~ Rapport de ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014) ~ Lancé par utilisateur (14/07/2014 17:18:12) ~ Adresse du Site Web http://nicolascoolman.fr ~ Traduit par Nicolas Coolman ~ Etat de la version : Nouvelle version disponible ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v7.0.6000.16982 MFIE: Mozilla Firefox 30.0 GCIE: Google Chrome v35.0.1916.153 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows Vista (TM) Home Basic, 32-bit (Build 6000) Windows Server License Manager Script : OK ~ Windows Operating System - Vista, OEM_COA_SLP channel Windows ID Activation : OK ~ Windows Partial Key : Q89JW Windows License : OK Windows Automatic Updates : OK ---\\ Logiciels de protection du système avast! Free Antivirus v9.0.2021 Microsoft Security Client v4.4.0304.0 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 14 Plugin Adobe Reader 9.5.5 - Français ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3000 MB (58% free) System Restore: Activé (Enable) System drive C: has 90 GB (67%) free of 134 GB ---\\ Mode de connexion au système ~ Computer Name: PC-DE-UTILISATE ~ User Name: utilisateur ~ All Users Names: utilisateur, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\utilisateur\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\utilisateur\AppData\Roaming\ ~ %Desktop% : C:\Users\utilisateur\Desktop\ ~ %Favorites% : C:\Users\utilisateur\Favorites\ ~ %LocalAppData% : C:\Users\utilisateur\AppData\Local\ ~ %StartMenu% : C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 90 Go of 134 Go) D: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowPrinters: Modified ~ Security Center: 38 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.37440D09DEAE0B672A04DCCF7ABF06BE] - (.Microsoft Corporation - Explorateur Windows.) (.01/11/2013 - 18:18:52.) -- C:\Windows\Explorer.exe [2923520] [MD5.D4385B03E8CCCEE6F0EE249F827C1F3E] - (.Microsoft Corporation - Application de démarrage de Windows.) (.02/11/2006 - 10:45:57.) -- C:\Windows\System32\Wininit.exe [95744] [MD5.C7A318E74FEF945EBFF855C1513CD96C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/10/2013 - 17:14:29.) -- C:\Windows\System32\wininet.dll [832512] [MD5.9F75392B9128A91ABAFB044EA350BAAD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.02/11/2006 - 10:45:57.) -- C:\Windows\System32\Winlogon.exe [308224] [MD5.5D24CAF8EFD924A875698FF28384DB8B] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.02/11/2006 - 09:58:43.) -- C:\Windows\system32\Drivers\AFD.sys [270336] [MD5.B35CFCEF838382AB6490B321C87EDF17] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.01/11/2013 - 18:19:28.) -- C:\Windows\system32\Drivers\atapi.sys [21560] [MD5.6C3A437FC873C6F6A4FC620B6888CB86] - (.Microsoft Corporation - CD-ROM File System Driver.) (.02/11/2006 - 09:30:50.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.8D1866E61AF096AE8B582454F5E4D303] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/11/2006 - 09:51:44.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.A7179DE59AE269AB70345527894CCD7C] - (.Microsoft Corporation - DFS Client MUP Surrogate Driver.) (.02/11/2006 - 09:31:04.) -- C:\Windows\system32\Drivers\DfsC.sys [74752] [MD5.0DB613A7E427B5663563677796FD5258] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.01/11/2013 - 17:57:33.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760] [MD5.1C9EE072BAA3ABB460B91D7EE9152660] - (.Microsoft Corporation - Pilote de port i8042.) (.01/11/2013 - 18:14:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.10077C35845101548037DF04FD1A420B] - (.Microsoft Corporation - IP Network Address Translator.) (.02/11/2006 - 09:58:09.) -- C:\Windows\system32\Drivers\IpNat.sys [99840] [MD5.8AF705CE1BB907932157FAB821170F27] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.01/11/2013 - 18:39:32.) -- C:\Windows\system32\Drivers\MRxSmb.sys [102400] [MD5.E3A168912E7EEFC3BD3B814720D68B41] - (.Microsoft Corporation - MBT Transport driver.) (.02/11/2006 - 09:57:20.) -- C:\Windows\system32\Drivers\netBT.sys [184320] [MD5.37430AA7A66D7A63407ADC2C0D05E9F6] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.01/11/2013 - 18:31:47.) -- C:\Windows\system32\Drivers\ntfs.sys [1060920] [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.88587DD843E2059848995B407B67F6CF] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.02/11/2006 - 09:58:13.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [75776] [MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688] [MD5.AC0D90738ADB51A6FD12FF00874A2162] - (.Microsoft Corporation - SMB Transport driver.) (.02/11/2006 - 09:57:10.) -- C:\Windows\system32\Drivers\smb.sys [66048] [MD5.AB4FDE8AF4A0270A46A001C08CBCE1C2] - (.Microsoft Corporation - TDI Translation Driver.) (.02/11/2006 - 09:57:35.) -- C:\Windows\system32\Drivers\tdx.sys [68096] [MD5.80DC0C9BCB579ED9815001A4D37CBFD5] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/11/2013 - 18:19:27.) -- C:\Windows\system32\Drivers\volsnap.sys [211000] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/67 ~ Mes musiques (My Musics) : 1/720 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/18 ~ Mes Documents (My Documents) : 1/761 ~ Mon Bureau (My Desktop) : 1/14 ~ Menu demarrer (Programs) : 1/29 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.952] [MD5.B1B7BF8A406A19CC4AD6E45555EA77E5] - (.Microsoft Corporation - Isolation graphique de périphérique audio W.) -- C:\Windows\system32\AUDIODG.exe [88064] [PID.1240] [MD5.A1DCD30534835CB67733AD00175125A6] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [2605568] [PID.1276] [MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1664] [MD5.27044650FA30414BEC7F9BEB7F937386] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [172064] [PID.1388] [MD5.313C8854EBDAFA0DDA8AD4757BD0E5DC] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [173600] [PID.1332] [MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.2164] [MD5.CAACAF063584D3BFDF94E3DE46239B28] - (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- C:\Program Files\CyberLink\PlayMovie\PMVService.exe [177384] [PID.2172] [MD5.F7A23A45237DD0AB23B557A79B0D86D4] - (.CyberLink Corp. - CyberLink TV Application Resident Program.) -- C:\Program Files\CyberLink\TV Enhance\TVEService.exe [226536] [PID.2236] [MD5.68B7A5320065FCC7F4DF5A0DC3281EA5] - (.SlySoft, Inc. - CloneCD Tray.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344] [PID.2480] [MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.2500] [MD5.DA5260341390D311F194DE631E22BCAA] - (.Pas de propriétaire - OnConnect SysTray.) -- C:\Program Files\ONconnect\resources\service\win\ONconnect_service.exe [2801664] [PID.2648] [MD5.F08D9F81ED9A632A3E52BBDD0B8AECE3] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [1867600] [PID.3348] [MD5.BBFCAC1C23B867AE5D7EF96DF40680C5] - (.Realtek - RtlService MFC Application.) -- C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe [40960] [PID.3568] [MD5.788BC2196086CC830442EC2D6D847666] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe [247088] [PID.3588] [MD5.AD4EC2140D66F0259EE018D2B759217A] - (.Pas de propriétaire - CLCapSvc Module.) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [464224] [PID.3716] [MD5.66F39EB030F69731FD2731D83D6A3DBD] - (.Realtek Semiconductor Corp. - RtWLan ( For Vista / Win7) Application(Exte.) -- C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWlan.exe [1118208] [PID.3752] [MD5.949A54971EF61E9D84B7C559B405A585] - (...) -- C:\Program Files\003\xmkysecqun32.exe [541696] [PID.644] =>PUP.AdPeak [MD5.7EFAAD0EDFA32D9FE0CCAD24008FCAD9] - (.Pas de propriétaire - CLSched Module.) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [189792] [PID.1684] [MD5.823AC3317249424B514EC81D1A8F8908] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [268832] [PID.3948] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648] [PID.4008] [MD5.34E388A395FEDBA1D0511ED39BBF4074] - (.Microsoft Corporation - Programme d’installation de modules Windows.) -- C:\Windows\servicing\TrustedInstaller.exe [27136] [PID.2740] [MD5.FDA72FF6093B5488B93967281EB52FE6] - (.Microsoft Corporation - Sauvegarde Microsoft® Windows.) -- C:\Windows\system32\sdclt.exe [1192960] [PID.2848] [MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.2144] [MD5.4F87179386948D61FBF74B0DDF265170] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.4012] [MD5.4D12C773CE660A002EBFE82602924C4B] - (.Adobe Systems, Inc. - Adobe Flash Player 14.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe [1869488] [PID.2332] [MD5.8072CEDAEF0C606D364E24F6F75B1099] - (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\system32\WerCon.exe [1137152] [PID.1060] [MD5.2080DCEBE27D92F29AAB5FCFF77613A2] - (.AVAST Software - avast! Antivirus Installer.) -- C:\Program Files\AVAST Software\Avast\setup\instup.exe [198200] [PID.0] [MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8071680] [PID.4180] [MD5.05CB3DA78A4BBD9B799A5957F9D101CC] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [68608] [PID.4380] ~ Processes Running: Scanned in 00mn 03s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\utilisateur\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] http://fr.yhs4.search.yahoo.com G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé) G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé) G2 - GCE: Preference [User Data\Default] [pflphaooapbgpeakohlggbpidpppgdff] MySearchDial Nouvel onglet v.9.4.1.1 (Désactivé) =>Adware.MyWebSearch ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 18 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.) ~ IE Browser: 9 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: (no name) - {10AD2C61-0898-4348-8600-14A342F22AC3} Clé orpheline ~ BHO: 6 Legitimates Filtered in 00mn 00s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie O4 - HKLM\..\Run: [PlayMovie] . (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- C:\Program Files\CyberLink\PlayMovie\PMVService.exe O4 - HKLM\..\Run: [TVEService] . (.CyberLink Corp. - CyberLink TV Application Resident Program.) -- C:\Program Files\CyberLink\TV Enhance\TVEService.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [CloneCDTray] . (.SlySoft, Inc. - CloneCD Tray.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\utilisateur\AppData\Local\Akamai\netsession_win.exe (.not file.) O4 - HKCU\..\Run: [ONconnectService] . (.Pas de propriétaire - OnConnect SysTray.) -- C:\Program Files\ONconnect\resources\service\win\ONconnect_service.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_125_Plugin.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-21-2855533531-2828305479-1794849026-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-2855533531-2828305479-1794849026-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-2855533531-2828305479-1794849026-1000\..\Run: [Akamai NetSession Interface] C:\Users\utilisateur\AppData\Local\Akamai\netsession_win.exe (.not file.) O4 - HKUS\S-1-5-21-2855533531-2828305479-1794849026-1000\..\Run: [ONconnectService] . (.Pas de propriétaire - OnConnect SysTray.) -- C:\Program Files\ONconnect\resources\service\win\ONconnect_service.exe O4 - HKUS\S-1-5-21-2855533531-2828305479-1794849026-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_125_Plugin.exe ~ Application: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{11D0CA07-7CFC-4406-9E79-F5B69463FD98}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{2FC30EA5-018B-45F8-A6E6-23E20384CE05}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{32CC9F32-AED2-4AE6-A6ED-E2072F2AE78B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{11D0CA07-7CFC-4406-9E79-F5B69463FD98}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{2FC30EA5-018B-45F8-A6E6-23E20384CE05}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{32CC9F32-AED2-4AE6-A6ED-E2072F2AE78B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{11D0CA07-7CFC-4406-9E79-F5B69463FD98}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{2FC30EA5-018B-45F8-A6E6-23E20384CE05}: DhcpNameServer = 109.0.66.10 109.0.66.20 O17 - HKLM\System\CS2\Services\Tcpip\..\{32CC9F32-AED2-4AE6-A6ED-E2072F2AE78B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) . (.Pas de propriétaire - CLCapSvc Module.) - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) . (.Pas de propriétaire - CLSched Module.) - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: Update Jump Flip (Update Jump Flip) . (...) - C:\Program Files\Jump Flip\updateJumpFlip.exe =>PUP.JumpFlip O23 - Service: Util Jump Flip (Util Jump Flip) . (...) - C:\Program Files\Jump Flip\bin\utilJumpFlip.exe =>PUP.JumpFlip O23 - Service: Wpm Service (Wpm) . (...) - C:\ProgramData\WPM\wprotectmanager.exe (.not file.) =>PUP.WpManager O23 - Service: xmkysecqun32 (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak ~ Services: 12 Legitimates Filtered in 00mn 06s ---\\ Clés Session Manager (AppCertDlls,KnownDLLs) (O36) O36 - AppCertDlls: (x64) . (...) -- c:\program files\settings manager\systemk\x64\sysapcrt.dll =>PUP.SystemK O36 - AppCertDlls: (x86) . (...) -- C:\Program Files\Settings Manager\systemk\sysapcrt.dll =>PUP.SystemK ~ Keys: Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [SaveSense] (...) -- C:\Users\utilisateur\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.SaveSense [MD5.00000000000000000000000000000000] [APT] [temp_Plus-HD-2.6-enabler] (...) -- C:\Users\utilisateur\AppData\Local\Temp\nsq14A.tmp\Plus-HD-2.6-enabler.exe (.not file.) [0] =>Adware.PlusHD O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002] O39 - APT: - (..) -- C:\Windows\Tasks\AmiUpdXp.job [380] =>PUP.Software.Updater O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2855533531-2828305479-1794849026-1000Core [930] O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2855533531-2828305479-1794849026-1000UA [952] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1062] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1066] O39 - APT: SaveSense - (...) -- C:\Windows\Tasks\SaveSense.job [310] =>Hijacker.iHaveNet O39 - APT: SaveSense - (...) -- C:\Windows\System32\Tasks\SaveSense [310] =>PUP.SaveSense ~ Scheduled Task: 19 Legitimates Filtered in 00mn 02s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (tStLib) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\tStLib.sys =>PUP.LinkiDoo ~ Drivers: 81 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Ares 2.2.5 - (.Seekar Ltd.) [HKLM] -- Ares O42 - Logiciel: Jump Flip - (.Jump Flip.) [HKLM] -- Jump Flip =>PUP.JumpFlip O42 - Logiciel: Media Watch - (.Media Watch.) [HKLM] -- MediaWatchV1home4715 =>PUP.MediaWatch O42 - Logiciel: ONconnect - (.Geonaute.) [HKLM] -- ONconnect_is1 ~ Logic: 19 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\APN PIP] [HKCU\Software\Ares] [HKCU\Software\Iminent] =>Adware.IMBooster [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Jump Flip] =>PUP.JumpFlip [HKCU\Software\Linkey] =>PUP.LinkeySearch [HKCU\Software\ONconnectService] [HKCU\Software\SaveSenseLive] =>PUP.SaveSense [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\SupraSavings] =>PUP.SupraSavings [HKCU\Software\SystemK] =>PUP.SystemK [HKCU\Software\mysearchdial.com] =>Adware.MyWebSearch [HKLM\Software\ED8C9CDF-28C5-4A5A-9A1D-8200C60706FF] [HKLM\Software\IePlugin] [HKLM\Software\Iminent] =>Adware.IMBooster [HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher [HKLM\Software\MediaWatchV1] =>PUP.MediaWatch [HKLM\Software\SaveSenseLive] =>PUP.SaveSense [HKLM\Software\SiteFinder] =>Adware.ShoppingReport [HKLM\Software\SystemK] =>PUP.SystemK [HKLM\Software\Wpm] =>PUP.WpManager [HKLM\Software\supTab] =>PUP.SupTab [HKLM\Software\supWPM] =>PUP.WpManager [HKLM\Software\suprasavings] =>PUP.SupraSavings ~ Key Software: 194 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 13/04/2014 - 20:00:55 - [] ----D C:\Program Files\003 =>PUP.AdPeak O43 - CFD: 15/12/2013 - 22:04:30 - [] ----D C:\Program Files\Ares O43 - CFD: 03/11/2013 - 20:11:03 - [0] ----D C:\Program Files\IminentToolbar =>Adware.IMBooster O43 - CFD: 02/03/2014 - 19:54:38 - [] ----D C:\Program Files\Jump Flip =>PUP.JumpFlip O43 - CFD: 23/03/2014 - 22:09:09 - [] ----D C:\Program Files\MediaWatchV1 =>PUP.MediaWatch O43 - CFD: 09/02/2014 - 22:25:15 - [] ----D C:\Program Files\ONconnect O43 - CFD: 23/12/2013 - 20:05:29 - [] ----D C:\Program Files\SaveSenseLive =>PUP.SaveSense O43 - CFD: 13/04/2014 - 16:58:40 - [] ----D C:\Program Files\Settings Manager =>PUP.SystemK O43 - CFD: 01/06/2014 - 19:03:44 - [0] ----D C:\Program Files\SiteLookup O43 - CFD: 13/04/2014 - 21:11:26 - [] ----D C:\Program Files\SupTab =>PUP.SupTab O43 - CFD: 15/12/2013 - 22:04:31 - [] ----D C:\ProgramData\APN O43 - CFD: 15/12/2013 - 22:05:42 - [] ----D C:\ProgramData\SaveSenseLive =>PUP.SaveSense O43 - CFD: 08/06/2014 - 11:13:01 - [] ----D C:\ProgramData\systemk =>PUP.SystemK O43 - CFD: 13/04/2014 - 20:01:33 - [0] ----D C:\ProgramData\ZombieAlert O43 - CFD: 02/03/2014 - 22:40:16 - [] ----D C:\Users\utilisateur\AppData\Roaming\newnext.me =>PUP.NextLive O43 - CFD: 09/02/2014 - 22:25:50 - [] ----D C:\Users\utilisateur\AppData\Roaming\Oxylane O43 - CFD: 15/12/2013 - 22:05:38 - [] ----D C:\Users\utilisateur\AppData\Roaming\SaveSense =>PUP.SaveSense O43 - CFD: 01/06/2014 - 19:03:33 - [0] ----D C:\Users\utilisateur\AppData\Roaming\SimilarSites O43 - CFD: 19/01/2014 - 18:37:35 - [] ----D C:\Users\utilisateur\AppData\Roaming\Softonic =>Toolbar.Conduit O43 - CFD: 13/04/2014 - 20:01:58 - [] ----D C:\Users\utilisateur\AppData\Roaming\SupTab =>PUP.SupTab O43 - CFD: 13/04/2014 - 21:11:37 - [] ----D C:\Users\utilisateur\AppData\Roaming\webssearches =>Hijacker.WebsSearches O43 - CFD: 01/11/2013 - 21:34:07 - [] ----D C:\Users\utilisateur\AppData\Local\Ares O43 - CFD: 02/03/2014 - 22:40:17 - [0] ----D C:\Users\utilisateur\AppData\Local\genienext =>PUP.NextLive O43 - CFD: 02/02/2014 - 11:07:24 - [] ----D C:\Users\utilisateur\AppData\Local\Oxylane O43 - CFD: 15/12/2013 - 22:05:42 - [] ----D C:\Users\utilisateur\AppData\Local\SaveSenseLive =>PUP.SaveSense O43 - CFD: 27/04/2014 - 20:37:17 - [] ----D C:\Users\utilisateur\AppData\Local\SwvUpdater =>PUP.Software.Updater ~ Program Folder: 138 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.3BFBB5DAE801CB893B8B46345FED6437] - 06/07/2014 - 18:04:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] ~ Files: 20 Legitimates Filtered in 00mn 07s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe =>Trojan.Staser O50 - IFEO:Image File Execution Options - jumpflip - tasklist.exe =>PUP.JumpFlip O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch O50 - IFEO:Image File Execution Options - searchinstaller.exe - tasklist.exe O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>PUP.SearchProtect O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe =>PUP.SearchProtect O50 - IFEO:Image File Execution Options - searchsettings.exe - tasklist.exe =>Adware.SearchSettings O50 - IFEO:Image File Execution Options - searchsettings64.exe - tasklist.exe =>Adware.SearchSettings O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe O50 - IFEO:Image File Execution Options - umbrella.exe - tasklist.exe =>Adware.IMBooster O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe =>PUP.JumpFlip O50 - IFEO:Image File Execution Options - volaro - tasklist.exe =>Trojan.Vonteera O50 - IFEO:Image File Execution Options - vonteera - tasklist.exe =>Trojan.Vonteera O50 - IFEO:Image File Execution Options - websteroids.exe - tasklist.exe =>PUP.TubeDimmer O50 - IFEO:Image File Execution Options - websteroidsservice.exe - tasklist.exe =>PUP.TubeDimmer ~ IFEO: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 15 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:06/07/2014 - 18:04:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software O58 - SDL:06/07/2014 - 18:04:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software O58 - SDL:06/07/2014 - 18:04:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software O58 - SDL:26/09/2012 - 15:55:34 ---A- . (.Thesycon GmbH, Germany - USBIO Driver.) -- C:\Windows\System32\Drivers\dsiarhwprog.sys [35256] O58 - SDL:02/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520] O58 - SDL:02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944] O58 - SDL:02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944] O58 - SDL:09/08/2013 - 16:00:44 ---A- . (.Silicon Laboratories - SiLib WDM Support Driver.) -- C:\Windows\System32\Drivers\SiLib.sys [17408] O58 - SDL:09/08/2013 - 16:00:44 ---A- . (.Silicon Laboratories - SiUSBXp.sys.) -- C:\Windows\System32\Drivers\SiUSBXp.sys [14592] O58 - SDL:09/03/2014 - 19:31:29 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\tStLib.sys [55232] =>PUP.LinkiDoo O58 - SDL:02/11/2006 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [235112] O58 - SDL:02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408] O58 - SDL:02/11/2006 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816] O58 - SDL:02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 81 Legitimates Filtered in 00mn 04s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 06/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID O64 - Services: CurCS - 09/03/2014 - C:\Windows\System32\drivers\tStLib.sys (tStLib) .(.StdLib - StdLib.) - LEGACY_TSTLIB =>PUP.LinkiDoo ~ Legacy: 87 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} - (default-search.net) - http://www.default-search.net =>Hijacker.Browsers O69 - SBI: SearchScopes [HKCU] {9CB96984-43C3-4D44-90EF-01466EFCF7BB} [DefaultScope] - (Yahoo! (Avast)) - http://fr.yhs4.search.yahoo.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.79BBAAC753ABDA50DF19030265F7D1A6] [WIS][09/04/2014] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\69edfc.msi [2473984] =>Adware.Boxore [MD5.9D0767859EE938C0C4FAC30693109843] [WIS][13/04/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\6b39a9.msi [3162112] =>PUP.SupraSavings ~ WIS: 2 Legitimates Filtered in 00mn 01s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 14/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 01/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 01/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 06/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Auto 13/04/2014 350496 | (Update Jump Flip) . (...) - C:\Program Files\Jump Flip\updateJumpFlip.exe =>PUP.JumpFlip SS - | Auto 06/07/2014 318752 | (Util Jump Flip) . (...) - C:\Program Files\Jump Flip\bin\utilJumpFlip.exe =>PUP.JumpFlip SS - | Auto 02/11/2006 22016 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SS - | Auto 10/07/1658 0 | (Wpm) . (...) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager SR - | Auto 06/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | System 18/05/2014 31120 | (F06DEFF2-5B9C-490D-910F-35D3A91196222) . (.Aztec Media Inc.) - C:\Program Files\Settings Manager\systemk\systemkmgrc1.cfg =>PUP.SystemK SR - | Auto 04/10/2013 1867600 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe SR - | Auto 07/12/2009 40960 | (Realtek87B) . (.Realtek.) - C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe SR - | Auto 29/09/2009 247088 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe SR - | Auto 29/09/2009 464224 | (TVECapSvc) . (...) - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe SR - | Auto 29/09/2009 189792 | (TVESched) . (...) - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe SR - | Auto 02/11/2006 22016 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 13/04/2014 541696 | (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak ~ Services: Scanned in 00mn 07s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Filtered in 00mn 02s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by utilisateur at 14/07/2014 17:20:24 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 13026 - (25/06/2014) Clés trouvées (Keys found) : 77 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 22 Fichiers trouvés (Files found) : 24 [HKLM\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch^ [HKLM\SYSTEM\CurrentControlSet\Services\Update Jump Flip] =>PUP.JumpFlip^ [HKLM\SYSTEM\CurrentControlSet\Services\Util Jump Flip] =>PUP.JumpFlip^ [HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^ [HKLM\SYSTEM\CurrentControlSet\Services\xmkysecqun32] =>PUP.AdPeak^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Jump Flip] =>PUP.JumpFlip^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaWatchV1home4715] =>PUP.MediaWatch^ [HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent [HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade [HKLM\Software\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}] =>PUP.Software.Updater [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater [HKLM\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}] =>PUP.Software.Updater [HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade [HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade [HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP] =>Adware.IMBooster [HKLM\Software\Classes\Updater.AmiUpd] =>PUP.Software.Updater [HKLM\Software\Classes\Updater.AmiUpd.1] =>PUP.Software.Updater [HKCU\Software\APN PIP] =>Toolbar.Ask [HKCU\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Iminent] =>Adware.IMBooster [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}] =>PUP.Software.Updater [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster [HKCU\Software\InstallCore] =>Adware.InstallCore [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma [HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\iminent] =>Adware.IMBooster [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}] =>Adware.Bandoo^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^ C:\Users\utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff =>Adware.MyWebSearch^ C:\Program Files\003 =>PUP.AdPeak^ C:\Program Files\IminentToolbar =>Adware.IMBooster^ C:\Program Files\Jump Flip =>PUP.JumpFlip^ C:\Program Files\MediaWatchV1 =>PUP.MediaWatch^ C:\Program Files\SaveSenseLive =>PUP.SaveSense^ C:\Program Files\Settings Manager =>PUP.SystemK^ C:\Program Files\SupTab =>PUP.SupTab^ C:\ProgramData\SaveSenseLive =>PUP.SaveSense^ C:\ProgramData\systemk =>PUP.SystemK^ C:\Users\utilisateur\AppData\Roaming\newnext.me =>PUP.NextLive^ C:\Users\utilisateur\AppData\Roaming\SaveSense =>PUP.SaveSense^ C:\Users\utilisateur\AppData\Roaming\Softonic =>Toolbar.Conduit^ C:\Users\utilisateur\AppData\Roaming\SupTab =>PUP.SupTab^ C:\Users\utilisateur\AppData\Roaming\webssearches =>Hijacker.WebsSearches^ C:\Users\utilisateur\AppData\Local\genienext =>PUP.NextLive^ C:\Users\utilisateur\AppData\Local\SaveSenseLive =>PUP.SaveSense^ C:\Users\utilisateur\AppData\Local\SwvUpdater =>PUP.Software.Updater^ C:\Program Files\Software =>Adware.Boxore C:\Program Files\Optimizer Pro =>PUP.OptimizerPro C:\Users\utilisateur\AppData\Roaming\SimilarSites =>Adware.SimilarSites C:\Users\utilisateur\AppData\Local\Software =>Adware.Boxore C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak^ C:\Windows\Tasks\AmiUpdXp.job =>PUP.Software.Updater^ C:\Windows\Tasks\SaveSense.job =>Hijacker.iHaveNet^ C:\Windows\System32\Tasks\SaveSense =>PUP.SaveSense^ [HKCU\Software\Jump Flip] =>PUP.JumpFlip^ [HKCU\Software\Linkey] =>PUP.LinkeySearch^ [HKCU\Software\SaveSenseLive] =>PUP.SaveSense^ [HKCU\Software\SupraSavings] =>PUP.SupraSavings^ [HKCU\Software\SystemK] =>PUP.SystemK^ [HKCU\Software\mysearchdial.com] =>Adware.MyWebSearch^ [HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^ [HKLM\Software\MediaWatchV1] =>PUP.MediaWatch^ [HKLM\Software\SaveSenseLive] =>PUP.SaveSense^ [HKLM\Software\SiteFinder] =>Adware.ShoppingReport^ [HKLM\Software\SystemK] =>PUP.SystemK^ [HKLM\Software\Wpm] =>PUP.WpManager^ [HKLM\Software\supTab] =>PUP.SupTab^ [HKLM\Software\supWPM] =>PUP.WpManager^ [HKLM\Software\suprasavings] =>PUP.SupraSavings^ C:\Windows\Installer\69edfc.msi =>Adware.Boxore^ C:\Windows\Installer\6b39a9.msi =>PUP.SupraSavings^ C:\Users\utilisateur\AppData\Local\Temp\IminentSetup-1-.exe =>Adware.IMBooster C:\Users\utilisateur\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore ~ Additionnel Scan: 146285 Items scanned in 00mn 30s ---\\ Informations complémentaires sur les modules ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4) ~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50) ~ AMI: 5 Legitimates Filtered in 00mn 00s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.fr/pup-adpeak =>PUP.AdPeak http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch http://nicolascoolman.fr/hijacker-webssearches =>Hijacker.WebsSearches http://nicolascoolman.fr/pup-mobogenie =>PUP.Mobogenie http://nicolascoolman.fr/pup-jumpflip =>PUP.JumpFlip http://nicolascoolman.fr/pup-wpmanager =>PUP.WpManager http://nicolascoolman.fr/pup-systemk =>PUP.SystemK http://nicolascoolman.fr/pup-savesense =>PUP.SaveSense http://nicolascoolman.fr/adware-plushd =>Adware.PlusHD http://nicolascoolman.fr/pup-software-updater =>PUP.Software.Updater http://nicolascoolman.fr/hijacker-ihavenet =>Hijacker.iHaveNet http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore http://nicolascoolman.fr/pup-linkeysearch =>PUP.LinkeySearch http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit http://nicolascoolman.fr/pup-suprasavings =>PUP.SupraSavings http://nicolascoolman.fr/adware-shoppingreport =>Adware.ShoppingReport http://nicolascoolman.fr/pup-suptab =>PUP.SupTab http://nicolascoolman.fr/pup-nextlive =>PUP.NextLive http://nicolascoolman.fr/pup-bitguard =>PUP.BitGuard http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel http://nicolascoolman.fr/pup-browsersafeguard =>PUP.BrowserSafeguard http://nicolascoolman.fr/trojan-staser =>Trojan.Staser http://nicolascoolman.fr/spyware-protectedsearch =>Spyware.ProtectedSearch http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect http://nicolascoolman.fr/adware-searchsettings =>Adware.SearchSettings http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar http://nicolascoolman.fr/trojan-vonteera =>Trojan.Vonteera http://nicolascoolman.fr/pup-tubedimmer =>PUP.TubeDimmer http://nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsers http://nicolascoolman.fr/adware-boxore =>Adware.Boxore http://nicolascoolman.fr/pup-rewardsarcade =>PUP.RewardsArcade http://nicolascoolman.fr/pup-v9software =>PUP.V9Software http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask http://nicolascoolman.fr/pup-tarma =>PUP.Tarma http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro http://nicolascoolman.fr/adware-browsefox =>Adware.BrowseFox http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo http://nicolascoolman.fr/adware-similarsites =>Adware.SimilarSites ~ MSI: 41 link(s) detected in 00mn 00s ~ 680 Legitimates filtered by white list End of the scan (714 lines in 02mn 42s)(0)