cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par Book (30/01/2014 17:35:43)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16484
MFIE: Mozilla Firefox 26.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Pro, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, VOLUME_KMSCLIENT channel
Windows ID Activation : OK
~ Windows Partial Key : J8CK4
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Windows Defender W8

---\\ Logiciels d'optimisation du système
CCleaner v4.07 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer
Pando Media Booster v2.6.0.7

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Java 7 Update 10
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1973 MB (25% free)
System Restore: Activé (Enable)
System drive C: has 153 GB (71%) free of 215 GB

---\\ Mode de connexion au système
~ Computer Name: BOOK
~ User Name: Book
~ All Users Names: HomeGroupUser$, fbwuser, Book, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Book\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Book\AppData\Roaming\
~ %Desktop% : C:\Users\Book\Desktop\
~ %Favorites% : C:\Users\Book\Favorites\
~ %LocalAppData% : C:\Users\Book\AppData\Local\
~ %StartMenu% : C:\Users\Book\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 153 Go of 215 Go)
D: Hard drive, Flash drive, Thumb drive (Free 192 Go of 251 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.E13A31D5254C25406A7946BDD9B06364] - (.Microsoft Corporation - Explorateur Windows.) (.11/10/2012 - 08:35:16.) -- C:\Windows\Explorer.exe [2380944]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.BDE820861D8107C67E182DF66A27074F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/12/2012 - 01:29:16.) -- C:\Windows\System32\wininet.dll [2246656]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.877D60D6E4156EC4A2E0B6871D41BED9] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.06/11/2012 - 04:52:49.) -- C:\Windows\system32\Drivers\MRxSmb.sys [366080]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.11D7A4A4A1DA60F394F53B413DCDF0DE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10/01/2013 - 02:29:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1934056]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.26/07/2012 - 05:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/28
~ Mes musiques (My Musics) : 1/364
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 3/4068
~ Mon Bureau (My Desktop) : 2/5122
~ Menu demarrer (Programs) : 1/52
~ Hidden Files: Scanned in 00mn 26s



---\\ Processus lancés
[MD5.AA2853F85CFDE861D8A9163E92E22DFD] - (.Skillbrains - Lightshot.) -- C:\Users\Book\AppData\Local\Skillbrains\lightshot\4.4.2.10\LightShot.exe [313120] [PID.2536]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Book\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.2620]
[MD5.615E58F9963734185756AEE4959BA964] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20728480] [PID.4064]
[MD5.3B0BA44D5691E00088B956394FDE64B6] - (.Google Inc. - Google Chrome.) -- C:\Users\Book\AppData\Local\Google\Chrome\Application\chrome.exe [866584] [PID.4412]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.4228]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Book\AppData\Roaming\Mozilla\Firefox\Profiles\r91gvq7i.default\prefs.js
C:\Users\Book\AppData\Roaming\Mozilla\Firefox\Profiles\r91gvq7i.default\user.js
M3 - MFPP: Plugins - [Book] -- C:\Users\Book\AppData\Roaming\Mozilla\Firefox\Profiles\r91gvq7i.default\searchplugins\bingp.xml
M3 - MFPP: Plugins - [Book] -- C:\Users\Book\AppData\Roaming\Mozilla\Firefox\Profiles\r91gvq7i.default\searchplugins\conduit-search.xml =>Toolbar.Conduit
M2 - MFEP: prefs.js [Book - r91gvq7i.default\battlefieldplay4free@ea.com] [] Battlefield Play4Free v1.0.96.0 (..)
M2 - MFEP: prefs.js [Book - r91gvq7i.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.5.9.20130411104515 (..)
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com =>Hijacker.Qvo6
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 17



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Actionaz.lnk . (...) -- C:\Program Files\Actionaz\actionaz.exe
O4 - GS\Desktop [Public]: Acunetix Web Vulnerability Scanner 9.lnk . (.Acunetix - Web Vulnerability Scanner.) -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 9\wvs.exe
O4 - GS\Desktop [Public]: CyberGhost VPN.lnk . (.CyberGhost SRL - CyberGhost VPN Client.) -- C:\Program Files\CyberGhost VPN\CyberGhost.exe
O4 - GS\Desktop [Public]: OpenVPN GUI.lnk . (...) -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
O4 - GS\Desktop [Public]: Pipix.lnk . (...) -- C:\Program Files (x86)\Pipix\Pipix-3.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mullvad.lnk . (...) -- C:\Program Files (x86)\Mullvad\mullvad.exe (.not file.)
O4 - GS\Program [Public]: Webplayer.lnk . (...) -- C:\Program Files (x86)\Webplayer\Webplayer.exe (.not file.) =>Adware.SocialSkinz
O4 - GS\QuickLaunch [Book]: Auto Clicker.lnk . (...) -- C:\Program Files (x86)\Auto Clicker\AutoClicker.exe (.not file.)
O4 - GS\QuickLaunch [Book]: CyberGhost VPN.lnk . (.CyberGhost SRL - CyberGhost VPN Client.) -- C:\Program Files\CyberGhost VPN\CyberGhost.exe
O4 - GS\QuickLaunch [Book]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Book\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Book]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\QuickLaunch [Book]: Oracle VM VirtualBox.lnk . (...) -- C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe (.not file.)
O4 - GS\QuickLaunch [Book]: Yahoo! Messenger.lnk . (...) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (.not file.)
O4 - GS\TaskBar [Book]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Book\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Book]: Hardfight.lnk . (...) -- C:\Users\Book\Downloads\Hardfight.exe
O4 - GS\TaskBar [Book]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\TaskBar [Book]: Minecraft (2).lnk . (...) -- C:\Users\Book\Desktop\Launchers\Minecraft.exe
O4 - GS\TaskBar [Book]: Minecraft(1).lnk . (...) -- C:\Users\Book\Desktop\Inutiles\Enorme\Minecraft.exe
O4 - GS\TaskBar [Book]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [Book]: OpenVPN GUI.lnk . (...) -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
O4 - GS\TaskBar [Book]: Sénacraft (3).lnk . (...) -- C:\Users\Book\Desktop\Launchers\Sénacraft (3).exe
O4 - GS\TaskBar [Book]: Sénacraft (4).lnk . (...) -- C:\Users\Book\Downloads\Sénacraft (4).exe
O4 - GS\TaskBar [Book]: Wardfight.lnk . (...) -- C:\Users\Book\Desktop\Wardfight.exe
O4 - GS\TaskBar [Book]: WarFury.lnk . (...) -- C:\Users\Book\Downloads\WarFury.exe
O4 - GS\Program [Book]: Aut2Exe.lnk - Clé orpheline
O4 - GS\Program [Book]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\Program [Book]: join.me.lnk . (.LogMeIn, Inc. - join.me.) -- C:\Users\Book\AppData\Local\join.me\join.me.exe
O4 - GS\Program [Book]: OpenVPN GUI.lnk . (...) -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
O4 - GS\SendTo [Book]: Sandboxie - DefaultBox.lnk . (...) -- C:\Program Files (x86)\Sandboxie\Start.exe (.not file.)
O4 - GS\Desktop [Book]: Cheat Engine.lnk . (...) -- C:\Program Files (x86)\Cheat Engine 6.3\Cheat Engine.exe
O4 - GS\Desktop [Book]: join.me.lnk . (.LogMeIn, Inc. - join.me.) -- C:\Users\Book\AppData\Local\join.me\join.me.exe
O4 - GS\Desktop [Book]: Nmap - Zenmap GUI.lnk . (...) -- C:\Program Files (x86)\Nmap\zenmap.exe
~ Global Startup: 68 Legitimates Filtered in 00mn 03s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: rvlkl.lnk . (...) -- C:\ProgramData\rvlkl\rvlkl.exe (.not file.) =>Keylogger.Logixoft
O4 - GS\Startup [Book]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Book\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - GS\Startup [Book]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - GS\Startup [Book]: windows.lnk . (...) -- C:\Users\Book\AppData\Roaming\Microsoft\HeciServer.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [HKCU] . (.Microsoft Corporation - Microsoft .NET Services Installation Utilit.) -- C:\Users\Book\AppData\Roaming\WinDir\Calc.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Book\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [CraftMeBook] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Book\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [Microsoft(R) Delayed Launcher] Clé orpheline
O4 - HKCU\..\Run: [File] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
O4 - HKCU\..\Run: [SandboxieControl] . (.Sandboxie Holdings, LLC - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKCU\..\Run: [System] . (.Microsoft Corporation - Windows Calculator.) -- C:\Users\Book\AppData\Local\Temp\System\System32.exe
O4 - HKCU\..\Run: [LightShot] . (.Pas de propriétaire - Starter Module.) -- C:\Users\Book\AppData\Local\Skillbrains\lightshot\LightShot.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Book\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [System64] . (.Microsoft Corporation - Windows Calculator.) -- C:\Users\Book\AppData\Local\Temp\System\System32.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKLM\..\Wow6432Node\Run: [Aeria Ignite] . (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\policies\Explorer\Run: [Microsoft(R) Delayed Launcher] Clé orpheline
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [HKCU] . (.Microsoft Corporation - Microsoft .NET Services Installation Utilit.) -- C:\Users\Book\AppData\Roaming\WinDir\Calc.exe
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Book\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [CraftMeBook] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Book\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [Microsoft(R) Delayed Launcher] Clé orpheline
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [File] . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [SandboxieControl] . (.Sandboxie Holdings, LLC - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [System] . (.Microsoft Corporation - Windows Calculator.) -- C:\Users\Book\AppData\Local\Temp\System\System32.exe
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [LightShot] . (.Pas de propriétaire - Starter Module.) -- C:\Users\Book\AppData\Local\Skillbrains\lightshot\LightShot.exe
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Book\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [System64] . (.Microsoft Corporation - Windows Calculator.) -- C:\Users\Book\AppData\Local\Temp\System\System32.exe
O4 - HKUS\S-1-5-21-1957931178-653952670-3862380426-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{434A680E-C66E-4DCF-91FE-DC290F1091DF}: NameServer = 195.60.76.114 195.60.76.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E65384B-BFEF-4826-BF47-CF98D7A88617}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{434A680E-C66E-4DCF-91FE-DC290F1091DF}: NameServer = 195.60.76.114 195.60.76.115
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E65384B-BFEF-4826-BF47-CF98D7A88617}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\PROGRA~3\Wincert\WIN32C~1.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Metasploit Pro Service (metasploitProSvc) . (.http://www.ruby-lang.org/ - Ruby interpreter (CUI) 1.9.3p484 [i386-ming.) - C:\metasploit\ruby\bin\ruby.exe
O23 - Service: Metasploit Thin Service (metasploitThin) . (.http://www.ruby-lang.org/ - Ruby interpreter (CUI) 1.9.3p484 [i386-ming.) - C:\metasploit\ruby\bin\ruby.exe
O23 - Service: Metasploit Worker (metasploitWorker) . (.http://www.ruby-lang.org/ - Ruby interpreter (CUI) 1.9.3p484 [i386-ming.) - C:\metasploit\ruby\bin\ruby.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
~ Services: 9 Legitimates Filtered in 00mn 03s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\bench-sys.job [352] =>PUP.GiganticSavings
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\bench-Updater removing.job [304] =>PUP.GiganticSavings
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\update-S-1-5-21-1957931178-653952670-3862380426-1001.job [396]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\update-sys.job [396]
[MD5.00000000000000000000000000000000] [APT] [bench-sys] (...) -- C:\Program Files (x86)\Bench\Updater\Updater.exe (.not file.) [0] =>PUP.GiganticSavings
[MD5.00000000000000000000000000000000] [APT] [DealPlyUpdate] (...) -- C:\Program Files (x86)\DealPly\DealPlyUpdate.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [Run RoboForm TaskBar Icon] (...) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask
[MD5.71D63875DB82FB0BF3FAA16206761681] [APT] [update-sys] (...) -- C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [112416]
[MD5.984E28E70D1000272A2AB61E34D12D6E] [APT] [{7E0362EF-A72F-47B0-965E-AB5E94B59B05}] (...) -- C:\Users\Book\Desktop\Havij v1.16 Pro Portable.exe [5292723]
[MD5.00000000000000000000000000000000] [APT] [{A0ACC920-27C4-4E2F-B344-F556D4058E25}] (...) -- C:\ProgramData\{82A48871-A669-4E3F-B884-881FDFDDFBC5}\BearShare_V10_fr_Setup.exe (.not file.) [0] =>PUP.BearShare
[MD5.00000000000000000000000000000000] [APT] [{A10340D9-9D2C-4B70-980B-DEFAA596EB0B}] (...) -- C:\Program Files (x86)\Tiny Firewall\SysReport.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B7DB09CF-33B9-48F9-A778-07A8A7AECD3E}] (...) -- C:\Program Files (x86)\DealPly\uninst.exe (.not file.) [0] =>PUP.DealPly
~ Scheduled Task: 21 Legitimates Filtered in 00mn 08s



---\\ Logiciels installés (O42)
O42 - Logiciel: DarkComet Remover version 2.0 - (.Phrozen ® Software 2013..) [HKLM][64Bits] -- DarkComet Remover_is1
O42 - Logiciel: Eazfuscator.NET - (.Gapotchenko.) [HKLM][64Bits] -- {FED0C86A-17AA-4157-ABA3-2AD47C815CE8}
O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM][64Bits] -- {F750DB0E-D452-3108-63C9-FE16BC686741} =>Adware.SocialSkinz
~ Logic: 10 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5f4dcd1b53abd48] =>Hijacker.Eazel
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BearShare] =>PUP.BearShare
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Crypted]
[HKCU\Software\Cyber]
[HKCU\Software\D-Guard]
[HKCU\Software\DC3_FEXEC] =>Trojan.Fynloski
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DealPlyLive] =>PUP.DealPly
[HKCU\Software\Eazfuscator.NET]
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\HEViewer]
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstalledThirdPartyPrograms]
[HKCU\Software\NetUtils]
[HKCU\Software\Pando Networks]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\frobyd]
[HKCU\Software\user32.dll]
[HKLM\Software\IB Updater] =>Adware.InstallBrain
[HKLM\Software\InstalledThirdPartyPrograms]
[HKLM\Software\Wow6432Node\BearShareSRTB] =>PUP.BearShare
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Eazfuscator.NET]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\deskSvc]
~ Key Software: 309 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/07/2013 - 10:49:19 - [0] ----D C:\Program Files (x86)\Boxore =>Adware.Boxore
O43 - CFD: 17/01/2014 - 20:46:51 - [7,182] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 07/02/2013 - 18:59:06 - [0,004] ----D C:\ProgramData\610D
O43 - CFD: 15/07/2013 - 22:31:17 - [0] ----D C:\ProgramData\APN
O43 - CFD: 19/07/2013 - 02:57:10 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 20/10/2013 - 21:14:46 - [0,371] ----D C:\ProgramData\DealPlyLive =>PUP.DealPly
O43 - CFD: 05/10/2013 - 14:59:48 - [0,002] ----D C:\ProgramData\DYA_EGRQTWOKQVCBJBDAV
O43 - CFD: 27/12/2013 - 22:27:52 - [0,059] ----D C:\ProgramData\eSafe =>PUP.eSafeSecurity
O43 - CFD: 13/12/2013 - 21:34:32 - [0,168] ----D C:\ProgramData\Nimoru
O43 - CFD: 18/12/2013 - 21:57:22 - [0] -SH-D C:\ProgramData\{$1284-9213-2940-1289$}
O43 - CFD: 30/12/2013 - 02:11:45 - [191,524] ----D C:\Users\Book\AppData\Roaming\.allfight
O43 - CFD: 22/06/2013 - 22:37:28 - [13,942] ----D C:\Users\Book\AppData\Roaming\.DayOfPvp
O43 - CFD: 19/01/2014 - 15:24:08 - [156,218] ----D C:\Users\Book\AppData\Roaming\.hardfight
O43 - CFD: 26/08/2013 - 15:25:53 - [107,833] ----D C:\Users\Book\AppData\Roaming\.playforcraft
O43 - CFD: 27/12/2013 - 14:34:46 - [59,777] ----D C:\Users\Book\AppData\Roaming\.scclient
O43 - CFD: 28/01/2014 - 22:16:40 - [76,287] ----D C:\Users\Book\AppData\Roaming\.senacraft
O43 - CFD: 28/01/2014 - 21:44:40 - [263,362] ----D C:\Users\Book\AppData\Roaming\.wardfight
O43 - CFD: 19/01/2014 - 02:07:10 - [43,614] ----D C:\Users\Book\AppData\Roaming\.WarFury
O43 - CFD: 18/09/2013 - 17:17:55 - [29,488] ----D C:\Users\Book\AppData\Roaming\.WF
O43 - CFD: 20/04/2013 - 17:01:29 - [0,032] --H-D C:\Users\Book\AppData\Roaming\422816A9
O43 - CFD: 10/03/2013 - 19:12:14 - [0] ----D C:\Users\Book\AppData\Roaming\ARA
O43 - CFD: 15/07/2013 - 10:48:35 - [4,155] ----D C:\Users\Book\AppData\Roaming\eIntaller
O43 - CFD: 27/12/2013 - 22:27:52 - [0,060] ----D C:\Users\Book\AppData\Roaming\File Scout =>PUP.FileScout
O43 - CFD: 27/01/2014 - 23:37:00 - [0,011] ----D C:\Users\Book\AppData\Roaming\FTPCracker
O43 - CFD: 11/10/2013 - 19:39:58 - [0] RSH-D C:\Users\Book\AppData\Roaming\System32
O43 - CFD: 12/07/2013 - 18:38:08 - [0] ----D C:\Users\Book\AppData\Roaming\Target Folder
O43 - CFD: 07/02/2013 - 19:04:33 - [0] ----D C:\Users\Book\AppData\Roaming\TFP
O43 - CFD: 27/01/2014 - 23:30:15 - [0] ----D C:\Users\Book\AppData\Roaming\WebhostChecker
O43 - CFD: 20/04/2013 - 17:00:54 - [0,043] RSH-D C:\Users\Book\AppData\Roaming\WinDir
O43 - CFD: 20/10/2013 - 21:14:47 - [0] ----D C:\Users\Book\AppData\Local\DealPlyLive =>PUP.DealPly
O43 - CFD: 29/08/2013 - 21:13:53 - [0,001] ----D C:\Users\Book\AppData\Local\Gapotchenko
O43 - CFD: 13/07/2013 - 23:23:29 - [0,003] ----D C:\Users\Book\AppData\Local\Oleksiy_Gapotchenko
O43 - CFD: 05/07/2013 - 09:18:21 - [0,001] ----D C:\Users\Book\AppData\Local\PolarByte.net
~ Program Folder: 235 Legitimates Filtered in 01mn 16s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7AD125D220791122A190A95C90C4EF8A] - 25/01/2014 - 22:25:13 ---A- . (...) -- C:\Windows\WVS_InstDBLogFile.csv [96]
O44 - LFC:[MD5.707577FE6926B9DACA5F9B563D8114E4] - 27/01/2014 - 19:10:25 ---A- . (...) -- C:\Windows\Sandboxie.ini [1462]
~ Files: 8 Legitimates Filtered in 00mn 09s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.D168AE57558A6174FB35E0F82B32F62B] - 12/01/2013 - 18:06:45 ---A- . (...) -- C:\Windows\System32\Drivers\aswnet.sys.sum [175]
O58 - SDL:[MD5.571153E09F5A190F534DB1C5CE72A45B] - 07/03/2013 - 15:14:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswvmm.sys.sum [175]
O58 - SDL:[MD5.361BC37EA7865AFA7899471E41DFA8B6] - 12/04/2013 - 19:53:02 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys [46280]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:[MD5.F9BE29D5E097F03F81D3CD12B794CB66] - 15/12/2011 - 19:29:42 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [31232]
O58 - SDL:[MD5.BD08C9D4FDA1ED615DD521B3510B550E] - 10/01/2013 - 20:43:36 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 17 Legitimates Filtered in 00mn 04s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.qvo6.com =>Hijacker.Qvo6
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Book - r91gvq7i.default] user_pref("browser.newtab.url", "http://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1[...]
O69 - SBI: prefs.js [Book - r91gvq7i.default] user_pref("extensions.crossrider.bic", "141d784c6712ed57e635797a43762931"); =>PUP.CrossRider
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.B910B1D8920332DF72A690ACACE88BB9] [SPRF][15/09/2013] (...) -- C:\ProgramData\Setting.dat [278]
[MD5.13804F8DC4E72BA103D5E34DE895C9DB] [SPRF][29/01/2014] (...) -- C:\Users\Book\AppData\Local\Temp\upnp.exe [12288]
[MD5.91921A85B411BE4DC133B57518A0BC32] [SPRF][26/10/2013] (...) -- C:\Users\Book\AppData\Roaming\Booklog.dat [143650]
[MD5.E2BFC7C5E651A14A63ED1B10FDD6CFD4] [SPRF][29/09/2013] (...) -- C:\Users\Book\AppData\Roaming\cglogs.dat [187913]
[MD5.494FCD1061795018107893DF77385E1A] [SPRF][02/08/2013] (...) -- C:\Users\Book\Desktop\Ascentia.exe [833424]
[MD5.A3F64DCF50255ED2D684DD8ECB1FFDED] [SPRF][02/01/2014] (.Isidar eBooks - CP Wizardry.) -- C:\Users\Book\Desktop\CPWizardry.exe [34952292]
[MD5.3EBEED5D9F6B80282ACFD037E365C0DD] [SPRF][13/01/2014] (...) -- C:\Users\Book\Desktop\FTPCracked.exe [9514375]
[MD5.984E28E70D1000272A2AB61E34D12D6E] [SPRF][22/09/2012] (...) -- C:\Users\Book\Desktop\Havij v1.16 Pro Portable.exe [5292723]
[MD5.446F134A7CCD3C74CF5CA97193D60942] [SPRF][27/12/2013] (...) -- C:\Users\Book\Desktop\Icon Changer.exe [714666]
[MD5.5E6B471E46B32F49F651157D68C371E5] [SPRF][01/01/2014] (...) -- C:\Users\Book\Desktop\ICryptex Binder.exe [1394848]
[MD5.CB4139E72B5E09F0DE35315F68BDAD4F] [SPRF][23/04/2012] (...) -- C:\Users\Book\Desktop\MaXIsploit.exe [1953792]
[MD5.0926ED1E5F0B5E4E99BDD47AACCD6970] [SPRF][26/01/2014] (...) -- C:\Users\Book\Desktop\minecraft_server.1.6.4.exe [6542715]
[MD5.388E7E6B023880C01DD30A1A0C85D712] [SPRF][28/01/2014] (...) -- C:\Users\Book\Desktop\Royalstresser.exe [1573034]
[MD5.2A7CF13ACB76BD371FC77250462DEB7D] [SPRF][25/12/2013] (.Gary's Hood - Pas de description.) -- C:\Users\Book\Desktop\rsclient.exe [61440]
[MD5.6BCDD719DD53DA2F0E9F9D292C46D0E3] [SPRF][24/11/2013] (...) -- C:\Users\Book\Desktop\Shell Finder.exe [738304]
[MD5.EBB746C9F3804C2ADB1E27B64147E35B] [SPRF][03/01/2014] (...) -- C:\Users\Book\Desktop\Wardfight.exe [411693]
[MD5.BF8015E314305305D514E7C4D6529995] [SPRF][18/01/2014] (...) -- C:\Users\Book\Desktop\WarFury.exe [3756988]
~ Files: 22 Legitimates Filtered in 00mn 07s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{6E9AA82C-D760-477B-9EFD-2AA16C5DEAB7}" | In - Public - P6 - TRUE | .(.Unremote.org - A remote administration tool from the cosmos.) -- C:\Users\Book\Desktop\Darkcomet\DarkComet.exe
O87 - FAEL: "{6ED6C293-2BEF-4958-B7D2-BB49F213F7BD}" | In - Public - P17 - TRUE | .(.Unremote.org - A remote administration tool from the cosmos.) -- C:\Users\Book\Desktop\Darkcomet\DarkComet.exe
O87 - FAEL: "{0747BDBF-467C-41DE-AB3D-9CAA7372C643}" | In - Domain - P6 - TRUE | .(.Unremote.org - A remote administration tool from the cosmos.) -- C:\Users\Book\Desktop\Darkcomet\DarkComet.exe
O87 - FAEL: "{B864E2E9-E377-434C-B49E-F7793D33A33C}" | In - Domain - P17 - TRUE | .(.Unremote.org - A remote administration tool from the cosmos.) -- C:\Users\Book\Desktop\Darkcomet\DarkComet.exe
~ Firewall: 271 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "5923976166327F040A543A4EA21863E5" . (.Bing Bar.) -- C:\WINDOWS\Installer\{16793295-2366-40F7-A045-A3E42A81365E}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 63 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5f4dcd1b53abd48\2.6.1519.190\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\5f4dcd1b53abd48\2.6.1673.238\upd]:="upd=1" =>Hijacker.Eazel
[HKCU\Software\5f4dcd1b53abd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:dllName="BrowserDefender.dll" =>Hijacker.Eazel
[HKCU\Software\5f4dcd1b53abd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:exeName="BrowserDefender.exe" =>Hijacker.Eazel
[HKCU\Software\5f4dcd1b53abd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:folderName="BrowserDefender" =>Hijacker.Eazel
[HKCU\Software\5f4dcd1b53abd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5f4dcd1b53abd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:serviceName="BrowserDefendert" =>PUA.BrowserDefendert
[HKCU\Software\5f4dcd1b53abd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version="2.6.1339.144" =>Hijacker.Eazel
[HKCU\Software\5f4dcd1b53abd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll" =>Hijacker.Eazel
[HKCU\Software\5f4dcd1b53abd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:exeName="BrowserDefender.exe" =>Hijacker.Eazel
[HKCU\Software\5f4dcd1b53abd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:folderName="BrowserDefender" =>Hijacker.Eazel
[HKCU\Software\5f4dcd1b53abd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5f4dcd1b53abd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:serviceName="BrowserDefendert" =>PUA.BrowserDefendert
[HKCU\Software\5f4dcd1b53abd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:version="2.6.1519.190" =>Hijacker.Eazel
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.2A093064761C401F070C1839762E9E24] [WIS][20/10/2013] (.Kreapixel - Webplayer.) -- C:\Windows\Installer\12b0337.msi [21504] =>Adware.SocialSkinz
~ WIS: 68 Legitimates Filtered in 00mn 07s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 28/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 13/02/2012 240408 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe
SS - | Demand 26/04/2012 2438696 | (CGVPNCliSrvc) . (.mobile concepts GmbH.) - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
SS - | Demand 19/10/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 28/10/2012 427976 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 26/04/2011 14848 | (OpenVPNService) . (...) - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
SS - | Demand 10/07/1658 0 | (rpcapd) . (...) - C:\Program Files (x86)\WinPcap\rpcapd.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SR - | Auto 28/09/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 13/02/2012 193816 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 07/12/2013 79872 | (metasploitPostgreSQL) . (.PostgreSQL Global Development Group.) - C:\metasploit\postgresql\bin\pg_ctl.exe
SR - | Auto 24/11/2013 70239 | (metasploitProSvc) . (.http://www.ruby-lang.org/.) - C:\metasploit\ruby\bin\ruby.exe
SR - | Auto 24/11/2013 70239 | (metasploitThin) . (.http://www.ruby-lang.org/.) - C:\metasploit\ruby\bin\ruby.exe
SR - | Auto 24/11/2013 70239 | (metasploitWorker) . (.http://www.ruby-lang.org/.) - C:\metasploit\ruby\bin\ruby.exe
SR - | Auto 16/10/2013 186056 | (SbieSvc) . (.Sandboxie Holdings, LLC.) - C:\Program Files\Sandboxie\SbieSvc.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 10s



---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 146
Valeurs trouvées (Values found) : 6
Dossiers trouvés (Folders found) : 12
Fichiers trouvés (Files found) : 12

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate] =>PUP.DealPly^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F750DB0E-D452-3108-63C9-FE16BC686741}] =>Adware.SocialSkinz^
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKCU\Software\DC3_FEXEC] =>Trojan.Fynloski
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find
[HKLM\Software\Wow6432Node\qvo6Software] =>Hijacker.Qvo6
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc] =>PUP.eSafeSecurity
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:HKCU =>Trojan.Agent
C:\Program Files (x86)\Boxore =>Adware.Boxore^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\DealPlyLive =>PUP.DealPly^
C:\ProgramData\eSafe =>PUP.eSafeSecurity^
C:\Users\Book\AppData\Roaming\File Scout =>PUP.FileScout^
C:\Users\Book\AppData\Local\DealPlyLive =>PUP.DealPly^
C:\Program Files (x86)\Software =>Adware.Boxore
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Home Key Logger =>Keylogger.Home
C:\Users\Book\AppData\Roaming\eIntaller =>PUP.eSafeSecurity
C:\Users\Book\AppData\Local\SearchProtect =>Toolbar.Conduit
C:\Users\Book\AppData\Local\Software =>Adware.Boxore
C:\Users\Book\AppData\Local\Zoom_Downloader =>Adware.iBryte
C:\Windows\Tasks\bench-sys.job =>PUP.GiganticSavings^
C:\Windows\Tasks\bench-Updater removing.job =>PUP.GiganticSavings^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\BearShare] =>PUP.BearShare^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\DealPlyLive] =>PUP.DealPly^
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKLM\Software\IB Updater] =>Adware.InstallBrain^
[HKLM\Software\Wow6432Node\BearShareSRTB] =>PUP.BearShare^
[HKCU\Software\5f4dcd1b53abd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:dllName="BrowserDefender.dll" =>Hijacker.Eazel^
[HKCU\Software\5f4dcd1b53abd48\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1519.190]:dllName="BrowserDefender.dll" =>Hijacker.Eazel^
C:\Windows\Installer\12b0337.msi =>Adware.SocialSkinz^
~ Additionnel Scan: 260052 Items scanned in 00mn 15s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6 =>Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/27910374-keylogger-logixoft =>Keylogger.Logixoft
~ http://nicolascoolman.webs.com/apps/blog/show/37514218-pup-giganticsavings =>PUP.GiganticSavings
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26705717-pup-bearshare =>PUP.BearShare
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/32240257-trojan-fynloski =>Trojan.Fynloski
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/34311830-pup-filescout =>PUP.FileScout
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/26907365-adware-installbrain =>Adware.InstallBrain
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/35127313-pua-browserdefendert =>PUA.BrowserDefendert
~ http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade =>PUP.RewardsArcade
~ http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software =>PUP.V9Software
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26874182-adware-ibryte =>Adware.iBryte
~ MSI: 30 link(s) detected in 00mn 15s



~ 1103 Legitimates filtered by white list
End of the scan (758 lines in 03mn 53s)(0)

Publicité


Signaler le contenu de ce document

Publicité