0EEBD74D965705707C1D92A9D7C72C6A] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.740]
[MD5.29852B33E2A3278882A3C294F2B8C0BC] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.928]
[MD5.2ADC102A6D92BFB1F092A1A165E24181] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe [1081424] [PID.1092]
[MD5.83CAA2F77A04E4F5E7AA47BE2B1E3639] - (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368] [PID.1504]
[MD5.B5F7F6F700F45ACD5035A459064673BA] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.136]
[MD5.70332A3AC635A60025AE0A16ECCCE402] - (.Insyde Software Corp. - Sync Data.) -- C:\Program Files\Acer\Android Manager\iSync.exe [408128] [PID.1732]
[MD5.4D04DC533FA72943994E74C720C42577] - (.Insyde Software Corp. - Acer Updater for Android™.) -- C:\Program Files\Acer\Updater\iUpdate.exe [492096] [PID.484]
[MD5.EFC3319E5BC0FD6A992840E8EBD98BA3] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761945] [PID.2068]
[MD5.A39FD8374E6F83E2C592476700F0A755] - (.Acer Incorporated - Acer VCM.) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe [704104] [PID.2400]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.3152]
[MD5.1D0A274CDDE76D7B799E3AE962840523] - (.Intel Corporation - igfxext Module.) -- C:\Windows\system32\igfxext.exe [173080] [PID.3544]
[MD5.4547360EB0D90804B3AD080CE1D1D814] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [813896] [PID.4412]
[MD5.E7B58CE9BD61BF575E2880088F4E5447] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8218112] [PID.4656]
~ Processes Running: Scanned in 00mn 03s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 4 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.com =>PUP.RockTurner
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://start.mysearchdial.com =>Adware.MyWebSearch
~ IE Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{98889811-442D-49dd-99D7-DC866BE87DBC} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [User]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://aartemis.com =>PUP.AArtemis
O4 - GS\Program [User]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://aartemis.com =>PUP.AArtemis
O4 - GS\SystemTools [User]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://aartemis.com =>PUP.AArtemis
~ Global Startup: 3 Legitimates Filtered in 00mn 06s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Power Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [iSyncData] . (.Insyde Software Corp. - Sync Data.) -- C:\Program Files\Acer\Android Manager\iSync.exe
O4 - HKLM\..\Run: [AndroidManager] . (.Pas de propriétaire - Acer Configuration Manager for Android™ lau.) -- C:\Program Files\Acer\Android Manager\AML.exe
O4 - HKLM\..\Run: [iPatchData] . (.Insyde Software Corp. - Acer Updater for Android™.) -- C:\Program Files\Acer\Updater\iUpdate.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [fst_fr_35] Clé orpheline =>Adware.FreeSoftToday
O4 - HKLM\..\Run: [Search Protection] . (.Visicom Media Inc. - Search Protection.) -- C:\ProgramData\Search Protection\SearchProtection.exe =>PUP.SearchProtect
O4 - HKLM\..\Run: [InstallerLauncher] C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe (.not file.)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Agent de l'application Wallet] C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Agent de l'application Wallet] C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-3915353608-2722147474-3049327453-1000\..\Run: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe (.not file.)
~ Application: Scanned in 00mn 01s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A83AE36-D7E2-45E1-B1C3-EE5F7BA66C69}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4A83AE36-D7E2-45E1-B1C3-EE5F7BA66C69}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4A83AE36-D7E2-45E1-B1C3-EE5F7BA66C69}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Update App Bud (Update App Bud) . (...) - C:\Program Files\App Bud\updateAppBud.exe (.not file.) =>PUP.CrossRider
O23 - Service: Update FindRight (Update FindRight) . (...) - C:\Program Files\FindRight\updateFindRight.exe (.not file.) =>Hijacker.FindrToolbar
~ Services: 9 Legitimates Filtered in 00mn 12s



---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d09a079a07d8 [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d09a071cd195c [1058]
O39 - APT: - (..) -- C:\Windows\Tasks\Rocket Updater.job [288] =>PUP.RockTurner
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Rocket Updater [288] =>PUP.RockTurner
~ Scheduled Task: 9 Legitimates Filtered in 00mn 04s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\31255InstEnd]
[HKCU\Software\31257InstEnd]
[HKCU\Software\5fed8d9e63cef12] =>PUP.Babylon
[HKCU\Software\BabylonToolbar] =>PUP.Babylon
[HKCU\Software\BackgroundChanger]
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\ICSW]
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\MyWebSearch] =>Adware.MyWebSearch
[HKCU\Software\Reg]
[HKCU\Software\Rocket Browser] =>PUP.RockTurner
[HKCU\Software\RocketUpdater] =>PUP.RockTurner
[HKCU\Software\Searchya] =>Adware.SearchYa
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Vittalia] =>PUP.Vittalia
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\5fed8d9e63cef12] =>PUP.Babylon
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\DomaIQ] =>Adware.DomaIQ
[HKLM\Software\Email Notifier]
[HKLM\Software\FREESOFTTODAY] =>Adware.FreeSoftToday
[HKLM\Software\FocusInteractive]
[HKLM\Software\Fun Web Products] =>Adware.MyWebSearch
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\MyWebSearch] =>Adware.MyWebSearch
[HKLM\Software\Reg]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Updater By Sweetpacks] =>PUP.SweetIM
~ Key Software: 230 Legitimates Filtered in 00mn 03s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/08/2012 - 07:55:49 - [] ----D C:\Program Files\Accessory Store
O43 - CFD: 28/02/2014 - 15:36:51 - [0] ----D C:\Program Files\FindRight =>Hijacker.FindrToolbar
O43 - CFD: 19/03/2014 - 22:49:35 - [0] ----D C:\Program Files\Mega Browse =>PUP.MegaBrowse
O43 - CFD: 06/06/2014 - 08:26:34 - [] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 02/09/2012 - 19:17:05 - [] ----D C:\Program Files\MyWebSearch =>Adware.MyWebSearch
O43 - CFD: 01/07/2014 - 21:10:14 - [0] ----D C:\Program Files\NetCrawl =>PUP.NetCrawl
O43 - CFD: 05/06/2014 - 21:37:49 - [] ----D C:\Program Files\Speedial =>Adware.SearchYa
O43 - CFD: 10/11/2013 - 18:30:50 - [] ----D C:\Program Files\Uninstaller
O43 - CFD: 05/06/2014 - 20:38:38 - [] ----D C:\Program Files\ZSoft
O43 - CFD: 30/08/2012 - 00:41:32 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 06/01/2014 - 20:09:03 - [] ----D C:\ProgramData\BoxUpdChk =>Adware.Boxore
O43 - CFD: 13/05/2013 - 18:49:04 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 30/08/2012 - 00:41:31 - [] ----D C:\Users\User\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 26/12/2013 - 20:52:47 - [] ----D C:\Users\User\AppData\Roaming\iSafe =>Trojan.Staser
O43 - CFD: 03/05/2014 - 18:29:48 - [] ----D C:\Users\User\AppData\Roaming\newnext.me =>PUP.NextLive
O43 - CFD: 01/07/2014 - 18:45:40 - [] ----D C:\Users\User\AppData\Roaming\RocketUpdater =>PUP.RockTurner
O43 - CFD: 24/02/2013 - 14:33:21 - [] ----D C:\Users\User\AppData\Roaming\Searchya =>Adware.SearchYa
O43 - CFD: 05/06/2014 - 21:38:45 - [] ----D C:\Users\User\AppData\Roaming\Speedial =>Adware.SearchYa
O43 - CFD: 30/08/2012 - 00:42:37 - [] ----D C:\Users\User\AppData\Local\Ares Mod
O43 - CFD: 14/11/2014 - 13:17:29 - [0] -SH-D C:\Users\User\AppData\Local\EmieBrowserModeList
O43 - CFD: 03/05/2014 - 20:02:19 - [0] ----D C:\Users\User\AppData\Local\genienext =>PUP.NextLive
O43 - CFD: 13/02/2013 - 19:11:04 - [0] ----D C:\Users\User\AppData\Local\Lollipop =>Adware.Lollipop
O43 - CFD: 11/03/2013 - 21:48:34 - [0] ----D C:\Users\User\AppData\Local\Supreme Savings =>PUP.RewardsArcade
O43 - CFD: 11/03/2013 - 21:44:35 - [] ----D C:\Users\User\AppData\Local\Updater19962 =>PUP.CrossRider
~ 219 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 421 Legitimates Filtered in 00mn 15s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{f5fe654a-236e-11e2-b45c-e89a8f722148}\AutoRun\command. (...) -- E:\NokiaPCIA_Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:22/01/2014 - 07:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [88576]
O58 - SDL:22/01/2014 - 07:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [184192]
O58 - SDL:04/06/2013 - 08:15:00 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [181912]
O58 - SDL:14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 67 Legitimates Filtered in 00mn 07s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 20/06/2015 - 22:52:05 ---A- . (...) -- C:\Users\User\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
~ 3842 Fichiers temporaires (Temporary files)
~ 62 Fichiers cookies (Cookies files)
~ Files: 2 Legitimates Filtered in 08mn 37s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {2DD47D27-5293-497C-88EC-DA5FAD71464B} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} - (WSE Rocket) - http://rocket-find.com =>PUP.RockTurner
O69 - SBI: SearchScopes [HKCU] {33729A43-5800-4165-B014-8C66D24C900A} [DefaultScope] - (Astromenda) - http://astromenda.com =>PUP.Astromenda
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (WSE Rocket) - http://rocket-find.com =>PUP.RockTurner
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {56256A51-B582-467e-B8D4-7786EDA79AE0} [DefaultScope] - (My Web Search) - http://search.mywebsearch.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {56256A51-B582-467e-B8D4-7786EDA79AE0} [DefaultScope] - (My Web Search) - http://search.mywebsearch.com =>Adware.MyWebSearch
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.C197EA347EF2F6466BEF53FE01311E9E] [SPRF][03/05/2014] (...) -- C:\ProgramData\1399133588.bdinstall.bin [2581589]
[MD5.7F998BE16D8F853592CAFE044857BBC5] [SPRF][03/06/2014] (...) -- C:\ProgramData\1401802046.bdinstall.bin [656585]
[MD5.A868B782C95423FD81D1F25DF88C0BD5] [SPRF][03/06/2014] (...) -- C:\ProgramData\1401802603.bdinstall.bin [50041]
[MD5.CA55FBBA06556C050A9548CB16AF8334] [SPRF][02/07/2014] (...) -- C:\ProgramData\1404333175.bdinstall.bin [32533]
[MD5.0D3B680986310AE5540578C0E481C6A0] [SPRF][02/03/2010] (...) -- C:\ProgramData\FullRemove.exe [131984]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5fed8d9e63cef12\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon
[HKCU\Software\5fed8d9e63cef12\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:version="2.3.796.11" =>PUP.Babylon
[HKCU\Software\5fed8d9e63cef12\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon
[HKCU\Software\5fed8d9e63cef12\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:version="2.6.1123.78" =>PUP.Babylon
[HKCU\Software\5fed8d9e63cef12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5fed8d9e63cef12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" =>Hijacker.Eazel
[HKCU\Software\5fed8d9e63cef12] =>PUP.Babylon^
[HKCU\Software\5fed8d9e63cef12]:version="2.6.1095.52" =>PUP.Babylon
[HKLM\Software\5fed8d9e63cef12]:version="2.6.1095.52" =>PUP.Babylon
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32 =>Adware.DomaIQ
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS =>Adware.DomaIQ
HKLM\SOFTWARE\Microsoft\Tracing\emule_RASAPI32 =>P2P.eMule
HKLM\SOFTWARE\Microsoft\Tracing\emule_RASMANCS =>P2P.eMule
HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_0102-0d89a395_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_0102-0d89a395_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_kreapixel_14650_RASAPI32 =>Adware.SocialSkinz
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_kreapixel_14650_RASMANCS =>Adware.SocialSkinz
HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32 =>PUP.MegaBrowse
HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS =>PUP.MegaBrowse
HKLM\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_RASAPI32 =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_RASMANCS =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\SearchYa_1302-7f59da1c_RASAPI32 =>Adware.SearchYa
HKLM\SOFTWARE\Microsoft\Tracing\SearchYa_1302-7f59da1c_RASMANCS =>Adware.SearchYa
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_windows-live-messenger_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_windows-live-messenger_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\Supreme Savings_RASAPI32 =>PUP.RewardsArcade
HKLM\SOFTWARE\Microsoft\Tracing\Supreme Savings_RASMANCS =>PUP.RewardsArcade
HKLM\SOFTWARE\Microsoft\Tracing\updateClingClang_RASAPI32 =>PUP.ClingClang
HKLM\SOFTWARE\Microsoft\Tracing\updateClingClang_RASMANCS =>PUP.ClingClang
HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32 =>PUP.MegaBrowse
HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS =>PUP.MegaBrowse
HKLM\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASAPI32 =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASMANCS =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\updateSunriseBrowse_RASAPI32 =>PUP.SunriseBrowse
HKLM\SOFTWARE\Microsoft\Tracing\updateSunriseBrowse_RASMANCS =>PUP.SunriseBrowse
HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32 =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\utilFindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Microsoft\Tracing\utilFindRight_RASMANCS =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASAPI32 =>PUP.MegaBrowse
HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASMANCS =>PUP.MegaBrowse
HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32 =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\yontoo-C4-04D0_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Microsoft\Tracing\yontoo-C4-04D0_RASMANCS =>Adware.Yontoo
HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS =>Adware.Yontoo
~ BTK: 288 Legitimates Filtered in 00mn 02s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 17/06/2015 268976 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 27/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 02/01/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 22/07/1658 0 | (Update App Bud) . (...) - C:\Program Files\App Bud\updateAppBud.exe =>PUP.CrossRider
SS - | Auto 22/07/1658 0 | (Update FindRight) . (...) - C:\Program Files\FindRight\updateFindRight.exe =>Hijacker.FindrToolbar
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/12/2014 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/03/2011 352336 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files\Launch Manager\dsiwmis.exe
SR - | Auto 22/02/2011 739944 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 08/01/2010 23584 | (GREGService) . (.Acer Incorporated.) - C:\Program Files\Acer\Registration\GREGsvc.exe
SR - | Auto 06/11/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 05/04/2012 255376 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 30/04/2015 22216 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 30/01/2010 260640 | (RS_Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer VCM\RS_Service.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 54s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (16/06/2015)
Clés trouvées (Keys found) : 71
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 24
Fichiers trouvés (Files found) : 29

[HKLM\SYSTEM\CurrentControlSet\Services\Update App Bud] =>PUP.CrossRider^
[HKLM\SYSTEM\CurrentControlSet\Services\Update FindRight] =>Hijacker.FindrToolbar^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca}] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0}] =>Adware.AdRotator
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0}] =>Adware.AdRotator
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481}] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7}] =>Adware.MyWebSearch
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] =>Adware.Yontoo
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907}] =>Adware.MyWebSearch
[HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}] =>PUP.Dealio
[HKLM\Software\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127}] =>Adware.MyWebSearch
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>PUP.Wajam
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7}] =>Adware.MyWebSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da}] =>Adware.MyWebSearch
[HKLM\Software\Classes\Prod.cap] =>PUP.ClaroSearch
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC
[HKLM\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj] =>Adware.SearchYa
[HKCU\Software\BabylonToolbar] =>PUP.Babylon
[HKCU\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Boxore] =>Adware.Boxore
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\focusinteractive] =>Adware.MyWebSearch
[HKCU\Software\AppDataLow\Software\Fun Web Products] =>Adware.MyWebSearch
[HKLM\Software\Fun Web Products] =>Adware.MyWebSearch
[HKCU\Software\FunWebProducts] =>Adware.MyWebSearch
[HKCU\Software\AppDataLow\Software\FunWebProducts] =>Adware.MyWebSearch
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\Softonic] =>PUP.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}] =>Toolbar.DeltaSearch
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch
[HKLM\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\esrv.mysearchdialESrvc] =>Adware.MyWebSearch
[HKLM\Software\Classes\esrv.mysearchdialESrvc.1] =>Adware.MyWebSearch
[HKLM\Software\Classes\esrv.searchyaESrvc] =>Adware.SearchYa
[HKLM\Software\Classes\esrv.searchyaESrvc.1] =>Adware.SearchYa
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_35 =>Adware.FreeSoftToday^
C:\Program Files\FindRight =>Hijacker.FindrToolbar^
C:\Program Files\Mega Browse =>PUP.MegaBrowse^
C:\Program Files\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files\MyWebSearch =>Adware.MyWebSearch^
C:\Program Files\NetCrawl =>PUP.NetCrawl^
C:\Program Files\Speedial =>Adware.SearchYa^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\BoxUpdChk =>Adware.Boxore^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\Users\User\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\User\AppData\Roaming\iSafe =>Trojan.Staser^
C:\Users\User\AppData\Roaming\newnext.me =>PUP.NextLive^
C:\Users\User\AppData\Roaming\RocketUpdater =>PUP.RockTurner^
C:\Users\User\AppData\Roaming\Searchya =>Adware.SearchYa^
C:\Users\User\AppData\Roaming\Speedial =>Adware.SearchYa^
C:\Users\User\AppData\Local\genienext =>PUP.NextLive^
C:\Users\User\AppData\Local\Lollipop =>Adware.Lollipop^
C:\Users\User\AppData\Local\Supreme Savings =>PUP.RewardsArcade^
C:\Users\User\AppData\Local\Updater19962 =>PUP.CrossRider^
C:\Program Files\FunWebProducts =>Adware.MyWebSearch
C:\Program Files\Software =>Adware.Boxore
C:\Users\User\AppData\LocalLow\BabylonToolbar =>PUP.Babylon
C:\Users\User\AppData\LocalLow\FunWebProducts =>Adware.MyWebSearch
C:\Users\User\AppData\LocalLow\MyWebSearch =>Adware.MyWebSearch
C:\Windows\Tasks\Rocket Updater.job =>PUP.RockTurner^
C:\Windows\System32\Tasks\Rocket Updater =>PUP.RockTurner^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\MyWebSearch] =>Adware.MyWebSearch^
[HKCU\Software\Rocket Browser] =>PUP.RockTurner^
[HKCU\Software\RocketUpdater] =>PUP.RockTurner^
[HKCU\Software\Searchya] =>Adware.SearchYa^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\Vittalia] =>PUP.Vittalia^
[HKLM\Software\Babylon] =>PUP.Babylon^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\DomaIQ] =>Adware.DomaIQ^
[HKLM\Software\FREESOFTTODAY] =>Adware.FreeSoftToday^
[HKLM\Software\MyWebSearch] =>Adware.MyWebSearch^
[HKLM\Software\Updater By Sweetpacks] =>PUP.SweetIM^
[HKCU\Software\5fed8d9e63cef12\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.796.11]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon^
[HKCU\Software\5fed8d9e63cef12\history\{16cdff19-861d-48e3-a751-d99a27784753}2.6.1123.78]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" =>PUP.Babylon^
[HKCU\Software\5fed8d9e63cef12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\5fed8d9e63cef12] =>PUP.Babylon^^
C:\Users\User\AppData\Local\Temp\nsb8370.exe =>Toolbar.Conduit
C:\Users\User\AppData\Local\Temp\nsg9E3D.exe =>Toolbar.Conduit
C:\Users\User\AppData\Local\Temp\nsj1F9B.exe =>Toolbar.Conduit
C:\Users\User\AppData\Local\Temp\nsl85FB.exe =>Toolbar.Conduit
C:\Users\User\AppData\Local\Temp\nsw95B9.exe =>Toolbar.Conduit
~ Additionnel Scan: 221177 Items scanned in 03mn 17s



---\\ Informations complémentaires sur les modules
~ http://www.nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://www.nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://www.nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://www.nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/pup-rockturner =>PUP.RockTurner
http://www.nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://www.nicolascoolman.fr/pup-aartemis =>PUP.AArtemis
http://www.nicolascoolman.fr/adware-freesofttoday =>Adware.FreeSoftToday
http://www.nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://www.nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://www.nicolascoolman.fr/hijacker-findrtoolbar =>Hijacker.FindrToolbar
http://www.nicolascoolman.fr/pup-babylon =>PUP.Babylon
http://www.nicolascoolman.fr/adware-boxore =>Adware.Boxore
http://www.nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://www.nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://www.nicolascoolman.fr/adware-searchya =>Adware.SearchYa
http://www.nicolascoolman.fr/pup-sweetim =>PUP.SweetIM
http://www.nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusive
http://www.nicolascoolman.fr/pup-vittalia =>PUP.Vittalia
http://www.nicolascoolman.fr/adware-lollipop =>Adware.Lollipop
http://www.nicolascoolman.fr/adware-domaiq =>Adware.DomaIQ
http://www.nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://www.nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://www.nicolascoolman.fr/pup-megabrowse =>PUP.MegaBrowse
http://www.nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://www.nicolascoolman.fr/pup-netcrawl =>PUP.NetCrawl
http://www.nicolascoolman.fr/trojan-staser =>Trojan.Staser
http://www.nicolascoolman.fr/pup-nextlive =>PUP.NextLive
http://www.nicolascoolman.fr/pup-rewardsarcade =>PUP.RewardsArcade
http://www.nicolascoolman.fr/pup-astromenda =>PUP.Astromenda
http://www.nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://www.nicolascoolman.fr/adware-socialskinz =>Adware.SocialSkinz
http://www.nicolascoolman.fr/pup-clingclang =>PUP.ClingClang
http://www.nicolascoolman.fr/pup-sunrisebrowse =>PUP.SunriseBrowse
http://www.nicolascoolman.fr/pup-webget =>PUP.WebGet
http://www.nicolascoolman.fr/pup-wajam =>PUP.Wajam
http://www.nicolascoolman.fr/adware-yontoo =>Adware.Yontoo
http://www.nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://www.nicolascoolman.fr/adware-adrotator =>Adware.AdRotator
http://www.nicolascoolman.fr/pup-dealio =>PUP.Dealio
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
http://www.nicolascoolman.fr/blog/ =>Adware.CDNHelper
http://www.nicolascoolman.fr/pup-clarosearch =>PUP.ClaroSearch
http://www.nicolascoolman.fr/blog/ =>PUP.SpeedUpMyPC
http://www.nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://www.nicolascoolman.fr/blog/ =>Spyware.AgenceExclusive
http://www.nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://www.nicolascoolman.fr/pup-elex =>PUP.Elex
http://www.nicolascoolman.fr/adware-browsefox =>Adware.BrowseFox
~ MSI: 46 link(s) detected in 00mn 00s



~ 1112 Legitimates filtered by white list
End of the scan (734 lines in 16mn 16s)(0.11)

Publicité


Signaler le contenu de ce document

Publicité