~ Rapport de ZHPDiag v2014.9.7.131 - Nicolas Coolman  (07/09/2014)
~ Lancé par alex (08/09/2014 20:37:59)
~ Adresse du Site Web http://nicolascoolman.fr
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16843
MFIE: Mozilla Firefox 27.0.1
GCIE: Google Chrome v33.0.1750.154

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Pro N, 32-bit  (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
McAfee Security Scan Plus v3.8.130.8
Windows Defender W8 (Deactivate)

---\\ Logiciels d'optimisation du système
CCleaner v4.07

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 14 Plugin
Java 7 Update 51

---\\ Informations sur le système
~ Processor: x86 Family 16 Model 5 Stepping 3, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3071 MB (41% free)
System Restore: Désactivé (Disabled)
System drive C: has 224 GB (24%) free of 932 GB

---\\ Mode de connexion au système
~ Computer Name: ALEXIS
~ User Name: alex
~ All Users Names: UpdatusUser, alex, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\alex\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\alex\AppData\Roaming\
~ %Desktop% : C:\Users\alex\Desktop\
~ %Favorites% : C:\Users\alex\Favorites\
~ %LocalAppData% : C:\Users\alex\AppData\Local\
~ %StartMenu% : C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 224 Go of 932 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Free 0 Go of 5 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 43 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.EAFE46B0292D2BD2467835E2ACF717CC] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 11:24:46.) -- C:\Windows\Explorer.exe [2106176]
[MD5.7109FF769FFF962869C50D720F7AA7D7] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:21:01.) -- C:\Windows\System32\Wininit.exe [101376]
[MD5.9284BA6C27D360D71A5C0ECC8456E78E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/02/2014 - 07:54:46.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.87DA6ACA9AF2F536C68471787D1B3F4A] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:08:28.) -- C:\Windows\System32\Winlogon.exe [411648]
[MD5.FAB11E1AC62579A9BE21593319F8E464] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:20:01.) -- C:\Windows\System32\sppcomapi.dll [246784]
[MD5.F12EFEE4DD20519D0DDF8D78704EE4DE] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:50:41.) -- C:\Windows\system32\Drivers\AFD.sys [438272]
[MD5.48D8C3F2006698691F5AE0BB595FDCC8] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 04:42:31.) -- C:\Windows\system32\Drivers\atapi.sys [22768]
[MD5.00B4FA77732C7823D292ECD672660882] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:38:28.) -- C:\Windows\system32\Drivers\Cdfs.sys [89088]
[MD5.4E707EC5071DD8F5C29A7410780BD4C3] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:33:53.) -- C:\Windows\system32\Drivers\Cdrom.sys [135680]
[MD5.B21FDAC50FCD4CE53C203F097273532A] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:34:25.) -- C:\Windows\system32\Drivers\DfsC.sys [92160]
[MD5.4A219AB84D6936C2A61FF44D32EF378D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 06:29:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [62464]
[MD5.11EDC37780E8A2F8E311D73F7658A4D7] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:36:23.) -- C:\Windows\system32\Drivers\i8042prt.sys [89600]
[MD5.57B0C0D982013C72911A3F5CBA795034] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:29:57.) -- C:\Windows\system32\Drivers\IpNat.sys [126976]
[MD5.5FAC7AC77D9ADD42579EDF678F08DF9F] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:30:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [304128]
[MD5.303A053C25E468B9925C22288BEF8484] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:31:28.) -- C:\Windows\system32\Drivers\netBT.sys [254464]
[MD5.99C73E3FE9B36275BD91D2009F2BA2E0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 10:53:24.) -- C:\Windows\system32\Drivers\ntfs.sys [1614568]
[MD5.8BCE63AF5B52642E832630F862DE96EF] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:38:17.) -- C:\Windows\system32\Drivers\Parport.sys [90624]
[MD5.6E0649D7325D85C47C844EB3267E4625] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:30:07.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [88064]
[MD5.2CAD2A13569741C67CD9C52F97E0F992] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [156160]
[MD5.0886D9F1B5A5334FBB143A260E4BFB5C] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 05:17:16.) -- C:\Windows\system32\Drivers\tdx.sys [97792]
[MD5.C9C8573006D7A8391AFE35D99036B6A0] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 10:41:30.) -- C:\Windows\system32\Drivers\volsnap.sys [281344]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1839
~ Mes musiques (My Musics) : 1/362
~ Mes Videos (My Videos) : 1/73
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 1/68
~ Mon Bureau (My Desktop) : 1/6733
~ Menu demarrer (Programs) : 1/50
~ Hidden Files:  Scanned in 00mn 04s



---\\ Processus lancés
[MD5.3E7332DE76AF4704B02036B2B49C662C] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) -- C:\Windows\system32\taskhostex.exe   [53760] [PID.3712]
[MD5.5EA707336336DDFADE5FD3726CEA1523] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe   [2199840] [PID.3900]
[MD5.06C8589D129973F0B5EAC12D92A5CBA3] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe   [1818456] [PID.1604]
[MD5.3DFDEF117076F39F6A9C7F32DF3DB216] - (...) -- C:\DriverBoot\DriverBoot.exe   [5994496] [PID.4148]
[MD5.3C663AED87C100B1E8BE16C54A7F4CB4] - (.Pas de propriétaire - Hercules WiFi Station N Utility.) -- C:\Program Files\Hercules\WiFi Station N\WiFiN.exe   [1222952] [PID.4280]
[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe   [10376704] [PID.4376]
[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin   [10368512] [PID.4416]
[MD5.6EF4E7FD24AF904F708DD0963FF9E287] - (...) -- C:\DriverBoot\cgminer.exe   [1058830] [PID.4568]
[MD5.3FAFBCCE3F066EDCC263E25A786FFD50] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   [21650016] [PID.5708]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe   [859976] [PID.5048]
[MD5.CC78200C3ECFFA178E78308A0E160D80] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\alex\AppData\Local\Akamai\netsession_win.exe   [4672920] [PID.5876]
[MD5.36B25A7C5FB4C6CBD022D5D396ECE974] - (...) -- C:\DriverBoot\minerd.exe   [694272] [PID.4552]
[MD5.1C28DFD14BB7F0C55F0FD409AF6824C8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [8101888] [PID.2088]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][StartupURLs] http://start.mysearchdial.com/?f=1&a=telemsd&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0Dzz0EtA0AtAyE0A0AyC0CtN0D0Tzu0CyCyBzztN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu2Z1P1I1P1H1B1Q&cr=2024045044&ir=  =>Adware.MyWebSearch
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Extutil v.0.1 (Activé)  =>PUP.Manager
G2 - GCE: Preference [User Data\Default] [clfnomefgeeepfaiaojjckkdomjfekfp] Fun2Save v.4.5 (Activé)  =>PUP.Fun2Save
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)  =>PUP.Manager
G2 - GCE: Preference [User Data\Default] [fnfnbeppfinmnjnjhedifcfllpcfgeea] IE Tab Multi v.143 (Activé)
G2 - GCE: Preference [User Data\Default] [gebbadcnkcgcfgpbmcdleckpejgopimf] cacaoweb v.1.19 (Désactivé)  =>PUP.CacaoWeb
G2 - GCE: Preference [User Data\Default] [ggbdigfechpiilbmlicmfkpfldlgochc] safewebo v.1.1 (Activé)  =>PUP.SafeWeb
G2 - GCE: Preference [User Data\Default] [jdmnpmilgognmagaehggniokfighafge] NExttCooup v.1.0 (Activé)  =>PUP.NextCoup
G2 - GCE: Preference [User Data\Default] [kfnpfgjdhpopghfmomjmedpgecgjifcc] Color Wave v.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [ojcgaoafcmbadjkfdippkdddgkeaipbn] DealPly Beta channel v.4.2.2.9 (Désactivé)  =>PUP.DealPly
G2 - GCE: Preference [User Data\Default] [pillnjinfdoenimlolclnhjcgjpgpbcf] WebbIng v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [plmlljoaimbjemccldbdlanphfcbcgnk] ssave. neeT v.5.14 (Activé)  =>PUP.SaveNet

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 29 Legitimates Filtered in 00mn 11s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\prefs.js
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\user.js
M3 - MFPP: Plugins - [alex] -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\searchplugins\babylon.xml  =>PUP.Babylon
M3 - MFPP: Plugins - [alex] -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\searchplugins\BrowserProtect.xml  =>Hijacker.Eazel
M3 - MFPP: Plugins - [alex] -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\searchplugins\delta.xml  =>Toolbar.DeltaSearch
M3 - MFPP: Plugins - [alex] -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\searchplugins\Mysearchdial.xml  =>Adware.MyWebSearch
M3 - MFPP: Plugins - [alex] -- C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\searchplugins\trovi-search.xml  =>Hijacker.Trovigo
M2 - MFEP: prefs.js [alex - g4h97iat.default\addon@dealplyshopping.com] [] DealPly  Shopping v2.0 (..)  =>PUP.DealPly
M2 - MFEP: prefs.js [alex - g4h97iat.default\c3g7lojfxr@i-xgca.co.uk] [] WebbIng v1.1 (..)
M2 - MFEP: prefs.js [alex - g4h97iat.default\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.34 (..)  =>PUP.CacaoWeb
M2 - MFEP: prefs.js [alex - g4h97iat.default\kqdt1@oyrk-.net] [] ssave. neeT v5.14 (..)  =>PUP.SaveNet
M2 - MFEP: prefs.js [alex - g4h97iat.default\nb3.g@yayeefr-.co.uk] [] safewebo v1.1 (..)  =>PUP.SafeWeb
M2 - MFEP: prefs.js [alex - g4h97iat.default\pcdr2au@zjlwdlbzi.com] [] Fun2Save v4.5 (..)  =>PUP.Fun2Save
M2 - MFEP: prefs.js [alex - g4h97iat.default\plugin@yontoo.com] [] Yontoo v1.20.02 (..)  =>Adware.Yontoo
M2 - MFEP: prefs.js [alex - g4h97iat.default\tgsl8vq@baia-.com] [] NExttCooup v1.0 (..)  =>PUP.NextCoup
M2 - MFEP: prefs.js [alex - g4h97iat.default\{42e0ced7-806f-4983-af54-92bdeefee519}] [] DealPly  Shopping v2.0 (..)  =>PUP.DealPly
M2 - MFEP: prefs.js [alex - g4h97iat.default\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}] [] MySearchDial NewTab v2.0 (..)  =>Adware.MyWebSearch
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)
P2 - FPN: [HKLM] [@pmang.com/npPMangFX] - (.Pas de propriétaire - Mozilla PMangFX Session Plugin.) -- C:\Windows\system32\npPMangFX.dll
~ Firefox Browser: 37 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://kogoa.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kogoa.com
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>;*.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe,c:\program files\realtek\11n usb wireless lan utility\rtwlansrv.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File:  Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: WebbIng - {0FFD5D90-7595-081A-C809-454D7772CB89} . (...) -- C:\Program Files\WebbIng\z.dll
O2 - BHO: webget - {14f95421-c981-4820-954e-d83c8537f54c} . (.webget - webget.) -- C:\Program Files\webget\webgetbho.dll  =>PUP.WebGet
O2 - BHO: siafeweb - {1D90393E-C70C-A470-F241-7B32A78204ED} . (...) -- C:\Program Files\siafeweb\Ip.dll  =>PUP.SafeWeb
O2 - BHO: JoniCoupon - {36655C1D-C127-5A76-C108-B54334EC2533} . (...) -- C:\ProgramData\JoniCoupon\is.dll  =>PUP.JoniCoupon
O2 - BHO: DealPly Shopping - {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} . (.DealPly - DealPly Shopping for Internet Explorer.) -- C:\Program Files\DealPly\DealPlyIE.dll  =>PUP.DealPly
O2 - BHO: YoutubeAdblocker - {6D9A624D-1F85-19AE-FA0E-242CB17B9F4F} . (...) -- C:\Program Files\YoutubeAdblocker\tR1BuOmxR.dll  =>PUP.YouTuAdBlocker
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [alex]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\alex\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll 
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe 
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe 
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap.dll 
O4 - HKLM\..\Run: [Aeria Ignite] . (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe 
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\alex\AppData\Local\Facebook\Update\FacebookUpdate.exe 
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\alex\AppData\Local\Akamai\netsession_win.exe 
O4 - HKCU\..\Run: [KPeerNexonEU] . (.NEXON Inc. - Pas de description.) -- C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe 
O4 - HKCU\..\Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe 
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\alex\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files\Steam\Steam.exe 
O4 - HKCU\..\Run: [LiveSupport] C:\Program Files\LiveSupport\LiveSupport.exe (.not file.)   =>PUP.LiveSupport
O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Users\alex\AppData\Roaming\cacaoweb\cacaoweb.exe   =>PUP.CacaoWeb
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKCU\..\Run: [DriverBoot] . (...) -- C:\DriverBoot\DriverBoot.exe 
O4 - HKUS\S-1-5-21-2385275142-600627090-416882996-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\alex\AppData\Local\Facebook\Update\FacebookUpdate.exe 
O4 - HKUS\S-1-5-21-2385275142-600627090-416882996-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\alex\AppData\Local\Akamai\netsession_win.exe 
O4 - HKUS\S-1-5-21-2385275142-600627090-416882996-1001\..\Run: [KPeerNexonEU] . (.NEXON Inc. - Pas de description.) -- C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe 
O4 - HKUS\S-1-5-21-2385275142-600627090-416882996-1001\..\Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe 
O4 - HKUS\S-1-5-21-2385275142-600627090-416882996-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2385275142-600627090-416882996-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\alex\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-2385275142-600627090-416882996-1001\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files\Steam\Steam.exe 
O4 - HKUS\S-1-5-21-2385275142-600627090-416882996-1001\..\Run: [LiveSupport] C:\Program Files\LiveSupport\LiveSupport.exe (.not file.)   =>PUP.LiveSupport
O4 - HKUS\S-1-5-21-2385275142-600627090-416882996-1001\..\Run: [cacaoweb] . (...) -- C:\Users\alex\AppData\Roaming\cacaoweb\cacaoweb.exe   =>PUP.CacaoWeb
O4 - HKUS\S-1-5-21-2385275142-600627090-416882996-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2385275142-600627090-416882996-1001\..\Run: [DriverBoot] . (...) -- C:\DriverBoot\DriverBoot.exe 
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll  =>.Microsoft Corporation
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll  =>.Microsoft Corporation
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A556955-B526-4706-85C0-CE43CD536911}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{387A847D-7B61-40D4-865D-79DE2749875A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{41087649-23D9-47B1-B9CD-D974F057916C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A556955-B526-4706-85C0-CE43CD536911}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{387A847D-7B61-40D4-865D-79DE2749875A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{41087649-23D9-47B1-B9CD-D974F057916C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll  =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.64A46A45A6AB3FD9EA19489AEB76BB76] [APT] [DealPlyUpdate] (.DealPly.) -- C:\Program Files\DealPly\DealPlyUpdate.exe   [78424]  =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [DriverToolkit Autorun] (...) -- C:\Program Files\DriverToolkit\DriverToolkit.exe (.not file.)   [0]
[MD5.2970E9002994FAD689A0B98C0D855B0E] [APT] [FRAPS] (.Beepa P/L.) -- C:\Fraps\fraps.exe   [2533040]
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.)   [0]  =>P2P.GoforFiles
[MD5.8FDE804D40DE5E735C717470A494EC9A] [APT] [{817149E4-5F96-41FE-9B7A-9A857192D590}] (...) -- C:\S4Battle\uninstall.exe   [21019]
[MD5.00000000000000000000000000000000] [APT] [{8B03CDF6-BDD5-4901-8B25-098AE85299A4}] (...) -- C:\Users\alex\Downloads\wmp11-windowsxp-x86-FR-FR.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{A13CE7A6-E6A7-4CA7-9ABB-BCE49DDD1F13}] (...) -- C:\Program Files\TARMAI~1\{889DF~1\Setup.exe (.not file.)   [0]  =>PUP.Tarma
[MD5.00000000000000000000000000000000] [APT] [{CA1D5E61-E25D-464A-8780-460917B0FBD2}] (...) -- D:\FarCryAutoCD.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{F15BC160-62E4-49F5-A3FA-BE0C801F04DA}] (...) -- C:\Program Files\alaplaya\S4League\XTrap Bypass v1.0.exe (.not file.)   [0]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [1002]
O39 - APT: DriverToolkit Autorun - (...) -- C:\Windows\Tasks\DriverToolkit Autorun.job   [358]
O39 - APT: DriverToolkit Autorun - (...) -- C:\Windows\System32\Tasks\DriverToolkit Autorun   [358]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2385275142-600627090-416882996-1001Core   [916]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2385275142-600627090-416882996-1001UA   [938]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1062]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1066]
~ Scheduled Task: 25 Legitimates Filtered in 00mn 06s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Installed Component - S-1-5-21-2385275142-600627090-416882996-1001 - {O1JHH258-10AT-22H1-8Q4R-6T24X4BS08YC} -- Not Hexadécimal CLSID
~ Active Setup: 9 Legitimates Filtered in 00mn 00s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (MpKsldda2858d) . (. - .) - C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1A4B776A-5367-46DA-8470-297B2F969369}\MpKsldda2858d.sys (.not file.)
O41 - Driver: (mwjsdply) . (. - .) - C:\Windows\system32\drivers\mwjsdply.sys (.not file.)
O41 - Driver: (zmvlzllz) . (. - .) - C:\Windows\system32\drivers\zmvlzllz.sys (.not file.)
~ Drivers: 44 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: JoniCoupon - (.JoniCoupon.) [HKLM] -- {51417852-174C-88D4-34A0-D0FE7858BE47}  =>PUP.JoniCoupon
O42 - Logiciel: S4 Battle setup - (...) [HKLM] -- S4 Battle setup
O42 - Logiciel: S4 League - (...) [HKLM] -- S4 League
O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM] -- {9937E55B-6331-4804-93EF-77E992F204BD}  =>Adware.SocialSkinz
O42 - Logiciel: YoutubeAdblocker - (.YoutubeAdblocker.) [HKLM] -- {4820778D-AB0D-6D18-C316-52A6A0E1D507}  =>PUP.YouTuAdBlocker
O42 - Logiciel: siafeweb - (.sAfewebb.) [HKLM] -- {497C131E-2032-051B-B32A-C69A960FBB13}  =>PUP.SafeWeb
O42 - Logiciel: webget - (.webget.) [HKLM] -- webget  =>PUP.WebGet
~ Logic: 23 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5fedfdfe56dea12]  =>Hijacker.Eazel
[HKCU\Software\BabylonToolbar]  =>PUP.Babylon
[HKCU\Software\DealPly]  =>PUP.DealPly
[HKCU\Software\Iminent]  =>Adware.IMBooster
[HKCU\Software\InstallCore]  =>Adware.InstallCore
[HKCU\Software\Softonic]  =>Toolbar.Conduit
[HKCU\Software\cacaoweb]  =>PUP.CacaoWeb
[HKCU\Software\webget]  =>PUP.WebGet
[HKLM\Software\Babylon]  =>PUP.Babylon
[HKLM\Software\DealPly]  =>PUP.DealPly
[HKLM\Software\Iminent]  =>Adware.IMBooster
[HKLM\Software\Services x86]  =>PUP.CrossRider
[HKLM\Software\Tarma Installer]  =>PUP.Tarma
~ Key Software: 299 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/09/2014 - 02:02:04 - [] ----D C:\Program Files\DealPly  =>PUP.DealPly
O43 - CFD: 22/07/2014 - 19:05:14 - [] ----D C:\Program Files\Hazard Ops Download
O43 - CFD: 19/05/2013 - 19:31:05 - [] ----D C:\Program Files\Iminent  =>Adware.IMBooster
O43 - CFD: 16/05/2014 - 21:17:41 - [0] ----D C:\Program Files\NExttCooup  =>PUP.NextCoup
O43 - CFD: 06/05/2013 - 09:24:00 - [0] ----D C:\Program Files\Pando Networks
O43 - CFD: 05/04/2014 - 22:34:59 - [] ----D C:\Program Files\siafeweb  =>PUP.SafeWeb
O43 - CFD: 16/05/2014 - 21:11:47 - [0] ----D C:\Program Files\ssave. neeT  =>PUP.SaveNet
O43 - CFD: 24/05/2013 - 18:31:23 - [] ----D C:\Program Files\TornTV.com  =>Hijacker.TornTV
O43 - CFD: 24/10/2013 - 02:03:09 - [] ----D C:\Program Files\Uninstaller
O43 - CFD: 16/05/2014 - 21:17:50 - [] ----D C:\Program Files\WebbIng
O43 - CFD: 21/05/2014 - 15:06:52 - [] ----D C:\Program Files\webget  =>PUP.WebGet
O43 - CFD: 01/07/2014 - 18:00:37 - [0] ----D C:\Program Files\Yontoo  =>Adware.Yontoo
O43 - CFD: 05/04/2014 - 22:35:59 - [] ----D C:\Program Files\YoutubeAdblocker  =>PUP.YouTuAdBlocker
O43 - CFD: 16/05/2014 - 21:17:51 - [] ----D C:\ProgramData\42a1b71a9b5d561c
O43 - CFD: 16/05/2014 - 21:09:31 - [] ----D C:\ProgramData\AllaboutApp
O43 - CFD: 11/03/2013 - 20:05:14 - [0] ----D C:\ProgramData\Babylon  =>PUP.Babylon
O43 - CFD: 01/07/2014 - 18:00:36 - [] ----D C:\ProgramData\BerOwsae22savaee  =>Adware.Browse2Save
O43 - CFD: 26/09/2013 - 14:12:43 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 05/04/2014 - 22:42:48 - [] ----D C:\ProgramData\GreenApp  =>PUP.SafeWeb
O43 - CFD: 16/05/2014 - 21:09:31 - [] ----D C:\ProgramData\InstallMate  =>PUP.Tarma
O43 - CFD: 01/07/2014 - 17:49:47 - [] ----D C:\ProgramData\JoniCoupon  =>PUP.JoniCoupon
O43 - CFD: 16/05/2014 - 21:19:55 - [0] ----D C:\ProgramData\NExttCooup  =>PUP.NextCoup
O43 - CFD: 01/07/2014 - 17:49:45 - [] ----D C:\ProgramData\siafeweb  =>PUP.SafeWeb
O43 - CFD: 16/05/2014 - 21:13:18 - [0] ----D C:\ProgramData\ssave. neeT  =>PUP.SaveNet
O43 - CFD: 24/05/2013 - 18:27:30 - [] ----D C:\ProgramData\Tarma Installer  =>PUP.Tarma
O43 - CFD: 01/07/2014 - 17:49:45 - [] ----D C:\ProgramData\WebbIng
O43 - CFD: 01/07/2014 - 17:49:44 - [] ----D C:\ProgramData\YoutubeAdblocker  =>PUP.YouTuAdBlocker
O43 - CFD: 11/03/2013 - 20:05:14 - [] ----D C:\Users\alex\AppData\Roaming\Babylon  =>PUP.Babylon
O43 - CFD: 07/11/2013 - 10:13:52 - [] ----D C:\Users\alex\AppData\Roaming\bosonx
O43 - CFD: 08/09/2014 - 19:30:48 - [] ----D C:\Users\alex\AppData\Roaming\cacaoweb  =>PUP.CacaoWeb
O43 - CFD: 24/05/2013 - 11:01:07 - [] ----D C:\Users\alex\AppData\Roaming\Dealply  =>PUP.DealPly
O43 - CFD: 17/02/2014 - 02:11:27 - [0] ----D C:\Users\alex\AppData\Roaming\MC
O43 - CFD: 29/01/2014 - 18:23:22 - [] ----D C:\Users\alex\AppData\Roaming\MisteurZ
O43 - CFD: 11/11/2013 - 08:44:50 - [] ----D C:\Users\alex\AppData\Roaming\mysearchdial  =>Adware.MyWebSearch
O43 - CFD: 25/04/2013 - 12:53:40 - [] ----D C:\Users\alex\AppData\Roaming\NCdownloader
O43 - CFD: 24/05/2013 - 18:30:10 - [] ----D C:\Users\alex\AppData\Roaming\Yontoo  =>Adware.Yontoo
O43 - CFD: 24/10/2013 - 02:02:26 - [] ----D C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly  =>PUP.DealPly
~ Program Folder: 268 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.32ABF58518EBCC7574386AFEC4DD7B0C] - 27/08/2014 - 20:57:24 ---A- - C:\Windows\Prefetch\CACAONEW937AB6.EXE-F6F8CB3C.pf  =>PUP.CacaoWeb
O45 - LFCP:[MD5.57CCC327396C5967461F93E2656FE081] - 07/09/2014 - 18:52:39 ---A- - C:\Windows\Prefetch\CACAONEWFD4517.EXE-5622421F.pf  =>PUP.CacaoWeb
O45 - LFCP:[MD5.00D6B77E6C4BDF197DBB69E92069655D] - 08/09/2014 - 15:20:10 ---A- - C:\Windows\Prefetch\CACAOWEB.EXE-16B8E1F4.pf  =>PUP.CacaoWeb
O45 - LFCP:[MD5.38A3A19C842C032E9134B2D76335CB10] - 16/05/2014 - 20:08:43 ---A- - C:\Windows\Prefetch\DLLOGIC.EXE-1FB5400C.pf  =>Toolbar.Conduit
O45 - LFCP:[MD5.F6B5696A8536C5343E6A7491B9024382] - 16/05/2014 - 20:15:41 ---A- - C:\Windows\Prefetch\LIVESUPPORT.EXE-5B0B26B3.pf  =>PUP.LiveSupport
O45 - LFCP:[MD5.C858F30F9902E8AB5C9EFF749D27B2EC] - 08/09/2014 - 15:20:10 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-BCD3E430.pf  =>P2P.µTorrent
~ Prefetcher: 6 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{34210a65-1b6e-11e3-a360-6c626d8e3a34}\AutoRun\command. (...) -- E:\Startme.exe (.not file.)
O51 - MPSK:{c788d91c-5d49-11e2-a2bf-0014d1e17b1b}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:06/03/2013 - 23:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [49248]  =>.ALWIL Software
O58 - SDL:06/03/2013 - 23:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [164736]  =>.ALWIL Software
O58 - SDL:15/01/2014 - 01:00:37 ---A- . (...) -- C:\Windows\System32\Drivers\PnkBstrK.sys   [22328]
O58 - SDL:26/07/2012 - 04:42:15 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) -- C:\Windows\System32\Drivers\stexstor.sys   [26352]
O58 - SDL:22/08/2013 - 13:40:22 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys   [35288]
O58 - SDL:18/03/2013 - 16:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys   [45056]
O58 - SDL:25/07/2012 - 23:52:51 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:25/07/2012 - 23:52:51 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:25/07/2012 - 23:52:51 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:25/07/2012 - 23:52:52 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:25/07/2012 - 23:52:52 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:25/07/2012 - 23:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:25/07/2012 - 23:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:25/07/2012 - 23:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:25/07/2012 - 23:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:25/07/2012 - 23:52:54 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:25/07/2012 - 23:52:51 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33968]
O58 - SDL:25/07/2012 - 23:52:51 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34688]
O58 - SDL:25/07/2012 - 23:52:51 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:25/07/2012 - 23:52:51 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35552]
O58 - SDL:25/07/2012 - 23:52:51 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34688]
~ Drivers: 64 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 01/09/2014 - 20:40:54 ---A- . (...) -- C:\Users\alex\AppData\Local\Microsoft\Windows\1036\StructuredQuerySchema.bin   [362367]
O61 - LFC: 02/09/2014 - 20:40:55 ---A- . (...) -- C:\Users\alex\Downloads\MKLOL2.0.0.17.exe   [19257544]
O61 - LFC: 07/09/2014 - 20:40:55 ---A- . (...) -- C:\Users\alex\AppData\Roaming\cacaoweb\cacaoweb.exe   [514864]  =>PUP.CacaoWeb
O61 - LFC: 08/09/2014 - 20:40:55 ---A- . (...) -- C:\Users\alex\Desktop\cacaoweb.exe   [514864]  =>PUP.CacaoWeb
~ 3614 Fichiers temporaires (Temporary files)
~ 690 Fichiers cookies (Cookies files)
~ Files: 10 Legitimates Filtered in 00mn 01s



---\\ Fichiers Alternate Data Stream (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\msvcp110d (1).dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\msvcp110d.dll:Zone.Identifier
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\msvcr110d.dll:Zone.Identifier
~ ADS:  Scanned in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.crossrider.bic", "1408e860930d81dfe5dd3db83bc730c0");  =>PUP.CrossRider
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.id", "4816aa6c0000000000000014d1e17b1b");
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.instlDay", "15829");
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.vrsn", "1.8.16.16");
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.vrsnTs", "1.8.16.1621:18:07");
O69 - SBI: prefs.js [alex - g4h97iat.default] user_pref("extensions.delta.vrsni", "1.8.16.16");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www2.delta-search.com  =>Toolbar.DeltaSearch
~ Keys:  Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\alex\Desktop\Bureau\jeux\Minecraft cracker.exe  =>.Crack,Keygen
C:\Users\alex\Downloads\xpa-mal3-cracked.zip  =>.Crack,Keygen
C:\Windows.old\Documents and Settings\Administrateur.52F014DE38234F2\Bureau\Téléchargements\Fraps_cracked_3.4.7.rar  =>.Crack,Keygen
C:\Windows.old.000\Documents and Settings\Alexis\Desktop\Adobe CS6 Master Collection\Adobe CS6 Master Collection Win.Mac (X-FORCE Keygen)\WIN Keygen.zip  =>.Crack,Keygen
C:\Windows.old.000\Documents and Settings\Alexis\Downloads\Fraps_cracked_3.4.7.rar  =>.Crack,Keygen
C:\Windows.old.000\Users\Alexis\Desktop\Adobe CS6 Master Collection\Adobe CS6 Master Collection Win.Mac (X-FORCE Keygen)\WIN Keygen.zip  =>.Crack,Keygen
C:\Windows.old.000\Users\Alexis\Downloads\Fraps_cracked_3.4.7.rar  =>.Crack,Keygen
C:\Users\alex\Desktop\Bureau\jeux\Minecraft cracker.exe  =>.Crack,Keygen
C:\Users\alex\Downloads\xpa-mal3-cracked.zip  =>.Crack,Keygen
C:\Windows.old\Documents and Settings\Administrateur.52F014DE38234F2\Bureau\Téléchargements\Fraps_cracked_3.4.7.rar  =>.Crack,Keygen
C:\Windows.old.000\Documents and Settings\Alexis\Desktop\Adobe CS6 Master Collection\Adobe CS6 Master Collection Win.Mac (X-FORCE Keygen)\WIN Keygen.zip  =>.Crack,Keygen
C:\Windows.old.000\Documents and Settings\Alexis\Downloads\Fraps_cracked_3.4.7.rar  =>.Crack,Keygen
C:\Windows.old.000\Users\Alexis\Desktop\Adobe CS6 Master Collection\Adobe CS6 Master Collection Win.Mac (X-FORCE Keygen)\WIN Keygen.zip  =>.Crack,Keygen
C:\Windows.old.000\Users\Alexis\Downloads\Fraps_cracked_3.4.7.rar  =>.Crack,Keygen
~ Files:  Scanned in 02mn 38s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.70A9F2D242B7E27E395812E08DB00EB3] [SPRF][23/09/2013] (...) -- C:\ProgramData\Card - Conquest hack.dll   [6656]
[MD5.1EC3EA61FB762D81A58F9CADF4DBFE7F] [SPRF][09/05/2014] (...) -- C:\Users\alex\AppData\Roaming\file.exe   [7749632]
[MD5.C3E33580A3A85BE28612B83D0C321E20] [SPRF][15/01/2014] (...) -- C:\Users\alex\AppData\Roaming\PnkBstrK.sys   [22328]
[MD5.6E079CE86E5CE166ED9D18DEA2354D30] [SPRF][08/09/2014] (...) -- C:\Users\alex\Desktop\cacaoweb.exe   [514864]  =>PUP.CacaoWeb
[MD5.53268E9985B9B4C0EDCEBBEB5E17998A] [SPRF][14/05/2014] (...) -- C:\Users\alex\Desktop\Maccr Instant.exe   [904177]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{A54FB4AD-34BB-4EBB-A199-162307278719}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\alex\AppData\Local\Temp\utt24B3.tmp.exe  =>P2P.BitTorrent
O87 - FAEL: "{86F28F68-86E3-49A7-93D3-AAC349770E1F}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\alex\AppData\Local\Temp\utt24B3.tmp.exe  =>P2P.BitTorrent
O87 - FAEL: "{1D93FB55-2374-4876-9F4A-2E68B716A327}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\alex\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{3FDE0B09-48A2-4E06-AA5B-1A407B132037}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\alex\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 01s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5fedfdfe56dea12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"  =>Hijacker.Eazel
[HKCU\Software\5fedfdfe56dea12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52"  =>Hijacker.Eazel
[HKCU\Software\5fedfdfe56dea12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"  =>Hijacker.Eazel
[HKCU\Software\5fedfdfe56dea12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80"  =>Hijacker.Eazel
[HKCU\Software\5fedfdfe56dea12]   =>PUP.Babylon^
~ Export Key Software:  Scanned in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32  =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS  =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASAPI32  =>PUP.SaltarSmart
HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASMANCS  =>PUP.SaltarSmart
HKLM\SOFTWARE\Microsoft\Tracing\utilSaltarSmart_RASAPI32  =>PUP.SaltarSmart
HKLM\SOFTWARE\Microsoft\Tracing\utilSaltarSmart_RASMANCS  =>PUP.SaltarSmart
HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32  =>Adware.Yontoo
HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS  =>Adware.Yontoo
~ BTK: 75 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{14f95421-c981-4820-954e-d83c8537f54c}] (webget)  =>PUP.WebGet
[HKCR\CLSID\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}] (DealPly Shopping)  =>PUP.DealPly
[HKCR\CLSID\{6D9A624D-1F85-19AE-FA0E-242CB17B9F4F}] (YoutubeAdblocker)  =>PUP.Multiplug
~ BCK: 5975 Legitimates Filtered in 00mn 08s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 08/07/2014 262320 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 12/02/2014 43336 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Auto 13/01/2013 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/01/2013 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/02/2014 553288 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 06/09/2013 235216 |  (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
SS - | Demand 03/03/2014 118896 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 01/08/2011 3889424 |  (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SS - | Auto 29/12/2012 1260472 |  (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Auto 23/10/2013 172192 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 25/02/2014 568512 |  (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe
SS - | Auto 06/08/2014 5052224 |  (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
SS - | Demand 20/09/2012 23040 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 30/08/2011 390504 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 26/10/2010 72488 |  (HerculesWiFi) . (.Guillemot Corporation.) - C:\Windows\system32\HerculesWiFiService.exe
SR - | Auto 01/04/2014 2117960 |  (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 30/04/2014 1618888 |  (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 30/04/2014 19701080 |  (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 20/05/2014 668104 |  (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 15/01/2014 66872 |  (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 15/01/2014 107832 |  (PnkBstrB) . (...) - C:\Windows\system32\PnkBstrB.exe
SR - | Auto 16/04/2010 36864 |  (Realtek11nSU) . (.Realtek.) - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
SR - | Auto 20/05/2014 410968 |  (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Demand 25/10/2013 14480 |  (WinDefend) . (.Microsoft Corporation.) - C:\Program Files\Windows Defender\MsMpEng.exe
~ Services:  Scanned in 00mn 10s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by alex at 08/09/2014 20:43:55
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys 
C:\Windows\System32\drivers\nvstor.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 nt!IofCallDriver[0x81892FF3] >> \Device\Harddisk0\DR0[0x855ABA80]
kernel: MBR read successfully
user & kernel MBR OK 
copy of MBR has been found in sector 1953504000 
~ MBR: 15 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by alex at 08/09/2014 20:43:57
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (07/09/2014)
Clés trouvées (Keys found) : 93
Valeurs trouvées (Values found) : 2
Dossiers trouvés  (Folders found) : 43
Fichiers trouvés  (Files found) : 15

[HKLM\Software\Google\Chrome\Extensions\booedmolknjekdopkepjjeckmjkdpfgl]   =>PUP.Manager^
[HKLM\Software\Google\Chrome\Extensions\clfnomefgeeepfaiaojjckkdomjfekfp]   =>PUP.Fun2Save^
[HKLM\Software\Google\Chrome\Extensions\flpcjncodpafbgdpnkljologafpionhb]   =>PUP.Manager^
[HKLM\Software\Google\Chrome\Extensions\gebbadcnkcgcfgpbmcdleckpejgopimf]   =>PUP.CacaoWeb^
[HKLM\Software\Google\Chrome\Extensions\ggbdigfechpiilbmlicmfkpfldlgochc]   =>PUP.SafeWeb^
[HKLM\Software\Google\Chrome\Extensions\jdmnpmilgognmagaehggniokfighafge]   =>PUP.NextCoup^
[HKLM\Software\Google\Chrome\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn]   =>PUP.DealPly^
[HKLM\Software\Google\Chrome\Extensions\plmlljoaimbjemccldbdlanphfcbcgnk]   =>PUP.SaveNet^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14F95421-C981-4820-954E-D83C8537F54C}]   =>PUP.WebGet^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D90393E-C70C-A470-F241-7B32A78204ED}]   =>PUP.SafeWeb^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36655C1D-C127-5A76-C108-B54334EC2533}]   =>PUP.JoniCoupon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}]   =>PUP.DealPly^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D9A624D-1F85-19AE-FA0E-242CB17B9F4F}]   =>PUP.YouTuAdBlocker^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{51417852-174C-88D4-34A0-D0FE7858BE47}]   =>PUP.JoniCoupon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9937E55B-6331-4804-93EF-77E992F204BD}]   =>Adware.SocialSkinz^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}]   =>PUP.YouTuAdBlocker^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{497C131E-2032-051B-B32A-C69A960FBB13}]   =>PUP.SafeWeb^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\webget]   =>PUP.WebGet^
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}]   =>Adware.Agent
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}]   =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}]   =>PUP.Babylon
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}]   =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}]   =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}]   =>Toolbar.Wajam
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}]   =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]   =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}]   =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}]   =>PUP.RewardsArcade
[HKCU\Software\BabylonToolbar]   =>PUP.Babylon
[HKCU\Software\cacaoweb]   =>PUP.CacaoWeb
[HKCU\Software\DataMngr]   =>Adware.Bandoo
[HKLM\Software\DataMngr]   =>Adware.Bandoo
[HKCU\Software\Iminent]   =>Adware.IMBooster
[HKLM\Software\Iminent]   =>Adware.IMBooster
[HKCU\Software\Softonic]   =>Toolbar.Conduit
[HKLM\Software\Tarma Installer]   =>PUP.Tarma
[HKCU\Software\DealPly]   =>PUP.DealPly
[HKLM\Software\DealPly]   =>PUP.DealPly
[HKLM\Software\Microsoft\Tracing\Iminent_RASAPI32]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\Iminent_RASMANCS]   =>Adware.Bandoo
[HKLM\Software\Services x86]   =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP]   =>Adware.IMBooster
[HKLM\Software\Classes\Prod.cap]   =>PUP.Babylon
[HKCU\Software\InstallCore]   =>Adware.InstallCore
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}]   =>Adware.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>PUP.Tarma
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}]   =>Toolbar.DeltaSearch
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}]   =>Adware.MagniPic
[HKCU\Software\AppDataLow\Software\Crossrider]   =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}]   =>Adware.BrowseFox
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent   =>P2P.BitTorrent^
C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\booedmolknjekdopkepjjeckmjkdpfgl   =>PUP.Manager^
C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\clfnomefgeeepfaiaojjckkdomjfekfp   =>PUP.Fun2Save^
C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\flpcjncodpafbgdpnkljologafpionhb   =>PUP.Manager^
C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbadcnkcgcfgpbmcdleckpejgopimf   =>PUP.CacaoWeb^
C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggbdigfechpiilbmlicmfkpfldlgochc   =>PUP.SafeWeb^
C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdmnpmilgognmagaehggniokfighafge   =>PUP.NextCoup^
C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn   =>PUP.DealPly^
C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlljoaimbjemccldbdlanphfcbcgnk   =>PUP.SaveNet^
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\extensions\addon@dealplyshopping.com   =>PUP.DealPly^
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\extensions\cacaoweb@cacaoweb.org   =>PUP.CacaoWeb^
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\extensions\kqdt1@oyrk-.net   =>PUP.SaveNet^
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\extensions\nb3.g@yayeefr-.co.uk   =>PUP.SafeWeb^
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\extensions\pcdr2au@zjlwdlbzi.com   =>PUP.Fun2Save^
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\extensions\plugin@yontoo.com   =>Adware.Yontoo^
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\extensions\tgsl8vq@baia-.com   =>PUP.NextCoup^
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\extensions\{42e0ced7-806f-4983-af54-92bdeefee519}   =>PUP.DealPly^
C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}   =>Adware.MyWebSearch^
C:\Program Files\DealPly   =>PUP.DealPly^
C:\Program Files\Iminent   =>Adware.IMBooster^
C:\Program Files\NExttCooup   =>PUP.NextCoup^
C:\Program Files\siafeweb   =>PUP.SafeWeb^
C:\Program Files\ssave. neeT   =>PUP.SaveNet^
C:\Program Files\TornTV.com   =>Hijacker.TornTV^
C:\Program Files\webget   =>PUP.WebGet^
C:\Program Files\Yontoo   =>Adware.Yontoo^
C:\Program Files\YoutubeAdblocker   =>PUP.YouTuAdBlocker^
C:\ProgramData\Babylon   =>PUP.Babylon^
C:\ProgramData\BerOwsae22savaee   =>Adware.Browse2Save^
C:\ProgramData\GreenApp   =>PUP.SafeWeb^
C:\ProgramData\InstallMate   =>PUP.Tarma^
C:\ProgramData\JoniCoupon   =>PUP.JoniCoupon^
C:\ProgramData\NExttCooup   =>PUP.NextCoup^
C:\ProgramData\siafeweb   =>PUP.SafeWeb^
C:\ProgramData\ssave. neeT   =>PUP.SaveNet^
C:\ProgramData\Tarma Installer   =>PUP.Tarma^
C:\ProgramData\YoutubeAdblocker   =>PUP.YouTuAdBlocker^
C:\Users\alex\AppData\Roaming\Babylon   =>PUP.Babylon^
C:\Users\alex\AppData\Roaming\cacaoweb   =>PUP.CacaoWeb^
C:\Users\alex\AppData\Roaming\Dealply   =>PUP.DealPly^
C:\Users\alex\AppData\Roaming\mysearchdial   =>Adware.MyWebSearch^
C:\Users\alex\AppData\Roaming\Yontoo   =>Adware.Yontoo^
C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly   =>PUP.DealPly^
C:\Users\alex\AppData\Roaming\WebPlayerBdd   =>Adware.SocialSkinz
C:\Program Files\DealPly\DealPlyUpdate.exe   =>PUP.DealPly^
[HKCU\Software\webget]   =>PUP.WebGet^
[HKLM\Software\Babylon]   =>PUP.Babylon^
C:\Users\alex\Desktop\cacaoweb.exe   =>PUP.CacaoWeb^
[HKCU\Software\5fedfdfe56dea12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"   =>Hijacker.Eazel^
[HKCU\Software\5fedfdfe56dea12\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"   =>Hijacker.Eazel^
[HKCU\Software\5fedfdfe56dea12]   =>PUP.Babylon^^
[HKCR\CLSID\{14f95421-c981-4820-954e-d83c8537f54c}] (webget)   =>PUP.WebGet^
[HKCR\CLSID\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}] (DealPly Shopping)   =>PUP.DealPly^
[HKCR\CLSID\{6D9A624D-1F85-19AE-FA0E-242CB17B9F4F}] (YoutubeAdblocker)   =>PUP.Multiplug^
C:\Users\alex\Downloads\cacaoweb.exe   =>PUP.CacaoWeb
C:\Users\alex\AppData\Local\Temp\dlLogic.exe  =>Toolbar.Conduit
C:\Users\alex\AppData\Local\Temp\GCVerifier.dll  =>Toolbar.Conduit
~ Additionnel Scan: 398405 Items scanned in 00mn 32s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g0-page-de-demarrage-google-chrome/  =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/g2-google-chrome-extensions/  =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/  =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/  =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/  =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/  =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/adware-mywebsearch  =>Adware.MyWebSearch
http://nicolascoolman.fr/pup-manager  =>PUP.Manager
http://nicolascoolman.fr/pup-cacaoweb  =>PUP.CacaoWeb
http://nicolascoolman.fr/pup-safeweb  =>PUP.SafeWeb
http://nicolascoolman.fr/pup-dealply  =>PUP.DealPly
http://nicolascoolman.fr/pup-babylon  =>PUP.Babylon
http://nicolascoolman.fr/hijacker-eazel  =>Hijacker.Eazel
http://nicolascoolman.fr/toolbar-deltasearch  =>Toolbar.DeltaSearch
http://nicolascoolman.fr/hijacker-trovigo  =>Hijacker.Trovigo
http://nicolascoolman.fr/adware-yontoo  =>Adware.Yontoo
http://nicolascoolman.fr/pup-webget  =>PUP.WebGet
http://nicolascoolman.fr/pup-tarma  =>PUP.Tarma
http://nicolascoolman.fr/adware-socialskinz  =>Adware.SocialSkinz
http://nicolascoolman.fr/adware-imbooster  =>Adware.IMBooster
http://nicolascoolman.fr/adware-installcore  =>Adware.InstallCore
http://nicolascoolman.fr/toolbar-conduit  =>Toolbar.Conduit
http://nicolascoolman.fr/pup-crossrider  =>PUP.CrossRider
http://nicolascoolman.fr/hijacker-torntv  =>Hijacker.TornTV
http://nicolascoolman.fr/adware-browse2save  =>Adware.Browse2Save
http://nicolascoolman.fr/pup-saltarsmart  =>PUP.SaltarSmart
http://nicolascoolman.fr/pup-mutiplug  =>PUP.Multiplug
http://nicolascoolman.fr/pup-rewardsarcade  =>PUP.RewardsArcade
http://nicolascoolman.fr/adware-bandoo  =>Adware.Bandoo
http://nicolascoolman.fr/adware-magnipic  =>Adware.MagniPic
http://nicolascoolman.fr/adware-browsefox  =>Adware.BrowseFox
~ MSI: 25 link(s) detected in 00mn 00s



~ 843 Legitimates filtered by white list
End of the scan (839 lines in 06mn 31s)(14)