cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.2.5 - Nicolas Coolman (02/01/2014)
~ Lancé par jeff (09/01/2014 08:59:16)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)
OPIE: Opera v12.16

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : PV9HW
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.2.286
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus v3.8.130.10
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.04 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 2 GB (2%) free of 75 GB

---\\ Mode de connexion au système
~ Computer Name: JFS-PC
~ User Name: jeff
~ All Users Names: yoodaSGBD, jeff, HomeGroupUser$, Administrateur,
~ Unselected Option: O45
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\jeff\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jeff\AppData\Roaming\
~ %Desktop% : C:\Users\jeff\Desktop\
~ %Favorites% : C:\Users\jeff\Favorites\
~ %LocalAppData% : C:\Users\jeff\AppData\Local\
~ %StartMenu% : C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 2 Go of 75 Go)
D: Hard drive, Flash drive, Thumb drive (Free 124 Go of 209 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/41
~ Mes musiques (My Musics) : 1/13
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/146
~ Mon Bureau (My Desktop) : 0/18
~ Menu demarrer (Programs) : 1/79
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2144]
[MD5.1971D838A88F58D59543E9B3CDA5FFC4] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [305720] [PID.3716]
[MD5.F4DCD4912B185C3AAEB92A7040832AD1] - (.Pas de propriétaire - ALU.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [51768] [PID.3744]
[MD5.97F60D16F052DA9CB619AB9A96CB2D4E] - (.Pas de propriétaire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440] [PID.3764]
[MD5.AC8A3C47D389143DA318CB9BEC73F68B] - (...) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [54400] [PID.3792]
[MD5.C22792F87481E05FA6538FA405E0975F] - (.Glarysoft Ltd - Glary Utilities 3.) -- C:\Program Files (x86)\Glary Utilities 3\Integrator.exe [472352] [PID.3976]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.4360]
[MD5.F7E1CCBAD109329203AACB1E87BE614C] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe [27776968] [PID.4460]
[MD5.F30BD702688CA1F2C28122132D3ECF1A] - (.Microsoft Corporation - Send to OneNote Tool.) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.exe [194224] [PID.4548]
[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016] [PID.4580]
[MD5.13E7CFE8E269ED15E7FC9C3EBBCB7E2B] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696] [PID.4592]
[MD5.32F43BE36AAC4E10C88EC24B34770C0D] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392] [PID.4608]
[MD5.5666955DC9FD455A003D86A21E0483A9] - (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624] [PID.4620]
[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.4636]
[MD5.28FD28A29C637C9AFEFE0A26E27C6DFE] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe [91432] [PID.4656]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3528]
[MD5.610C487C47034E130BCC2E04760C1CFA] - (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.exe [18861224] [PID.4844]
[MD5.0DD74786D22EDFF0CE5B8E1B1E398618] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.6120]
[MD5.1D87BA213DB7AA939A5A78C726589911] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe [1862536] [PID.2300]
[MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8321024] [PID.5976]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1184]
[MD5.7C157574A181B19B9DCF5F339E25337E] - (.Pas de propriétaire - GFNEXSrv.) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208] [PID.1248]
[MD5.FE79366FECD444A16CCA9979134DBEA8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376] [PID.1432]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1700]
[MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376] [PID.1760]
[MD5.53DCA61931847E35C950504BFB7559C6] - (.HP - HP LaserJet Service.) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704] [PID.1840]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1440]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.932]
[MD5.3CAE2BBC86FCF7F94C9696994AF30386] - (.Pas de propriétaire - PassThruSvr Application.) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424] [PID.2168]
[MD5.5FA669007BD7874FBB70199211FFF64D] - (.Splashtop Inc. - Splashtop® Streamer Service.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [548264] [PID.2268]
[MD5.1CFA4A1F3C7BB4C8F299E00428EB8677] - (.Splashtop Inc. - Splashtop Software Updater Service.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [370504] [PID.2488] =>Adware.IncrediBar
[MD5.E5C796B621F6FBA8616511063D7F0FFE] - (.StarWind Software - StarWind iSCSI Target (Alcohol Edition).) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688] [PID.2516]
[MD5.C8B062FC7FA1E2E10A966AEED4A3D4AF] - (.PostgreSQL Global Development Group - pg_ctl - starts/stops/restarts the PostgreS.) -- C:\Yooda\SeeUrankFalcon\pgsql\bin\pg_ctl.exe [65536] [PID.1536]
[MD5.B2565283F36AB294EE46A20C4F30F422] - (.PostgreSQL Global Development Group - PostgreSQL Server.) -- C:\Yooda\SeeUrankFalcon\pgsql\bin\postgres.exe [3702784] [PID.3200]
[MD5.069E22DD49A1A962AEE3B7DCE2DC4A50] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe [178816] [PID.3236]
[MD5.D62088F1C4E7B3477AD2A5F8F5C6DEF3] - (.Pas de propriétaire - Atouch64.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe [301624] [PID.3288]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe [2488888] [PID.3840]
[MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe [113208] [PID.3900]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe [174648] [PID.3968]
[MD5.C0BF554D2277F7A4C735D475ADE2E3B2] - (.ASUSTek Computer Inc. - ADSMSrv.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280] [PID.1712]
[MD5.8CFCA7E2FD4B57C2BEF929C1C1A4C56E] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [271760] [PID.4404]
[MD5.BF3818B441955E4D438EC72F06F1FE61] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 11.0 (component).) -- D:\adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600] [PID.1488]
~ Processes Running: Scanned in 00mn 02s



---\\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1)
B0 - SPO: operaprefs.ini [jeff] Home URL=http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0Azy0Azy0BtAzy0EtCtDyDtN0D0Tzu0SyBtAtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1684037814&ir= =>Adware.MyWebSearch
B1 - OSP: search.ini [jeff] URL=http://start.mysearchdial.com/?f=4&q=%s =>Adware.MyWebSearch
~ Opera Browser: 2 Legitimates Filtered in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://start.mysearchdial.com =>Adware.MyWebSearch
G2 - GCE: Preference [User Data\Default] [pflphaooapbgpeakohlggbpidpppgdff] MySearchDial Nouvel onglet v.9.4.4 (Désactivé) =>Adware.MyWebSearch
~ Google Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\8c9egy24.default\prefs.js
C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\8c9egy24.default\user.js
C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\f4b29iws.default-1388592717388\prefs.js
C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\f4b29iws.default-1388592717388\user.js
M3 - MFPP: Plugins - [jeff] -- C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\8c9egy24.default\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch
M3 - MFPP: Plugins - [jeff] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\nationzoom.xml =>Hijacker.NationZoom
~ Firefox Browser: 33 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com =>Adware.MyWebSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com =>Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com =>Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com =>Hijacker.NationZoom
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://start.mysearchdial.com =>Adware.MyWebSearch
~ IE Browser: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421; =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{32099AAC-C132-4136-9E9A-4E364A424E17} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: MDCM.lnk . (.ICT Services - MDCM Application.) -- C:\ICT Services\MDCM\MDCM.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\Program [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\Program [Public]: SHOE.NET.lnk . (.DarkBls - Sexual Heaven On Earth .NET.) -- C:\Program Files (x86)\SHOE\shoedotnet.exe
O4 - GS\Desktop [yoodaSGBD]: AD-R.lnk . (...) -- C:\Program Files (x86)\Ad-Remover\main.exe
O4 - GS\QuickLaunch [jeff]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\QuickLaunch [jeff]: Video Surveillance sur Internet 2011.lnk . (...) -- C:\Vsi\Vsi.exe
O4 - GS\TaskBar [jeff]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\jeff\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [jeff]: MDCM.lnk . (.ICT Services - MDCM Application.) -- C:\ICT Services\MDCM\MDCM.exe
O4 - GS\TaskBar [jeff]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [jeff]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\Program [jeff]: WebPlayerV2.lnk . (...) -- C:\Users\jeff\AppData\Roaming\Microsoft\Installer\{F21ABA47-CE22-4B3D-8F47-8BF08C21C094}\_41AEE37AA709DB5DEA5006.exe
O4 - GS\SystemTools [jeff]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
~ Global Startup: 79 Legitimates Filtered in 00mn 05s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: SRS Premium Sound.lnk . (.Acresso Software Inc. - InstallShield.) -- C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
O4 - GS\Startup [jeff]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - GS\Startup [jeff]: Envoyer à OneNote.lnk . (.Microsoft Corporation - Send to OneNote Tool.) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [ETDWare] . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\jeff\AppData\Roaming\newnext.me\nengine.dll
O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl8] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [PDVD8LanguageShortcut] . (.CyberLink Corp. - PowerDVD Language Application.) -- C:\Program Files (x86)\ASUSTek\ASUSDVD 8\Language\Language.exe
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-521896939-2007487020-1374861470-1001\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\jeff\AppData\Roaming\newnext.me\nengine.dll
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C10242F-6E2D-43C8-A29A-579AA65EBC43}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{3992A7FC-C09D-4AE7-A302-2FA6617FC4DC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C201E9F2-998C-4C13-AF5D-CA6DD12E9FA5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C10242F-6E2D-43C8-A29A-579AA65EBC43}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{3992A7FC-C09D-4AE7-A302-2FA6617FC4DC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C201E9F2-998C-4C13-AF5D-CA6DD12E9FA5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C10242F-6E2D-43C8-A29A-579AA65EBC43}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{3992A7FC-C09D-4AE7-A302-2FA6617FC4DC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C201E9F2-998C-4C13-AF5D-CA6DD12E9FA5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Update Jump Flip (Update Jump Flip) . (...) - C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe (.not file.)
O23 - Service: SGBD Yooda SeeUrank (yoodaPG) . (.PostgreSQL Global Development Group - pg_ctl - starts/stops/restarts the PostgreS.) - C:\Yooda\SeeUrankFalcon\pgsql\bin\pg_ctl.exe
~ Services: 19 Legitimates Filtered in 00mn 14s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\MySearchDial.job [288] =>Adware.MyWebSearch
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [MySearchDial] (...) -- C:\Users\jeff\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Adware.MyWebSearch
[MD5.00000000000000000000000000000000] [APT] [{FA658DB6-D8CD-4E7E-B25C-47A829DE1414}] (...) -- D:\Grabit\ZHPDiag2(1).exe (.not file.) [0]
~ Scheduled Task: 29 Legitimates Filtered in 00mn 07s



---\\ Logiciels installés (O42)
O42 - Logiciel: Akamai NetSession Interface Service - (...) [HKLM][64Bits] -- Akamai
O42 - Logiciel: Core FTP LE - (...) [HKLM][64Bits] -- CoreFTP
O42 - Logiciel: Excel Compare 3.0.2 - (.Formula Software, Inc..) [HKLM][64Bits] -- Excel Compare_is1
O42 - Logiciel: Import iTrack - (.ITinSell.) [HKLM][64Bits] -- {E7AEAE6A-71E0-498B-AAC3-F039BC6111B8}
O42 - Logiciel: Motip Dupli Color Matic - (...) [HKLM][64Bits] -- {C3BB3193-11B0-4C57-8F41-C61B02A4393E}
O42 - Logiciel: WebPlayerV2 - (.Kreapixel.) [HKLM][64Bits] -- {F21ABA47-CE22-4B3D-8F47-8BF08C21C094} =>Adware.SocialSkinz
~ Logic: 18 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\0B57450053FA74E1C57A772676C57964]
[HKCU\Software\Cazitel]
[HKCU\Software\ICT Services]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Labeljoy5]
[HKCU\Software\LiveZilla]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Telintrans]
[HKCU\Software\Vivre Libre]
[HKCU\Software\YahooPartnerToolbar]
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon
[HKLM\Software\Wow6432Node\ICT Services]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Labeljoy5]
[HKLM\Software\Wow6432Node\Vittalia] =>PUP.Vittalia
[HKLM\Software\Wow6432Node\deskSvc]
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 455 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/12/2012 - 14:03:47 - [4,020] ----D C:\Program Files (x86)\Excel Compare
O43 - CFD: 21/03/2011 - 11:17:48 - [10,457] ----D C:\Program Files (x86)\ITinSell
O43 - CFD: 06/04/2010 - 21:21:55 - [23,966] ----D C:\Program Files (x86)\SHOE
O43 - CFD: 14/12/2013 - 08:40:19 - [0] ----D C:\Program Files (x86)\Common Files\337
O43 - CFD: 26/10/2012 - 11:20:07 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 14/12/2013 - 08:44:30 - [0] ----D C:\ProgramData\RHelpers =>PUP.SearchDonkey
O43 - CFD: 13/12/2013 - 22:34:52 - [0,153] ----D C:\ProgramData\TubeDimmer =>PUP.TubeDimmer
O43 - CFD: 14/12/2013 - 08:44:29 - [1,213] ----D C:\ProgramData\Updater =>PUP.CrossRider
O43 - CFD: 13/12/2013 - 22:23:25 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 06/04/2010 - 21:22:28 - [0,023] ----D C:\Users\jeff\AppData\Roaming\DarkBls
O43 - CFD: 05/08/2010 - 07:49:49 - [0,008] ----D C:\Users\jeff\AppData\Roaming\Fax Free
O43 - CFD: 09/01/2014 - 08:45:58 - [1,228] ----D C:\Users\jeff\AppData\Roaming\newnext.me
O43 - CFD: 01/01/2014 - 17:11:47 - [1,224] ----D C:\Users\jeff\AppData\Local\genienext
O43 - CFD: 26/05/2012 - 15:18:01 - [9,088] ----D C:\Users\jeff\AppData\Local\{0F9E2902-4A0B-4941-8FE3-6EC24F0054A6}
O43 - CFD: 16/12/2013 - 10:26:24 - [34,406] ----D C:\Users\jeff\AppData\Local\{62043314-B102-4874-9E29-1477B9F510E3}
O43 - CFD: 01/01/2014 - 18:42:01 - [0,003] ----D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
O43 - CFD: 18/12/2009 - 22:47:57 - [0,017] ----D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gravure
O43 - CFD: 21/03/2011 - 11:17:49 - [0,003] ----D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ITinSell
O43 - CFD: 23/03/2011 - 21:58:50 - [0,001] ----D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Surveillance sur Internet 2011
O43 - CFD: 18/12/2009 - 22:47:01 - [0,002] R---D C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Web
~ Program Folder: 305 Legitimates Filtered in 01mn 01s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Labeljoy 5\LotoUpdate.exe" [Enabled] .(...) -- C:\Program Files (x86)\Labeljoy 5\LotoUpdate.exe (.not file.)
~ Keys Export: 1 Legitimates Filtered in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{04cecd91-ec8c-11de-8acc-90e6ba9a9b39}\AutoRun\command. (...) -- G:\SETUP.exe (.not file.)
O51 - MPSK:{28cd253d-3118-11e0-9438-90729267f82e}\AutoRun\command. (...) -- F:\SFR.exe (.not file.)
O51 - MPSK:{28cd2542-3118-11e0-9438-90729267f82e}\AutoRun\command. (...) -- F:\SFR.exe (.not file.)
O51 - MPSK:{2a0b6803-c83f-11e0-a102-8accfad35396}\AutoRun\command. (...) -- G:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{33d4c4ee-c56f-11df-a527-806e6f6e6963}\AutoRun\command. (...) -- G:\WD SmartWare.exe (.not file.)
O51 - MPSK:{43dd1584-a6fc-11df-bc45-d40ee5d0d83f}\AutoRun\command. (...) -- F:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{4fd7274d-3117-11e0-823f-8237301c9b29}\AutoRun\command. (...) -- F:\SFR.exe (.not file.)
O51 - MPSK:{7c553a80-0807-11e3-a984-d9e882c23c32}\AutoRun\command. (...) -- F:\HTC_Sync_Manager_PC.exe (.not file.)
O51 - MPSK:{840c448e-3e81-11df-8188-806e6f6e6963}\AutoRun\command. (...) -- F:\WD SmartWare.exe (.not file.)
O51 - MPSK:{ae3f9fe4-3bae-11e3-ac6d-8d32dffc9139}\AutoRun\command. (...) -- G:\HTC_Sync_Manager_PC.exe (.not file.)
O51 - MPSK:{d449aece-3131-11e0-bbf8-e21e6185412e}\AutoRun\command. (...) -- F:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{e9cfed22-ad76-11e2-974d-9deb300e9e3d}\AutoRun\command. (...) -- F:\HTC_Sync_Manager_PC.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\IndexSearch [Key] . (...) -- C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\PaperPort PTD [Key] . (...) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (.not file.)
~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.1299D1EA00B7A4BF69C5869DCA31E0F6] - 09/07/2009 - 04:11:41 ---A- . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Windows\System32\Drivers\ETD.sys [140800]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.B8B1B284362E1D8135112573395D5DA5] - 25/06/2010 - 16:08:10 ---A- . (.Windows (R) Win 7 DDK provider - RawPacket NDIS Protocol Driver.) -- C:\Windows\System32\Drivers\htcnprot.sys [36928]
O58 - SDL:[MD5.E63EF8C3271D014F14E2469CE75FECB4] - 20/07/2009 - 10:29:39 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416]
O58 - SDL:[MD5.19D8F6FF8344C47872BA351D04A190DD] - 05/06/2009 - 11:15:55 ---A- . (.Pas de propriétaire - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [42176]
O58 - SDL:[MD5.1D8474722CDFFBB8FCA5FA12C50A05A2] - 05/06/2009 - 11:15:55 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [1806400]
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/03/1747 - 19:43:41 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [513080]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.AA33FC47ED58C34E6E9261E4F850B7EB] - 02/08/2011 - 17:38:56 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [51712]
~ Drivers: 16 Legitimates Filtered in 00mn 52s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 07/01/2014 - 09:06:55 ---A- . (...) -- C:\Users\jeff\Downloads\Télécharger(1).xls [96824]
O61 - LFC: 07/01/2014 - 09:06:55 ---A- . (...) -- C:\Users\jeff\Downloads\Télécharger.txt [96824]
O61 - LFC: 08/01/2014 - 09:03:42 ---A- . (...) -- C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [265850]
O61 - LFC: 08/01/2014 - 09:03:42 ---A- . (...) -- C:\Users\jeff\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 08/01/2014 - 09:03:51 ---A- . (...) -- C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Local State [61508]
O61 - LFC: 09/01/2014 - 09:06:49 ---A- . (...) -- C:\Users\jeff\AppData\Roaming\newnext.me\nengine.cookie [3072]
O61 - LFC: 09/01/2014 - 09:06:53 ---A- . (...) -- C:\Users\jeff\AppData\Roaming\ZHP\Log.txt [20233] =>.Nicolas Coolman
O61 - LFC: 09/01/2014 - 09:06:53 ---A- . (...) -- C:\Users\jeff\AppData\Roaming\ZHP\TestsZHPDiag.txt [2824] =>.Nicolas Coolman
~ Files: 180 Legitimates Filtered in 04mn 37s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- firefox.exe (.not file.)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Opera\Opera.exe" http://www.nationzoom.com =>Hijacker.NationZoom
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [jeff - 8c9egy24.default] user_pref("CT2504091.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}"); =>Toolbar.Conduit
O69 - SBI: prefs.js [jeff - 8c9egy24.default] user_pref("browser.search.defaultenginename", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {23977A9E-5DE5-493A-A8D9-F47BA76272C1} - (Yahoo! Search) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} - (DAEMON Search) - http://www.daemon-search.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][10/09/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.8BA0EDFBE187B52474EF758298F9AA7A] [SPRF][04/02/2013] (...) -- C:\Users\jeff\AppData\Local\Temp\25829-656346-openoffice.exe [125646514]
[MD5.91FAF88F3A51941716E21C1805A8E4FA] [SPRF][03/02/2013] (...) -- C:\Users\jeff\AppData\Local\Temp\instloffer.exe [168728]
[MD5.15E2AA2681030495491429093868D3E3] [SPRF][21/12/2012] (.Formula Software, Inc. - Excel Compare Setup.) -- C:\Users\jeff\AppData\Local\Temp\TomsDownloader1B15175.exe [3588004]
[MD5.8AAACB78440610AB2FF1349AC18EE25A] [SPRF][06/04/2011] (...) -- C:\Users\jeff\AppData\Roaming\jefflog.dat [1949]
~ Files: 8 Legitimates Filtered in 00mn 10s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{75783F3A-DF5B-4EB5-ACA4-D8FE62B54664}C:\yooda\seeurankfalcon\bin\seeurank_back.exe" | In - Private - P6 - TRUE | .(...) -- C:\yooda\seeurankfalcon\bin\seeurank_back.exe
O87 - FAEL: "UDP Query User{87535CAF-F2BB-4797-99DB-9DFE29EEBC54}C:\yooda\seeurankfalcon\bin\seeurank_back.exe" | In - Private - P17 - TRUE | .(...) -- C:\yooda\seeurankfalcon\bin\seeurank_back.exe
O87 - FAEL: "TCP Query User{95AE316F-6AFB-467B-A6D8-1164829E004A}C:\yooda\seeurankfalcon\seeurank4.exe" | In - Private - P6 - TRUE | .(...) -- C:\yooda\seeurankfalcon\seeurank4.exe
O87 - FAEL: "UDP Query User{BECD754D-46A1-42E0-ABC2-3B69A4E439B9}C:\yooda\seeurankfalcon\seeurank4.exe" | In - Private - P17 - TRUE | .(...) -- C:\yooda\seeurankfalcon\seeurank4.exe
O87 - FAEL: "TCP Query User{42D2B968-DB95-4414-AA86-7E97672821C6}C:\yooda\seeurankfalcon\bin\seeurank_back.exe" | In - Public - P6 - TRUE | .(...) -- C:\yooda\seeurankfalcon\bin\seeurank_back.exe
O87 - FAEL: "UDP Query User{536465AE-FA0B-4CF4-BEDF-B3CC759A50AE}C:\yooda\seeurankfalcon\bin\seeurank_back.exe" | In - Public - P17 - TRUE | .(...) -- C:\yooda\seeurankfalcon\bin\seeurank_back.exe
O87 - FAEL: "TCP Query User{CD7FEC4F-A4B7-42DE-96D3-BA320B14AF89}C:\yooda\seeurankfalcon\seeurank4.exe" | In - Public - P6 - TRUE | .(...) -- C:\yooda\seeurankfalcon\seeurank4.exe
O87 - FAEL: "UDP Query User{79A09F59-E671-4A4D-A242-0FA9931CCE9C}C:\yooda\seeurankfalcon\seeurank4.exe" | In - Public - P17 - TRUE | .(...) -- C:\yooda\seeurankfalcon\seeurank4.exe
~ Firewall: 270 Legitimates Filtered in 00mn 02s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\0B57450053FA74E1C57A772676C57964]:FRun="0"
[HKCU\Software\0B57450053FA74E1C57A772676C57964]:O`ld="Houdsodu!Rdbtshux"
[HKCU\Software\0B57450053FA74E1C57A772676C57964]:Q`ui="B;]Trdsr]kdgg]@qqE`u`]Sn`lhof]hrdbtshux/dyd"
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.E4B10C291DFAD14F560D72D8DFE8D1A4] [WIS][04/10/2005] (.Aldeis - Installation Yooda Map.) -- C:\Windows\Installer\267043.msi [471688]
[MD5.FC138273F6DA1BCE4B7A837C6858DEC6] [WIS][20/05/2013] (.Google, Inc. - Google Apps Migration For Microsoft Outlook® lets you migrate E.) -- C:\Windows\Installer\44af2f.msi [28712960]
[MD5.64858D6205D7146A050DAFE53B970320] [WIS][16/09/2013] (.Google, Inc. - Google Apps Sync™ for Microsoft Outlook® lets you use GMail, Go.) -- C:\Windows\Installer\64f755.msi [52065280]
[MD5.5A381D88FEF1C4D00F056C514A74ED0E] [WIS][23/12/2013] (.Google - Google+ Auto Backup.) -- C:\Windows\Installer\78bbe4.msi [3088384]
~ WIS: 237 Legitimates Filtered in 00mn 48s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 19/12/2009 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Demand 11/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 19/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Demand 05/06/2012 266240 | (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files (x86)\Browny02\BrYNSvc.exe
SS - | Auto 16/12/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 16/12/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 06/09/2013 288776 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
SS - | Demand 12/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/07/1658 0 | (Update Jump Flip) . (...) - C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 17/09/2012 171600 | (AdobeActiveFileMonitor11.0) . (.Adobe Systems Incorporated.) - D:\adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Demand 31/03/2008 225280 | (ADSMService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
SR - | Auto 17/09/2009 359552 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 14/07/2009 27136 | c:\program files (x86)\common files\akamai\netsession_win_8fa3539.dll (Akamai) . (.Akamai Technologies, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 19/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 29/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 08/08/2007 94208 | (ATKGFNEXSrv) . (...) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 24/06/2009 136704 | (HP LaserJet Service) . (.HP.) - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
SR - | Auto 07/04/2010 127800 | (HPSIService) . (.HP.) - C:\Windows\system32\HPSIsvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 15/08/2009 382496 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 15/09/2009 44312 | (OberonGameConsoleService) . (...) - C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
SR - | Auto 07/12/2012 167424 | (PassThru Service) . (...) - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
SR - | Demand 15/04/2009 271760 | (RichVideo) . (...) - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 15/06/2012 548264 | (SplashtopRemoteService) . (.Splashtop Inc..) - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
SR - | Auto 15/03/2012 370504 | (SSUService) . (.Splashtop Inc..) - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
SR - | Auto 23/12/2009 370688 | (StarWindServiceAE) . (.StarWind Software.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 04/10/2010 65536 | (yoodaPG) . (.PostgreSQL Global Development Group.) - C:\Yooda\SeeUrankFalcon\pgsql\bin\pg_ctl.exe

~ Services: Scanned in 00mn 52s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by jeff at 09/01/2014 09:12:22
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by jeff at 09/01/2014 09:12:24

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/03/1747 - 19:43:41 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [513080]
~ Emulateurs: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13018 - (02/01/2014)
Clés trouvées (Keys found) : 50
Valeurs trouvées (Values found) : 8
Dossiers trouvés (Folders found) : 11
Fichiers trouvés (Files found) : 6

[HKLM\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F21ABA47-CE22-4B3D-8F47-8BF08C21C094}] =>Adware.SocialSkinz^
[HKLM\Software\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a1b5397-2a80-4f7d-af70-327d9e2103c6}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4a1b5397-2a80-4f7d-af70-327d9e2103c6}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{db885111-f39f-4d88-9ee5-c88460b6df7b}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASMANCS] =>PUP.OfferBox
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}] =>Toolbar.ToolBand
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
[HKLM\Software\Wow6432Node\SoftwareUpdater] =>Hijacker.Eazel
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject.1] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender.1] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.BrowserHelperObject] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.BrowserHelperObject.1] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ScriptExtender] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\IminentWebBooster.ScriptExtender.1] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{32099aac-c132-4136-9e9a-4e364a424e17} =>Toolbar.DaemonTools
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{32099aac-c132-4136-9e9a-4e364a424e17} =>Toolbar.DaemonTools
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster
C:\Users\jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff =>Adware.MyWebSearch^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\RHelpers =>PUP.SearchDonkey^
C:\ProgramData\TubeDimmer =>PUP.TubeDimmer^
C:\ProgramData\Updater =>PUP.CrossRider^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Program Files (x86)\Webplayer setup =>Adware.SocialSkinz
C:\Program Files (x86)\Common Files\337 =>Hijacker.22find
C:\Users\jeff\AppData\Roaming\WebPlayerBdd =>Adware.SocialSkinz
C:\Users\jeff\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\jeff\AppData\LocalLow\WebplayerToolbar =>Toolbar.Webplayer
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe =>Adware.IncrediBar^
C:\Windows\Tasks\MySearchDial.job =>Adware.MyWebSearch^
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^
[HKLM\Software\Wow6432Node\Vittalia] =>PUP.Vittalia^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Users\jeff\AppData\Local\Temp\instloffer.exe =>PUP.OfferBox
~ Additionnel Scan: 381137 Items scanned in 00mn 49s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/38126906-hijacker-nationzoom =>Hijacker.NationZoom
~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/35115580-pup-vittalia =>PUP.Vittalia
~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blog/show/38839825-pup-searchdonkey =>PUP.SearchDonkey
~ http://nicolascoolman.webs.com/apps/blog/show/37242682-pup-tubedimmer =>PUP.TubeDimmer
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software =>PUP.V9Software
~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong
~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ MSI: 21 link(s) detected in 00mn 49s



~ 1755 Legitimates filtered by white list
End of the scan (704 lines in 13mn 58s)(0)

Publicité

Signaler le contenu de ce document

Publicité