cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.4.17.39 - Nicolas Coolman (17/04/2015)
~ Lancé par splendid univers (19/04/2015 18:30:54)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 37.0.1 (Defaut)
GCIE: Google Chrome v42.0.2311.90

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK

---\\ Logiciels de protection du système
Windows Defender W7 (Activate)

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 17 NPAPI

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1906 MB (13% free)
System Restore: Activé (Enable)
System drive C: has 33 GB (31%) free of 103 GB

---\\ Mode de connexion au système
~ Computer Name: SPLENDIDUNIVERS
~ User Name: splendid univers
~ All Users Names: splendid univers, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\splendid univers\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\splendid univers\AppData\Roaming\
~ %Desktop% : C:\Users\splendid univers\Desktop\
~ %Favorites% : C:\Users\splendid univers\Favorites\
~ %LocalAppData% : C:\Users\splendid univers\AppData\Local\
~ %StartMenu% : C:\Users\splendid univers\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 33 Go of 103 Go)
D: Hard drive, Flash drive, Thumb drive (Free 42 Go of 195 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowPrinters: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.3A827FCB4682700CF199B78DEADFE0F0] - (.Microsoft Corporation - Explorateur Windows.) (.16/03/2010 - 08:17:20.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C8ADAA6948993D839D14524847EA5B75] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/11/2013 - 21:02:07.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.16/03/2010 - 08:17:20.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 00:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F1B6AA08497EA86CA6EF6F7A08B0BFB8] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/04/2010 - 14:04:07.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 0/11
~ Mes Documents (My Documents) : 1/2
~ Mon Bureau (My Desktop) : 2/40
~ Menu demarrer (Programs) : 0/32
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.7139E7EEA74966995148B16B8559819D] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [138008] [PID.352]
[MD5.356A26CB1A7FA81BE22CDDBE77067B76] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171288] [PID.396]
[MD5.57EE515BD3E9C76EDD7D4414C95104A5] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [172824] [PID.528]
[MD5.E7FF908CAC792A6DB16F2D4BB775FC95] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920] [PID.1060]
[MD5.DE32A4D2B4CB6ADD8FFE74856B64946C] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1546856] [PID.1924]
[MD5.77590CE0CDEB6BBEE8DC056FEA0B107C] - (.SearchProtect - CmdShell.exe.) -- C:\Program Files\XTab\cmdshell.exe [48304] [PID.2280] =>PUP.SearchProtect
[MD5.1606CBD0193E93952CD4EACDC9229651] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744] [PID.2992]
[MD5.C44031488DED58FCE58E5D94BC345D30] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424] [PID.3212]
[MD5.475A2BC64E0FF011C8C9AFC418E8E40D] - (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files\Supercopier\supercopier.exe [178688] [PID.3232]
[MD5.16F1D5CF6465FCA139FA289648B349EE] - (.Nokia - Nokia PC Internet Access.) -- C:\Program Files\Nokia\PC Internet Access\NPCIA.exe [663552] [PID.3464]
[MD5.10AA923C7622D57C3D4B1D9A4EAF14BC] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [31344744] [PID.3476]
[MD5.2481529EC3A9A030481545B70B119CCB] - (.Nokia - Nokia Suite.) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448] [PID.3496]
[MD5.58FBD16C4BB84D9F69C25F30DAA4CE31] - (.Nokia - Microsoft Bluetooth Media Server.) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe [158032] [PID.3124]
[MD5.C04D8BC933470B3913E4E3E6C3115793] - (.XTab system - SupHPNot.exe.) -- C:\Program Files\XTab\HPNotify.exe [673968] [PID.4208]
[MD5.C830F4E9E1C93EDDADB6929D2CFEDC85] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [530816] [PID.4336]
[MD5.7CFD590987D2BB33D5D56D98093D2E76] - (.Adobe Systems Incorporated - Adobe Updater.) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe [2521464] [PID.1628]
[MD5.BB69268B5F4277A1CFC36A237E27FD87] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [376944] [PID.5692]
[MD5.831F8FAE0BFFCF8BA05082E5C5DB8CB3] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [267888] [PID.5304]
[MD5.66F6B3894132CC3D347CB85FBAE48D57] - (.Adobe Systems, Inc. - Adobe Flash Player 17.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe [1892528] [PID.3716]
[MD5.62A3B7A12578B3B595253342B982BDA7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8198144] [PID.4380]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\splendid univers\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 7 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\splendid univers\AppData\Roaming\Mozilla\Firefox\Profiles\azynzyii.default\prefs.js
C:\Users\splendid univers\AppData\Roaming\Mozilla\Firefox\Profiles\azynzyii.default\user.js
M3 - MFPP: Plugins - [splendid univers] -- C:\Users\splendid univers\AppData\Roaming\Mozilla\Firefox\Profiles\azynzyii.default\searchplugins\ask-web-search.xml
M3 - MFPP: Plugins - [splendid univers] -- C:\Users\splendid univers\AppData\Roaming\Mozilla\Firefox\Profiles\azynzyii.default\searchplugins\key-find.xml =>Hijacker.Hijacker.KeyFind
M2 - MFEP: prefs.js [splendid univers - azynzyii.default\abs@avira.com] [] Segurança do navegador Avira v1.4.6 (..)
M2 - MFEP: prefs.js [splendid univers - azynzyii.default\faststartff@gmail.com] [] Fast Start v1.4.6 (..) =>PUP.FastStart
M2 - MFEP: prefs.js [splendid univers - azynzyii.default\fftoolbar2014@etech.com] [] FF Toolbar v1.0.0.1025 (..) =>Adware.FFToolBar
M2 - MFEP: prefs.js [splendid univers - azynzyii.default\searchengine@gmail.com] [] Search Enginer v1.0.0.1027 (..) =>PUP.SearchEngine
P2 - FPN: [HKLM] [@nokia.com/EnablerPlugin] - (.Pas de propriétaire - Nokia Suite Enabler Plugin.) -- C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
P2 - FPN: [HKLM] [@t-immersion.com/DFusionHomeWebPlugIn] - (.Total Immersion - D'Fusion @Home Web Plug-In (3.10.17859.0).) -- C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
~ Firefox Browser: 25 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com =>Hijacker.Hijacker.KeyFind
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com =>Hijacker.Hijacker.KeyFind
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com =>Hijacker.Hijacker.KeyFind
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com =>Hijacker.Hijacker.KeyFind
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files\XTab\SupTab.dll =>PUP.SupTab
~ BHO: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{5347542D-5637-006A-76A7-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: YTD Video Downloader.lnk . (.GreenTree Applications SRL - YTD Video Downloader.) -- C:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe =>PUP.GreenTreeApp
~ Global Startup: 1 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [NBKeyScan] . (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
O4 - HKLM\..\Run: [tdzmnrhfku] \B C:\ProgramData\tdzmnrhfku..vbs (.not file.)
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [WebcamMaxAutoRun] . (.CoolwareMax - WebcamMax.) -- C:\Program Files\WebcamMax\WebcamMax.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
O4 - HKCU\..\Run: [ultracopier] . (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files\Supercopier\supercopier.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\splendid univers\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\splendid univers\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [NokiaPCInternetAccess] . (.Nokia - Nokia PC Internet Access.) -- C:\Program Files\Nokia\PC Internet Access\NPCIA.exe
O4 - HKCU\..\Run: [iLivid] C:\Users\splendid univers\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [tdzmnrhfku] \B C:\ProgramData\tdzmnrhfku..vbs (.not file.)
O4 - HKCU\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKCU\..\Run: [Viber] C:\Users\splendid univers\AppData\Local\Viber\Viber.exe (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-849525796-146659326-278252309-1000\..\Run: [WebcamMaxAutoRun] . (.CoolwareMax - WebcamMax.) -- C:\Program Files\WebcamMax\WebcamMax.exe
O4 - HKUS\S-1-5-21-849525796-146659326-278252309-1000\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
O4 - HKUS\S-1-5-21-849525796-146659326-278252309-1000\..\Run: [ultracopier] . (.ultracopier.first-world.info - Supercopier under GPL3.) -- C:\Program Files\Supercopier\supercopier.exe
O4 - HKUS\S-1-5-21-849525796-146659326-278252309-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\splendid univers\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-849525796-146659326-278252309-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\splendid univers\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-849525796-146659326-278252309-1000\..\Run: [NokiaPCInternetAccess] . (.Nokia - Nokia PC Internet Access.) -- C:\Program Files\Nokia\PC Internet Access\NPCIA.exe
O4 - HKUS\S-1-5-21-849525796-146659326-278252309-1000\..\Run: [iLivid] C:\Users\splendid univers\AppData\Local\iLivid\iLivid.exe (.not file.) =>Adware.Bandoo
O4 - HKUS\S-1-5-21-849525796-146659326-278252309-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-849525796-146659326-278252309-1000\..\Run: [tdzmnrhfku] \B C:\ProgramData\tdzmnrhfku..vbs (.not file.)
O4 - HKUS\S-1-5-21-849525796-146659326-278252309-1000\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKUS\S-1-5-21-849525796-146659326-278252309-1000\..\Run: [Viber] C:\Users\splendid univers\AppData\Local\Viber\Viber.exe (.not file.)
~ Application: Scanned in 00mn 02s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED8488CC-19DC-40FE-B4D4-AC26B1D3EE80}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED8488CC-19DC-40FE-B4D4-AC26B1D3EE80}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{ED8488CC-19DC-40FE-B4D4-AC26B1D3EE80}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: DefaultTabUpdate (DefaultTabUpdate) . (...) - C:\Users\splendid univers\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe =>Adware.Bandoo
O23 - Service: Flexlm Service 1 (Flexlm Service 1) . (.Acresso Software Inc. - Pas de description.) - C:\SIMULIA\License\lmgrd.exe
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files\XTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: SettingsGuard (SettingsGuard) . (...) - C:\Users\splendid univers\AppData\Roaming\SettingsGuard\updater.exe
~ Services: 8 Legitimates Filtered in 00mn 03s



---\\ Clés Session Manager (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x64) . (...) -- c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll (Not file) =>PUP.MoviesToolbar
~ Keys: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [251724b4-67d8-4ba7-bddc-fb697152dd97-1] (...) -- C:\Program Files\SuperPlusRadio v2.1\SuperPlusRadio v2.1-codedownloader.exe (.not file.) [0] =>PUP.SuperPlusRadio
[MD5.00000000000000000000000000000000] [APT] [251724b4-67d8-4ba7-bddc-fb697152dd97-4] (...) -- C:\Program Files\SuperPlusRadio v2.1\251724b4-67d8-4ba7-bddc-fb697152dd97-4.exe (.not file.) [0] =>PUP.SuperPlusRadio
[MD5.00000000000000000000000000000000] [APT] [251724b4-67d8-4ba7-bddc-fb697152dd97-6] (...) -- C:\Program Files\SuperPlusRadio v2.1\251724b4-67d8-4ba7-bddc-fb697152dd97-6.exe (.not file.) [0] =>PUP.SuperPlusRadio
[MD5.00000000000000000000000000000000] [APT] [251724b4-67d8-4ba7-bddc-fb697152dd97-7] (...) -- C:\Program Files\SuperPlusRadio v2.1\251724b4-67d8-4ba7-bddc-fb697152dd97-7.exe (.not file.) [0] =>PUP.SuperPlusRadio
[MD5.00000000000000000000000000000000] [APT] [DTReg] (...) -- C:\Users\splendid univers\AppData\Roaming\defaulttab\defaulttab\DTReg.exe (.not file.) [0] =>Adware.Bandoo
[MD5.00000000000000000000000000000000] [APT] [PC Performer Daily Check] (...) -- C:\Program Files\PC Performer\PSCheckUp.exe (.not file.) [0] =>PUP.PCPerformer
[MD5.00000000000000000000000000000000] [APT] [PC Performer Logon Scan] (...) -- C:\Program Files\PC Performer\PCPerformer.exe (.not file.) [0] =>PUP.PCPerformer
[MD5.00000000000000000000000000000000] [APT] [PC Performer Scheduled Scan] (...) -- C:\Program Files\PC Performer\PCPerformer.exe (.not file.) [0] =>PUP.PCPerformer
[MD5.00000000000000000000000000000000] [APT] [{1775BE24-361D-40CC-8757-D599DC0A9386}] (...) -- H:\SetupOviPlayer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6C76EADA-7E1D-4414-BF16-84B2993D3DEC}] (...) -- C:\Users\splendid univers\Desktop\Nokia_PC_Suite_ALL.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{876B662C-5DA7-44B8-B673-93736D495437}] (...) -- C:\Program Files\Avira\AntiVir Desktop\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D4DFC8DE-D0E7-43C5-85A4-30A04A97F528}] (...) -- C:\Users\splendid univers\Desktop\sonelgaz\avast\vpsupd4.exe (.not file.) [0]
O39 - APT: 251724b4-67d8-4ba7-bddc-fb697152dd97-1 - (...) -- C:\Windows\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-1.job [3132] =>PUP.CrossRider
O39 - APT: 251724b4-67d8-4ba7-bddc-fb697152dd97-1 - (...) -- C:\Windows\System32\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-1 [3132] =>PUP.CrossRider
O39 - APT: 251724b4-67d8-4ba7-bddc-fb697152dd97-4 - (...) -- C:\Windows\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-4.job [4500] =>PUP.CrossRider
O39 - APT: 251724b4-67d8-4ba7-bddc-fb697152dd97-4 - (...) -- C:\Windows\System32\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-4 [4500] =>PUP.CrossRider
O39 - APT: 251724b4-67d8-4ba7-bddc-fb697152dd97-6 - (...) -- C:\Windows\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-6.job [5524] =>PUP.CrossRider
O39 - APT: 251724b4-67d8-4ba7-bddc-fb697152dd97-6 - (...) -- C:\Windows\System32\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-6 [5524] =>PUP.CrossRider
O39 - APT: 251724b4-67d8-4ba7-bddc-fb697152dd97-7 - (...) -- C:\Windows\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-7.job [5188] =>PUP.CrossRider
O39 - APT: 251724b4-67d8-4ba7-bddc-fb697152dd97-7 - (...) -- C:\Windows\System32\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-7 [5188] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-849525796-146659326-278252309-1000Core [950]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-849525796-146659326-278252309-1000UA [972]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-849525796-146659326-278252309-1000Core [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-849525796-146659326-278252309-1000UA [1122]
~ Scheduled Task: 39 Legitimates Filtered in 00mn 07s



---\\ Logiciels installés (O42)
O42 - Logiciel: SettingsGuard - (.SmartCyberTechnology.) [HKLM] -- SettingsGuardService
~ Logic: 2 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\Default Tab] =>Adware.Bandoo
[HKCU\Software\DefaultTab] =>Adware.Bandoo
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKCU\Software\Popajar] =>Toolbar.Conduit
[HKCU\Software\ProductSetup] =>Adware.InstallCore
[HKCU\Software\SmileysWeLove] =>Adware.SmileyBar
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SuperPlusRadio v2.1-nv] =>PUP.SuperPlusRadio
[HKCU\Software\SuperPlusRadio v2.1] =>PUP.SuperPlusRadio
[HKCU\Software\iLivid] =>Adware.Bandoo
[HKLM\Software\Default Tab] =>Adware.Bandoo
[HKLM\Software\DefaultTab] =>Adware.Bandoo
[HKLM\Software\InstalledBrowserExtensions] =>PUP.BrowserExtensions
[HKLM\Software\SiteFinder] =>Adware.ShoppingReport
[HKLM\Software\SupDp] =>PUP.SupTab
[HKLM\Software\SuperPlusRadio v2.1-nv] =>PUP.SuperPlusRadio
[HKLM\Software\SuperPlusRadio v2.1] =>PUP.SuperPlusRadio
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\WanDrv]
[HKLM\Software\supTab] =>PUP.SupTab
[HKLM\Software\tdzmnrhfku]
~ Key Software: 157 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/01/2015 - 17:56:21 - [0] ----D C:\Program Files\ccbb3e89-3a64-46b3-b29b-48d9bd2e46c5
O43 - CFD: 18/04/2015 - 14:02:39 - [] ----D C:\Program Files\CMAK
O43 - CFD: 17/04/2015 - 13:02:29 - [] ----D C:\Program Files\dlsecuretb
O43 - CFD: 03/08/2013 - 14:54:51 - [] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 22/02/2015 - 17:37:05 - [] ----D C:\Program Files\RelevantKnowledge =>Adware.RelevantKnowledge
O43 - CFD: 02/06/2014 - 21:40:01 - [0] ----D C:\Program Files\SiteLookup =>PUP.SiteLookup
O43 - CFD: 22/02/2015 - 17:37:04 - [] ----D C:\Program Files\SuperPlusRadio v2.1 =>PUP.SuperPlusRadio
O43 - CFD: 31/07/2013 - 11:35:59 - [] ----D C:\Program Files\Windows GT
O43 - CFD: 25/02/2015 - 21:33:56 - [] ----D C:\Program Files\XTab
O43 - CFD: 20/08/2013 - 22:01:08 - [] ----D C:\ProgramData\APN
O43 - CFD: 26/09/2013 - 20:10:14 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 27/01/2015 - 17:49:35 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 27/03/2010 - 13:18:48 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibilité
O43 - CFD: 27/03/2010 - 13:18:48 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dépannage
O43 - CFD: 27/03/2010 - 13:18:48 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Menu de connexion
O43 - CFD: 27/03/2010 - 13:18:48 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes Windows
O43 - CFD: 15/08/2014 - 16:07:27 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge =>Adware.RelevantKnowledge
O43 - CFD: 27/03/2010 - 13:18:48 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Réseau
O43 - CFD: 14/07/2009 - 09:46:52 - [] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 31/07/2013 - 11:36:02 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools_GT
O43 - CFD: 31/07/2013 - 11:36:03 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows GT
O43 - CFD: 22/11/2013 - 21:49:07 - [] ----D C:\Users\splendid univers\AppData\Roaming\DamnVid
O43 - CFD: 22/11/2013 - 21:26:51 - [] ----D C:\Users\splendid univers\AppData\Roaming\defaulttab =>Adware.Bandoo
O43 - CFD: 25/02/2015 - 21:26:29 - [] ----D C:\Users\splendid univers\AppData\Roaming\key-find =>Hijacker.Hijacker.KeyFind
O43 - CFD: 01/02/2014 - 22:44:23 - [] ----D C:\Users\splendid univers\AppData\Roaming\Movdap =>Adware.WebCake
O43 - CFD: 12/03/2015 - 21:49:02 - [] ----D C:\Users\splendid univers\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 29/10/2014 - 12:29:35 - [] ----D C:\Users\splendid univers\AppData\Roaming\RHEng =>PUP.Conduit
O43 - CFD: 03/04/2015 - 13:01:04 - [] ----D C:\Users\splendid univers\AppData\Roaming\SettingsGuard
O43 - CFD: 02/06/2014 - 21:39:40 - [0] ----D C:\Users\splendid univers\AppData\Roaming\SimilarSites
O43 - CFD: 03/04/2015 - 13:03:40 - [] ----D C:\Users\splendid univers\AppData\Roaming\UnknownFile
O43 - CFD: 03/04/2015 - 13:06:08 - [] ----D C:\Users\splendid univers\AppData\Local\CodecPerformer =>PUP.CodecPerformer
~ Program Folder: 217 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 05/04/2015 - 21:37:58 ---A- . (...) -- C:\Windows\NeroDigital.ini [69]
O44 - LFC:[MD5.72AA643C526DDB882B7DA9394947DF16] - 18/04/2015 - 14:02:31 ---A- . (...) -- C:\Windows\System32\termcap [862]
O44 - LFC:[MD5.5B8CF8F0C336068D2C118FD94BE6C30E] - 18/04/2015 - 14:03:33 ---A- . (...) -- C:\Windows\iis7.log [40616]
~ Files: 13 Legitimates Filtered in 00mn 04s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export DP - "C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpid.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpid.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpirun.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpirun.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpidiag.exe" [Enabled] .(...) -- C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpidiag.exe (.not file.)
O47 - AAKE:Key Export DP - "C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpisrvutil.exe" [Enabled] .(...) -- C:\Program Files\Hewlett-Packard\HP-MPI\bin\mpisrvutil.exe (.not file.)
~ Keys Export: 4 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe =>Trojan.Staser
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe =>PUP.SearchProtect
O50 - IFEO:Image File Execution Options - searchsettings.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - searchsettings64.exe - tasklist.exe =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe =>PUP.JumpFlip
~ IFEO: Scanned in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{54a1cd2a-5209-11e3-9ae2-4cedde702382}\AutoRun\command. (...) -- G:\NokiaPCIA_Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsHistory"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMHelp"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [691696]
O58 - SDL:14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 70 Legitimates Filtered in 00mn 12s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 14/04/2015 - 18:31:47 ---A- . (...) -- C:\Users\splendid univers\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\42.0.2311.90\42.0.2311.90_41.0.2272.118_chrome_updater.exe [11017296]
O61 - LFC: 14/04/2015 - 18:31:48 ---A- . (...) -- C:\Users\splendid univers\AppData\Local\Google\Update\Install\{F41FCCB1-C470-43D5-8EA3-A7F2B9332210}\42.0.2311.90_41.0.2272.118_chrome_updater.exe [11017296]
O61 - LFC: 19/04/2015 - 18:31:47 ---A- . (...) -- C:\Users\splendid univers\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
O61 - LFC: 19/04/2015 - 18:31:55 ---A- . (.Search Results, LLC.) -- C:\Users\splendid univers\AppData\Roaming\defaulttab\defaulttab\update.exe [1139288] =>PUP.SearchResults
~ 2271 Fichiers temporaires (Temporary files)
~ 253 Fichiers cookies (Cookies files)
~ Files: 26 Legitimates Filtered in 00mn 19s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 13/12/1745 - C:\Windows\System32\Drivers\sptd.sys (sptd) .(...) - LEGACY_SPTD
~ Legacy: 136 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\splendid univers\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Opera\Opera.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.key-find.com =>Hijacker.Hijacker.KeyFind
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} - (e) - http://www.key-find.com =>Hijacker.Hijacker.KeyFind
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (key-find) - http://www.key-find.com =>Hijacker.Hijacker.KeyFind
O69 - SBI: SearchScopes [HKCU] {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} - (Search The Web) - http://www.key-find.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {A7ED8872-6AE9-41A6-B229-E2052E85C8A4} - (Search Here) - http://www.key-find.com =>Hijacker.Hijacker.KeyFind
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.key-find.com =>Hijacker.Hijacker.KeyFind
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Windows.old\Program Files\Internet Download Manager\Keygenerator.exe =>.Crack,Keygen
C:\Windows.old\Program Files\Internet Download Manager\Keygenerator.exe =>.Crack,Keygen
~ Files: Scanned in 10mn 54s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.C25A17D3E58F3C9309C224C63C7041AC] [SPRF][19/08/2014] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.FEE1D58C6AD73F25EB0DAD4F690560AD] [SPRF][09/11/2013] (.Facebook Inc. - Setup.) -- C:\Users\splendid univers\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe [501248]
[MD5.0F3E1965DDD14DADB4E72F1F53D71203] [SPRF][05/08/2010] (.Pas de propriétaire - TuDomino Solitario.) -- C:\Users\splendid univers\Desktop\tudomino_solitario.exe [4620520]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\ApnStub1_RASAPI32 =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\ApnStub1_RASMANCS =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\DefaultTabSearch_RASAPI32 =>Adware.Bandoo
HKLM\SOFTWARE\Microsoft\Tracing\DefaultTabSearch_RASMANCS =>Adware.Bandoo
HKLM\SOFTWARE\Microsoft\Tracing\Feb16_cor_key-find_RASAPI32 =>Hijacker.Hijacker.KeyFind
HKLM\SOFTWARE\Microsoft\Tracing\Feb16_cor_key-find_RASMANCS =>Hijacker.Hijacker.KeyFind
HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32 =>Adware.Bandoo
HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS =>Adware.Bandoo
HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup-r2235-n-bf_RASAPI32 =>Adware.Bandoo
HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup-r2235-n-bf_RASMANCS =>Adware.Bandoo
HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup-r362-n-bf_RASAPI32 =>Adware.Bandoo
HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup-r362-n-bf_RASMANCS =>Adware.Bandoo
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\Offercast2802_SGT__RASAPI32 =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\Offercast2802_SGT__RASMANCS =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\Offercast29_SGT__RASAPI32 =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\Offercast29_SGT__RASMANCS =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\PCPerformer_RASAPI32 =>PUP.PerformerSoft
HKLM\SOFTWARE\Microsoft\Tracing\PCPerformer_RASMANCS =>PUP.PerformerSoft
HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectionStub_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectionStub_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_iLivid_RASAPI32 =>PUP.Datamngr
HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_iLivid_RASMANCS =>PUP.Datamngr
HKLM\SOFTWARE\Microsoft\Tracing\smileyswelove_RASAPI32 =>Adware.SmileyBar
HKLM\SOFTWARE\Microsoft\Tracing\smileyswelove_RASMANCS =>Adware.SmileyBar
HKLM\SOFTWARE\Microsoft\Tracing\SmileysWeLove_SetupS_cdn_RASAPI32 =>Adware.SmileyBar
HKLM\SOFTWARE\Microsoft\Tracing\SmileysWeLove_SetupS_cdn_RASMANCS =>Adware.SmileyBar
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_damnvid_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_damnvid_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_nokia-suite_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_nokia-suite_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\webcake0710-0E58_RASAPI32 =>Adware.WebCake
HKLM\SOFTWARE\Microsoft\Tracing\webcake0710-0E58_RASMANCS =>Adware.WebCake
HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 =>Adware.WebCake
HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS =>Adware.WebCake
~ BTK: 398 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 15/04/2015 268464 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 12/04/2015 148080 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 31/03/2015 868352 | (SettingsGuard) . (...) - C:\Users\splendid univers\AppData\Roaming\SettingsGuard\updater.exe
SS - | Auto 02/01/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Disabled 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/11/2013 107520 | (DefaultTabUpdate) . (...) - C:\Users\splendid univers\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe =>Adware.Bandoo
SR - | Auto 10/04/2008 1392016 | (Flexlm Service 1) . (.Acresso Software Inc..) - C:\SIMULIA\License\lmgrd.exe
SR - | Auto 16/01/2015 158896 | (IHProtect Service) . (.XTab system.) - C:\Program Files\XTab\ProtectService.exe =>Adware.AgentODR
SR - | Auto 08/06/2008 877864 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
SR - | Demand 24/06/2008 537896 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\system32\IoctlSvc.exe
SR - | Demand 18/04/2013 737616 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 05/05/2008 4493312 | (Texis Monitor) . (.Expansion Programs International, Inc..) - C:\SIMULIA\Documentation\monitor.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 17s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by splendid univers at 19/04/2015 18:43:27
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spjb.sys halmacpi.dll >>UNKNOWN [0x84F60938]<<
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Rapid Storage Technology driver
System32\Drivers\spjb.sys
1 ntkrnlpa!IofCallDriver[0x82E5A458] >> \Device\Harddisk0\DR0[0x87C49530]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by splendid univers at 19/04/2015 18:43:29
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [691696]
~ Emulateurs: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (17/04/2015)
Clés trouvées (Keys found) : 28
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 17
Fichiers trouvés (Files found) : 25

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate] =>Adware.Bandoo^
[HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}] =>PUP.ToolbarCleaner
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}] =>Spyware.Soft2PC
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\default tab] =>Adware.IMBooster
[HKLM\Software\default tab] =>Adware.IMBooster
[HKCU\Software\defaulttab] =>Adware.IMBooster
[HKCU\Software\AppDataLow\Software\defaulttab] =>Adware.IMBooster
[HKLM\Software\defaulttab] =>Adware.IMBooster
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\Microsoft\Tracing\WebCakeDesktop_RASAPI32] =>Adware.WebCake
[HKLM\Software\Microsoft\Tracing\WebCakeDesktop_RASMANCS] =>Adware.WebCake
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622792277}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611791177}] =>PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:iLivid =>Adware.Bandoo^
C:\Users\splendid univers\AppData\Roaming\Mozilla\Firefox\Profiles\azynzyii.default\extensions\faststartff@gmail.com =>PUP.FastStart^
C:\Users\splendid univers\AppData\Roaming\Mozilla\Firefox\Profiles\azynzyii.default\extensions\fftoolbar2014@etech.com =>Adware.FFToolBar^
C:\Users\splendid univers\AppData\Roaming\Mozilla\Firefox\Profiles\azynzyii.default\extensions\searchengine@gmail.com =>PUP.SearchEngine^
C:\Program Files\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files\RelevantKnowledge =>Adware.RelevantKnowledge^
C:\Program Files\SiteLookup =>PUP.SiteLookup^
C:\Program Files\SuperPlusRadio v2.1 =>PUP.SuperPlusRadio^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge =>Adware.RelevantKnowledge^
C:\Users\splendid univers\AppData\Roaming\defaulttab =>Adware.Bandoo^
C:\Users\splendid univers\AppData\Roaming\key-find =>Hijacker.Hijacker.KeyFind^
C:\Users\splendid univers\AppData\Roaming\Movdap =>Adware.WebCake^
C:\Users\splendid univers\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\splendid univers\AppData\Roaming\RHEng =>PUP.Conduit^
C:\Users\splendid univers\AppData\Local\CodecPerformer =>PUP.CodecPerformer^
C:\Program Files\GamingWonderlandEI =>Adware.MyWebSearch
C:\Users\splendid univers\AppData\Roaming\SimilarSites =>Adware.SimilarSites
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow^
C:\Program Files\XTab\cmdshell.exe =>PUP.SearchProtect^
C:\Windows\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-1 =>PUP.CrossRider^
C:\Windows\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-4 =>PUP.CrossRider^
C:\Windows\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-6 =>PUP.CrossRider^
C:\Windows\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\251724b4-67d8-4ba7-bddc-fb697152dd97-7 =>PUP.CrossRider^
[HKCU\Software\Default Tab] =>Adware.Bandoo^
[HKCU\Software\DefaultTab] =>Adware.Bandoo^
[HKCU\Software\Popajar] =>Toolbar.Conduit^
[HKCU\Software\ProductSetup] =>Adware.InstallCore^
[HKCU\Software\SmileysWeLove] =>Adware.SmileyBar^
[HKCU\Software\SuperPlusRadio v2.1-nv] =>PUP.SuperPlusRadio^
[HKCU\Software\SuperPlusRadio v2.1] =>PUP.SuperPlusRadio^
[HKCU\Software\iLivid] =>Adware.Bandoo^
[HKLM\Software\Default Tab] =>Adware.Bandoo^
[HKLM\Software\DefaultTab] =>Adware.Bandoo^
[HKLM\Software\SiteFinder] =>Adware.ShoppingReport^
[HKLM\Software\SupDp] =>PUP.SupTab^
[HKLM\Software\SuperPlusRadio v2.1-nv] =>PUP.SuperPlusRadio^
[HKLM\Software\SuperPlusRadio v2.1] =>PUP.SuperPlusRadio^
[HKLM\Software\supTab] =>PUP.SupTab^
~ Additionnel Scan: 266690 Items scanned in 00mn 37s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/pua-startshow =>PUA.StartShow
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://www.nicolascoolman.fr/blog/ =>Hijacker.Hijacker.KeyFind
http://www.nicolascoolman.fr/blog/ =>PUP.FastStart
http://www.nicolascoolman.fr/blog/ =>Adware.FFToolBar
http://www.nicolascoolman.fr/blog/ =>PUP.SearchEngine
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://www.nicolascoolman.fr/blog/ =>PUP.GreenTreeApp
http://nicolascoolman.fr/adware-bandoo =>Adware.Bandoo
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://nicolascoolman.fr/pup-moviestoolbar =>PUP.MoviesToolbar
http://www.nicolascoolman.fr/blog/ =>PUP.SuperPlusRadio
http://www.nicolascoolman.fr/blog/ =>PUP.PCPerformer
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://www.nicolascoolman.fr/blog/ =>PUP.BrowserExtensions
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/adware-smileybar =>Adware.SmileyBar
http://nicolascoolman.fr/adware-shoppingreport =>Adware.ShoppingReport
http://nicolascoolman.fr/pup-tarma =>PUP.Tarma
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://nicolascoolman.fr/adware-relevantknowledge =>Adware.RelevantKnowledge
http://www.nicolascoolman.fr/blog/ =>PUP.SiteLookup
http://nicolascoolman.fr/adware-webcake =>Adware.WebCake
http://nicolascoolman.fr/adware-opencandy =>Adware.OpenCandy
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://www.nicolascoolman.fr/blog/ =>PUP.CodecPerformer
http://nicolascoolman.fr/pup-bitguard =>PUP.BitGuard
http://nicolascoolman.fr/hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.fr/pup-browsersafeguard =>PUP.BrowserSafeguard
http://nicolascoolman.fr/trojan-staser =>Trojan.Staser
http://nicolascoolman.fr/spyware-protectedsearch =>Spyware.ProtectedSearch
http://nicolascoolman.fr/adware-searchsettings =>Adware.SearchSettings
http://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.fr/pup-jumpflip =>PUP.JumpFlip
http://nicolascoolman.fr/pup-searchresults =>PUP.SearchResults
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>PUP.PerformerSoft
http://nicolascoolman.fr/pup-datamngr =>PUP.Datamngr
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/pup-toolbarcleaner =>PUP.ToolbarCleaner
http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent
http://nicolascoolman.fr/spyware-soft2pc =>Spyware.Soft2PC
http://nicolascoolman.fr/adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.fr/adware-similarsites =>Adware.SimilarSites
~ MSI: 46 link(s) detected in 00mn 00s



~ 887 Legitimates filtered by white list
End of the scan (778 lines in 13mn 13s)(2.2)

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !