Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2015.5.8.47 - Nicolas Coolman (05/05/2015)
~ Lancé par DJENABOU (09/05/2015 16:41:31)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17728
GCIE: Google Chrome v42.0.2311.135 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : KBRWQ
Windows License : OK
~ Windows Remaining Initializations Number : 997
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1, 64-bit (Build 9600)
---\\ Logiciels de protection du système
Windows Defender W8 (Activate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Reader 9.2 Lite
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3992 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 203 GB (46%) free of 437 GB
---\\ Mode de connexion au système
~ Computer Name: PC-AW
~ User Name: DJENABOU
~ All Users Names: DJENABOU_2, DJENABOU, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\DJENABOU\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\DJENABOU\AppData\Roaming\
~ %Desktop% : C:\Users\DJENABOU\Desktop\
~ %Favorites% : C:\Users\DJENABOU\Favorites\
~ %LocalAppData% : C:\Users\DJENABOU\AppData\Local\
~ %StartMenu% : C:\Users\DJENABOU\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 203 Go of 437 Go)
D: Hard drive, Flash drive, Thumb drive (Free 11 Go of 11 Go)
E: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.28/01/2015 - 00:47:12.) -- C:\Windows\Explorer.exe [2501368]
[MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Application de démarrage de Windows.) (.29/10/2014 - 02:25:54.) -- C:\Windows\System32\Wininit.exe [145920]
[MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/03/2015 - 03:45:57.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.29/10/2014 - 02:22:52.) -- C:\Windows\System32\Winlogon.exe [572416]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.18/03/2014 - 10:54:52.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.30/05/2014 - 04:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 10:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/07/2014 - 12:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.49EE0AE9E5B64FFBBD06D55C4984B598] - (.Microsoft Corporation - Pilote de port i8042.) (.04/11/2014 - 07:54:54.) -- C:\Windows\system32\Drivers\i8042prt.sys [108544]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 10:54:55.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.08/10/2014 - 08:32:10.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.15/10/2014 - 09:32:37.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.1BD3022FD6E450B00DE560265638FD2A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.08/11/2014 - 04:58:31.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [112640]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.18/03/2014 - 10:37:57.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/06/2014 - 03:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/1548
~ Mon Bureau (My Desktop) : 5/61748
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 01mn 37s
---\\ Processus lancés
[MD5.AAADB99511FB994A44429FFAEB2E86CE] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe [368000] [PID.2792] =>PUP.Elex
[MD5.14E453FFBFD889F47CEA4EEA0BF00E24] - (.Client Connect LTD - Search Protect.) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe [6176016] [PID.3400] =>PUP.SearchProtect
[MD5.89A3DBB0B4B278A1F6193348B875C091] - (.Client Connect LTD - Search Protect.) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe [3722512] [PID.3712] =>PUP.SearchProtect
[MD5.189E2BF9EE10DE457959264E6F76096B] - (...) -- C:\Program Files (x86)\Search Extensions\Client.exe [2591232] [PID.1932] =>PUP.RocketTab
[MD5.85778366674083C3070834AE7A917214] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224] [PID.892]
[MD5.7EDA1D46618C2F5801E4A47D80AE89ED] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872] [PID.4776]
[MD5.A75AE3B84B6423CE6A088E80A2BC23C2] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256] [PID.5128]
[MD5.511E24EB9506E4740D71409F3FB13BC3] - (.YTDownloader - YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988456] [PID.5236] =>PUP.YTDownloader
[MD5.73FCAA8154F8FD71E71E7DC52A1BAF2A] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192] [PID.5576]
[MD5.E80335157A225AD734865ADF1F929FFB] - (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [111696] [PID.5592]
[MD5.F13DD392496A2EE4A868F14F437B8049] - (.YTDownloader - YTDownloader helper.) -- C:\Program Files (x86)\YTDownloader\DownloadHelper.exe [385896] [PID.2192] =>PUP.YTDownloader
[MD5.2727208EA26F6B6DA898AB6890417214] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8208384] [PID.5324]
[MD5.E0B386E7D36BC2459174EB251B9F7C2F] - (...) -- C:\Users\DJENABOU\AppData\Local\avaxvyyvyf\avaxvyyvyf.exe [2557952] [PID.0] =>Adware.Pirrit
[MD5.1E48B2E7173162BFD1202B4EF48A04DE] - (...) -- C:\Users\DJENABOU\AppData\Local\avaxvavya\avaxvavya.exe [2545664] [PID.0] =>PUP.SearchProtect
~ Processes Running: Scanned in 00mn 05s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\DJENABOU\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 07s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [DJENABOU - vdzFJpzy.default\abs@avira.com] [] Avira Browser Safety v1.4.0 (..)
M2 - MFEP: Extension [DJENABOU - vdzFJpzy.default] abs@avira.com
~ Firefox Browser: 8 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com =>Hijacker.TroviCom
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com =>Hijacker.DeltaHomes
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>PUP.Istart
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>PUP.Istart
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49270;https=127.0.0.1:49270 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\XTab\SupTab.dll =>PUP.SupTab
~ BHO: 9 Legitimates Filtered in 00mn 01s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [DJENABOU]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>PUP.Istart
O4 - GS\QuickLaunch [DJENABOU]: StormFall.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>Adware.StormFall
O4 - GS\TaskBar [DJENABOU]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>PUP.Istart
O4 - GS\Program [DJENABOU]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>PUP.Istart
O4 - GS\Desktop [DJENABOU]: StormFall.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>Adware.StormFall
O4 - GS\Desktop [DJENABOU]: YTDownloader.lnk . (.YTDownloader - YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe =>PUP.YTDownloader
~ Global Startup: 9 Legitimates Filtered in 00mn 56s
---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [DJENABOU]: MyPC Backup.lnk . (...) -- C:\Program Files (x86)\OLBPre\OLBPre.exe =>PUP.MyPCBackup
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\DJENABOU\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [WindApp] C:\Users\DJENABOU\AppData\Roaming\Store\WindApp\WindApp.exe (.not file.) =>PUP.Nosibay
O4 - HKCU\..\Run: [Selection Tools] C:\Users\DJENABOU\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe (.not file.) =>PUP.Nosibay
O4 - HKCU\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe =>PUP.YTDownloader
O4 - HKCU\..\RunOnce: [{90120000-006E-040C-0000-0000000FF1CE}] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKCU\..\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe =>PUP.YTDownloader
O4 - HKLM\..\Wow6432Node\Run: [OfferBoulevard] C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [vmware-tray.exe] . (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe =>.VMware, Inc
O4 - HKUS\.DEFAULT\..\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-981081113-229050636-246977418-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-981081113-229050636-246977418-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\DJENABOU\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-981081113-229050636-246977418-1001\..\Run: [WindApp] C:\Users\DJENABOU\AppData\Roaming\Store\WindApp\WindApp.exe (.not file.) =>PUP.Nosibay
O4 - HKUS\S-1-5-21-981081113-229050636-246977418-1001\..\Run: [Selection Tools] C:\Users\DJENABOU\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe (.not file.) =>PUP.Nosibay
O4 - HKUS\S-1-5-21-981081113-229050636-246977418-1001\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe =>PUP.YTDownloader
O4 - HKUS\S-1-5-21-981081113-229050636-246977418-1001\..\RunOnce: [{90120000-006E-040C-0000-0000000FF1CE}] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-981081113-229050636-246977418-1001\..\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{078A88BB-6EE4-4C55-8142-66E1CBF1DB09}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{078A88BB-6EE4-4C55-8142-66E1CBF1DB09}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{078A88BB-6EE4-4C55-8142-66E1CBF1DB09}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{078A88BB-6EE4-4C55-8142-66E1CBF1DB09}: DhcpDomain = lan
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Client Connect LTD - Search Protect.) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll =>PUP.SearchProtect
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Search Protect Service (CltMngSvc) . (.Client Connect LTD - Search Protect.) - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe =>PUP.SearchProtect
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: YAC Service (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>PUP.Elex
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.SysTool PasSame LIMITED - Windows SysTool Svr.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
O23 - Service: WinZiper service (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - dsk service.) - C:\Program Files (x86)\WinZipper\winzipersvc.exe =>Adware.D365
~ Services: 19 Legitimates Filtered in 00mn 08s
---\\ Tâches planifiées en automatique (O39)
[MD5.A2A78C3C6C9E03733B0668079710FFF4] [APT] [avaavaevy] (...) -- C:\Users\DJENABOU\AppData\Local\avaavaevy\avaavaevy.exe [2135552] =>PUP.SearchProtect
[MD5.CED18C00311FAB6557DAA7BFE9E3BA12] [APT] [avaavxvyex] (...) -- C:\Users\DJENABOU\AppData\Local\avaavxvyex\avaavxvyex.exe [2135552] =>Adware.Pirrit
[MD5.0516EC9A60AD9735C0FBA7702C0348C2] [APT] [avabvyxvdy] (...) -- C:\Users\DJENABOU\AppData\Local\avabvyxvdy\avabvyxvdy.exe [2135552] =>Adware.Pirrit
[MD5.1E48B2E7173162BFD1202B4EF48A04DE] [APT] [avaxvavya] (...) -- C:\Users\DJENABOU\AppData\Local\avaxvavya\avaxvavya.exe [2545664] =>PUP.SearchProtect
[MD5.E0B386E7D36BC2459174EB251B9F7C2F] [APT] [avaxvyyvyf] (...) -- C:\Users\DJENABOU\AppData\Local\avaxvyyvyf\avaxvyyvyf.exe [2557952] =>Adware.Pirrit
[MD5.A0BB20D973618C5A4D8F5B768114672F] [APT] [avayvaxvaa] (...) -- C:\Users\DJENABOU\AppData\Local\avayvaxvaa\avayvaxvaa.exe [2132992] =>Adware.Pirrit
[MD5.BB17BCF355B790BF81670C0CA87BA2EC] [APT] [avayvaxxvae] (...) -- C:\Users\DJENABOU\AppData\Local\avayvaxxvae\avayvaxxvae.exe [2136064] =>Adware.Pirrit
[MD5.0C933868B86589BCF344E115E25A23DF] [APT] [avayvxvaxc] (...) -- C:\Users\DJENABOU\AppData\Local\avayvxvaxc\avayvxvaxc.exe [2562048] =>Adware.Pirrit
[MD5.79780A03DECE16955A823E5A2D92B7FC] [APT] [LaunchPreSignup] (...) -- C:\Program Files (x86)\OLBPre\OLBPre.exe [1283584] =>PUP.MyPCBackup
[MD5.00000000000000000000000000000000] [APT] [PostPoneInstall] (...) -- C:\Users\DJENABOU\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe (.not file.) [0]
[MD5.189E2BF9EE10DE457959264E6F76096B] [APT] [RocketTab] (...) -- C:\Program Files (x86)\Search Extensions\Client.exe [2591232] =>PUP.RocketTab
[MD5.8C55A553B9DBEF325BA1667826A9521B] [APT] [RocketTab Update Task] (...) -- C:\Program Files (x86)\Search Extensions\uninstall.exe [6850560] =>PUP.RocketTab
[MD5.C387A73359542AAB558445AED3D951FB] [APT] [RunTool] (...) -- C:\Users\DJENABOU\AppData\Local\efe3728e-2035-4c56-8080-cb078d1d52e8\sysad.exe [701952]
[MD5.00000000000000000000000000000000] [APT] [Run_Bobby_Browser] (...) -- C:\Users\DJENABOU\AppData\Local\BoBrowser\Application\bobrowser.exe (.not file.) [0] =>PUP.BoBrowser
[MD5.511E24EB9506E4740D71409F3FB13BC3] [APT] [YTDownloader] (.YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988456] =>PUP.YTDownloader
[MD5.C018D3590861610C21DD67081426B42E] [APT] [YTDownloaderUpd] (.Goobzo.) -- C:\Program Files (x86)\YTDownloader\updater.exe [748392] =>PUP.YTDownloader
[MD5.1087BE1ED3E4CF8BAC3DFB8BCF76FACF] [APT] [{1BD87E01-D0DF-47CB-B732-0F9FF4724818}] (.Skytech Co., Ltd..) -- C:\Users\DJENABOU\AppData\Roaming\webssearches\UninstallManager.exe [1891840] =>Hijacker.WebsSearches
[MD5.00000000000000000000000000000000] [APT] [{C8E6D608-73EB-46C4-BBAD-E50138C765DF}] (...) -- C:\Program Files (x86)\Cyti Web\CytiWebUn.exe (.not file.) [0] =>PUP.CytiWeb
[MD5.00000000000000000000000000000000] [APT] [{ECE1F61D-2390-48C3-A7E1-52EDCF2B9E9B}] (...) -- C:\Users\DJENABOU\AppData\Roaming\Nosibay\Bubble Dock\Uninstall Bubble Dock.exe (.not file.) [0] =>PUP.BubbleDock
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-981081113-229050636-246977418-1001Core [930]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-981081113-229050636-246977418-1001UA [952]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1080]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForDJENABOU [356]
~ Scheduled Task: 40 Legitimates Filtered in 00mn 21s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (iSafeKrnl) . (.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys =>PUP.Elex
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys =>PUP.Elex
O41 - Driver: (iSafeKrnlMon) . (.Elex do Brasil Participações Ltda - YAC Monitor Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys =>PUP.Elex
O41 - Driver: (iSafeKrnlR3) . (.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys =>PUP.Elex
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys =>PUP.Elex
O41 - Driver: (MpKsl96390bff) . (. - .) - C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{29490CB2-28AD-4D7A-93C8-89EBEEAC5782}\MpKsl96390bff.sys (.not file.)
O41 - Driver: ({20915d52-1148-4fc2-8788-129eeb5e27dd}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{20915d52-1148-4fc2-8788-129eeb5e27dd}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({4622aef0-e33e-4e1f-9b62-ca3f18b46b25}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{4622aef0-e33e-4e1f-9b62-ca3f18b46b25}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({921265c3-88e5-40e1-8d74-df5314572900}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys =>PUP.LinkiDoo
~ Drivers: 56 Legitimates Filtered in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: MyPC Backup - (.MyPC Backup.) [HKLM][64Bits] -- OLBPre =>PUP.MyPCBackup
O42 - Logiciel: RocketTab - (.RocketTab.) [HKLM][64Bits] -- RocketTab =>PUP.RocketTab
O42 - Logiciel: Search Protect - (.Client Connect LTD.) [HKLM][64Bits] -- SearchProtect =>PUP.SearchProtect
O42 - Logiciel: Setup Support for SearchProtect - (.Sono Control Inc..) [HKLM][64Bits] -- Setup Support for SearchProtect =>PUP.SearchProtect
O42 - Logiciel: YAC(Yet Another Cleaner!) - (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM][64Bits] -- iSafe =>PUP.Elex
O42 - Logiciel: YTDownloader - (.YTDownloader.) [HKLM][64Bits] -- YTDownloader =>PUP.YTDownloader
O42 - Logiciel: webssearches uninstall - (.webssearches.) [HKLM][64Bits] -- webssearches uninstall =>Hijacker.WebsSearches
~ Logic: 45 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\BoBrowser] =>PUP.BoBrowser
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\Clubic]
[HKCU\Software\Coinis]
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\Kromtech]
[HKCU\Software\OB]
[HKCU\Software\ProductSetup] =>Adware.InstallCore
[HKCU\Software\RocketTabInstalled] =>PUP.RocketTab
[HKCU\Software\Search Extensions] =>PUP.RocketTab
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Store] =>PUP.Nosibay
[HKCU\Software\V9]
[HKCU\Software\WTools] =>PUP.Nosibay
[HKCU\Software\WajIEnhance] =>PUP.Wajam
[HKCU\Software\Wajam] =>PUP.Wajam
[HKCU\Software\YTDownloader] =>PUP.YTDownloader
[HKCU\Software\rttasks]
[HKLM\Software\ShopperPro] =>PUP.ShopperPro
[HKLM\Software\Wow6432Node\AIM Toolbar]
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.AskBar
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Clara]
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Elex-tech] =>PUP.Elex
[HKLM\Software\Wow6432Node\IVTCHECKUPDATE]
[HKLM\Software\Wow6432Node\IVTUPDATE]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp
[HKLM\Software\Wow6432Node\SpeedBit]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\V9]
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\YTDownloader] =>PUP.YTDownloader
~ Key Software: 326 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/01/2015 - 22:11:08 - [] ----D C:\Program Files (x86)\Cyti Web =>PUP.CytiWeb
O43 - CFD: 05/05/2015 - 19:17:16 - [] ----D C:\Program Files (x86)\Elex-tech =>PUP.Elex
O43 - CFD: 08/05/2015 - 21:58:33 - [] ----D C:\Program Files (x86)\OLBPre =>PUP.MyPCBackup
O43 - CFD: 05/05/2015 - 20:56:33 - [] ----D C:\Program Files (x86)\Search Extensions =>PUP.RocketTab
O43 - CFD: 07/11/2014 - 17:39:00 - [] ----D C:\Program Files (x86)\swipl
O43 - CFD: 20/03/2015 - 11:45:13 - [] ----D C:\Program Files (x86)\XTab
O43 - CFD: 14/01/2015 - 23:30:03 - [] ----D C:\Program Files (x86)\YTDownloader =>PUP.YTDownloader
O43 - CFD: 23/04/2015 - 14:27:40 - [0] ----D C:\ProgramData\6f2b082e000070f7
O43 - CFD: 09/05/2015 - 16:10:47 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 05/05/2015 - 17:18:30 - [0] ----D C:\ProgramData\f130838300003823
O43 - CFD: 20/03/2015 - 11:44:33 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 29/04/2014 - 18:21:49 - [] ----D C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}
O43 - CFD: 23/01/2015 - 19:35:23 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
O43 - CFD: 23/01/2015 - 19:34:19 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
O43 - CFD: 23/01/2015 - 19:38:16 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
O43 - CFD: 18/03/2014 - 11:38:02 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 08/12/2014 - 10:40:15 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Paradigm
O43 - CFD: 21/04/2015 - 23:47:53 - [] ----D C:\Users\DJENABOU\AppData\Roaming\0C1F1L1G1L1B
O43 - CFD: 15/04/2015 - 11:13:44 - [] ----D C:\Users\DJENABOU\AppData\Roaming\0C1I2Y1S1L1R
O43 - CFD: 05/05/2015 - 19:17:15 - [] ----D C:\Users\DJENABOU\AppData\Roaming\Elex-tech =>PUP.Elex
O43 - CFD: 06/03/2015 - 15:48:51 - [] ----D C:\Users\DJENABOU\AppData\Roaming\imo.im
O43 - CFD: 25/01/2015 - 11:58:13 - [0] ----D C:\Users\DJENABOU\AppData\Roaming\Store =>PUP.Nosibay
O43 - CFD: 08/12/2014 - 10:56:31 - [] ----D C:\Users\DJENABOU\AppData\Roaming\VisualParadigm
O43 - CFD: 25/01/2015 - 11:55:16 - [] ----D C:\Users\DJENABOU\AppData\Roaming\VOPackage =>Adware.Downware
O43 - CFD: 23/01/2015 - 19:46:01 - [] ----D C:\Users\DJENABOU\AppData\Roaming\webssearches =>Hijacker.WebsSearches
O43 - CFD: 20/01/2015 - 22:08:46 - [0] ----D C:\Users\DJENABOU\AppData\Roaming\WTools =>PUP.Nosibay
O43 - CFD: 20/04/2015 - 09:22:30 - [] ----D C:\Users\DJENABOU\AppData\Local\avaavaevy =>PUP.SearchProtect
O43 - CFD: 25/03/2015 - 14:33:14 - [] ----D C:\Users\DJENABOU\AppData\Local\avaavxvyex =>PUP.SearchProtect
O43 - CFD: 09/05/2015 - 10:37:46 - [] ----D C:\Users\DJENABOU\AppData\Local\avabvyxvdy
O43 - CFD: 10/02/2015 - 17:29:19 - [] ----D C:\Users\DJENABOU\AppData\Local\avaxvavya =>PUP.SearchProtect
O43 - CFD: 11/02/2015 - 10:27:39 - [] ----D C:\Users\DJENABOU\AppData\Local\avaxvyyvyf =>PUP.SearchProtect
O43 - CFD: 27/02/2015 - 20:56:04 - [] ----D C:\Users\DJENABOU\AppData\Local\avayvaxvaa =>PUP.SearchProtect
O43 - CFD: 25/03/2015 - 14:33:12 - [] ----D C:\Users\DJENABOU\AppData\Local\avayvaxxvae =>PUP.SearchProtect
O43 - CFD: 20/02/2015 - 13:27:11 - [] ----D C:\Users\DJENABOU\AppData\Local\avayvxvaxc =>PUP.SearchProtect
O43 - CFD: 04/03/2015 - 23:05:47 - [] ----D C:\Users\DJENABOU\AppData\Local\BoBrowser =>PUP.BoBrowser
O43 - CFD: 16/01/2015 - 11:30:59 - [] ----D C:\Users\DJENABOU\AppData\Local\Boxore =>Adware.Boxore
O43 - CFD: 21/01/2015 - 18:18:20 - [] ----D C:\Users\DJENABOU\AppData\Local\CrossBrowser =>PUP.CrossBrowser
O43 - CFD: 21/01/2015 - 18:27:10 - [] ----D C:\Users\DJENABOU\AppData\Local\efe3728e-2035-4c56-8080-cb078d1d52e8
O43 - CFD: 12/12/2014 - 18:00:03 - [] -SH-D C:\Users\DJENABOU\AppData\Local\EmieBrowserModeList
O43 - CFD: 25/01/2015 - 11:55:20 - [] ----D C:\Users\DJENABOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware
O43 - CFD: 14/01/2015 - 23:30:04 - [] ----D C:\Users\DJENABOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader =>PUP.YTDownloader
~ Program Folder: 223 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0B947F36633EDE5821BD0EB45D931736] - 04/05/2015 - 10:21:09 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [53568] =>PUP.Elex
O44 - LFC:[MD5.9FB02FBA90F6AF59537A30C3DB9777C8] - 05/05/2015 - 18:17:22 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [52392] =>PUP.Elex
O44 - LFC:[MD5.B70EA6B00FD1D52C3CE78B82C53C3524] - 09/05/2015 - 15:21:38 ---A- . (...) -- C:\Windows\wininit.ini [72772]
~ Files: 13 Legitimates Filtered in 00mn 37s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.592E0CA9DC0F2FE55A390BAB7E85B94E] - 20/01/2015 - 19:56:50 ---A- - C:\Windows\Prefetch\BUBBLE DOCK.EXE-2DF77CBE.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.0C7F113200CE4A73124BB2AD76EEB7A8] - 21/01/2015 - 17:18:02 ---A- - C:\Windows\Prefetch\CROSSBROWSER.EXE-ED93FD01.pf =>PUP.CrossBrowser
O45 - LFCP:[MD5.296E2E041117906631ECF59129EA1868] - 09/05/2015 - 15:15:00 ---A- - C:\Windows\Prefetch\ISAFETRAY.EXE-91550E03.pf =>Trojan.Staser
O45 - LFCP:[MD5.A2B5EF9AC41935B8E0AA9FC1FBE23BF1] - 09/05/2015 - 15:15:53 ---A- - C:\Windows\Prefetch\OLBPRE.EXE-5FD45ACB.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.58124E79DFDC8167676BD8F877CF34B7] - 23/01/2015 - 18:43:49 ---A- - C:\Windows\Prefetch\S6RE-MARKABLEZ42.EXE-2FCAF60E.pf =>PUP.Re-Markable
O45 - LFCP:[MD5.26B1BE577D6264B8BA5DD8F32A968F86] - 25/01/2015 - 10:55:32 ---A- - C:\Windows\Prefetch\SEARCHPROTECT_110514085255.EX-E15C46E3.pf =>PUP.SearchProtect
O45 - LFCP:[MD5.0A350E39310972299E2F059C07609AB5] - 20/01/2015 - 21:05:32 ---A- - C:\Windows\Prefetch\SELECTION TOOLS UNINSTALL.EXE-334A94C3.pf =>PUP.Nosibay
O45 - LFCP:[MD5.90944A5C4034D41C3958372554F8449D] - 09/05/2015 - 15:15:40 ---A- - C:\Windows\Prefetch\YTDOWNLOADER.EXE-DC808E8B.pf =>PUP.YTDownloader
~ Prefetcher: 8 Legitimates Filtered in 00mn 00s
---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bbqleads.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - bbqleadsapplication.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - bbqleadsservice.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - bbqquotes.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - ContentExplorer.exe - TaskList.exe =>PUP.ContentExplorer
O50 - IFEO:Image File Execution Options - donutleads.exe - TaskList.exe =>PUP.DonutQuotes
O50 - IFEO:Image File Execution Options - donutquotes.exe - TaskList.exe =>PUP.DonutQuotes
O50 - IFEO:Image File Execution Options - internetenhancer.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - internetenhancerservice.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - pastaleads.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - pastaquotes.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - theanswerfinder.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - wajaminternetenhancer.exe - TaskList.exe =>PUP.Wajam
O50 - IFEO:Image File Execution Options - WajamInternetEnhancerApp.exe - TaskList.exe =>PUP.Wajam
O50 - IFEO:Image File Execution Options - WajamInternetEnhancerAppservice.exe - TaskList.exe =>PUP.Wajam
O50 - IFEO:Image File Execution Options - wajaminternetenhancerservice.exe - TaskList.exe =>PUP.Wajam
~ IFEO: Scanned in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{79dc8c74-a189-11e4-8296-3464a976279a}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "SafeModeBlockNonAdmins"=1
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:04/05/2015 - 10:21:09 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [53568] =>PUP.Elex
O58 - SDL:17/04/2015 - 03:43:55 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [52392] =>PUP.Elex
O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:20/01/2015 - 08:39:38 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{20915d52-1148-4fc2-8788-129eeb5e27dd}Gw64.sys [48784] =>PUP.LinkiDoo
O58 - SDL:22/01/2015 - 12:51:48 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{4622aef0-e33e-4e1f-9b62-ca3f18b46b25}Gw64.sys [48784] =>PUP.LinkiDoo
O58 - SDL:14/01/2015 - 09:36:40 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64.sys [48784] =>PUP.LinkiDoo
O58 - SDL:16/01/2015 - 13:37:02 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys [48784] =>PUP.LinkiDoo
~ Drivers: 68 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/05/2015 - 16:46:27 ---A- . (.tony do DLT..) -- C:\Users\DJENABOU\AppData\Local\Microsoft\Windows\INetCache\IE\DVREMM0M\wzpup_2015.5.05_4[1].exe [208326]
O61 - LFC: 05/05/2015 - 16:46:32 ---A- . (...) -- C:\Users\DJENABOU\AppData\Local\Microsoft\Windows\INetCache\IE\K7KEQPV2\zwz[1].exe [21823609]
O61 - LFC: 05/05/2015 - 16:46:40 ---A- . (...) -- C:\Users\DJENABOU\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin [269992]
O61 - LFC: 09/05/2015 - 16:46:01 ---A- . (...) -- C:\Users\DJENABOU\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
~ 971 Fichiers temporaires (Temporary files)
~ Files: 21 Legitimates Filtered in 03mn 23s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Trovi search) - http://www.trovi.com =>Hijacker.TroviCom
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.delta-homes.com =>Hijacker.DeltaHomes
O69 - SBI: SearchScopes [HKCU] {18AB3065-5D68-4897-919F-357233A85F15} - (Propositions de recherche Amazon.fr) - http://www.delta-homes.com =>Hijacker.DeltaHomes
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} - (e) - http://www.delta-homes.com =>Hijacker.DeltaHomes
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (delta-homes) - http://www.delta-homes.com =>Hijacker.DeltaHomes
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.delta-homes.com =>Hijacker.DeltaHomes
~ Keys: Scanned in 00mn 00s
---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\DJENABOU\Desktop\AW\partager\AW_Licence3\semestre_6\DS 2011\Nouveau dossier\All\Internet.Download.Manager.v6.09.Beta.1.Keygen.and.Patch\idman609b.exe =>.Crack,Keygen
C:\Users\DJENABOU\Desktop\AW\partager\AW_Licence3\semestre_6\DS 2011\Nouveau dossier\All\Internet.Download.Manager.v6.09.Beta.1.Keygen.and.Patch\idman609b.exe =>.Crack,Keygen
~ Files: Scanned in 08mn 18s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.CBD73E9BF5EBA3167F369A57D528792B] [SPRF][22/01/2015] (.Pas de propriétaire - Ultra Setup Manager.) -- C:\Users\DJENABOU\Desktop\adblock-plus.exe [152504]
[MD5.10A5CD3FC0F672355F85A9B64934C908] [SPRF][04/11/2014] (...) -- C:\Users\DJENABOU\Desktop\avira_free_antivirus_fr.exe [151223664]
[MD5.CAB50FFB133D2362D1A4D76657A7993C] [SPRF][25/09/2011] (.The Code::Blocks Team - Code::Blocks cross-platform IDE.) -- C:\Users\DJENABOU\Desktop\codeblocks-10.05mingw-setup.exe [74027949]
[MD5.E98CDE742D584DAC869B28BFC19D1861] [SPRF][06/03/2015] (.Web Internet - Prog Generic Web Setup.) -- C:\Users\DJENABOU\Desktop\Malavida_Download_Manager.exe [725407]
[MD5.5961582A95615FF0ECF1C5EB2E70A756] [SPRF][13/10/2014] (.Pas de propriétaire - Application Installer.) -- C:\Users\DJENABOU\Desktop\SoftonicDownloader_pour_eclipse.exe [367464] =>Toolbar.Conduit
[MD5.6B11A6C9C63C24C9E66183CD37F4CCC6] [SPRF][07/11/2014] (.swi-prolog.org - Pas de description.) -- C:\Users\DJENABOU\Desktop\w32pl7126.exe [11699242]
~ Files: 6 Legitimates Filtered in 00mn 12s
---\\ Export de clés de registre aléatoires (O91)
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:060df2cd="alAl/YP/b/Af/X6/UxAp/X2/GxAk////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:0c230bcb="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:0dc3ee96="/P////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:0e93c3f3="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:1520c6f1="V/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:1c311243="alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:27ddcf6f="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:2d71d5ab="V/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:2e22d94e="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:340d3099="/P////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:37b7a6d8="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:38583bc3="Ml/2/CF/M//g/CZ////%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:3c09c42b="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:414bc593="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:48bd1aff="VP/l/C//N//l////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:51d2f2ea="IlAl/YP/HPAi/Xt/dxAu/YZ/J/Af/X6/Z/AM/X6/axAp/YP/alAf/Xt/axAr/B//VP/j/Cx/V//j/C
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:587b5709="V/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:6185d035="VP/h/CP/V//l////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:65114b36="VP/+////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:72758a5d="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:7367429f="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:7f69fa1f="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:8b9e4cbc="V/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:a0743acc="N/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:a1dcff5b="V/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:a2e3b941="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:bbf88800="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:c24899a6="VP/g/CV/Vl/1/CF////%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:c5705860="Vx////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:c6c5dd44="V/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:c99a5f5c="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:d1abcdb6="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:d94388d2="alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:e46c271e="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:e8f9dcc7="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:f0bf0bde="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:f1f24e29="Vl/l/C/////%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:f2c53c49="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:f6ad6fa6="VP/l/C//V/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:fe94ce1e="V/////%%"
~ Export Key Software: Scanned in 00mn 00s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASAPI32 =>PUP.StormWatch
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASMANCS =>PUP.StormWatch
~ BTK: 126 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 11/01/2014 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 24/03/2015 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/03/2015 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 28/12/2013 87384 | (ApHidMonitorService) . (.Alps Electric Co., Ltd..) - C:\Program Files\Apoint2K\HidMonitorSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 02/02/2015 3557136 | (CltMngSvc) . (.Client Connect LTD.) - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe =>PUP.SearchProtect
SR - | Auto 13/01/2014 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 09/10/2014 569608 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 08/11/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 20/03/2015 158816 | (IHProtect Service) . (.XTab system.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
SR - | Auto 04/05/2015 118048 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>PUP.Elex
SR - | Auto 08/01/2014 290520 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 27/08/2013 86096 | (VMAuthdService) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe =>.VMware, Inc
SR - | Auto 22/07/1658 0 | (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\system32\vmnetdhcp.exe
SR - | Auto 26/08/2013 904248 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
SR - | Auto 22/07/1658 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe
SR - | Auto 27/08/2013 14401104 | (VMwareHostd) . (...) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe =>.VMware, Inc
SR - | Demand 22/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 22/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 20/03/2015 499200 | (WindowsMangerProtect) . (.SysTool PasSame LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
SR - | Auto 04/05/2015 426160 | (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files (x86)\WinZipper\winzipersvc.exe =>Adware.D365
SR - | Demand 29/10/2014 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 19s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by DJENABOU at 09/05/2015 16:59:01
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by DJENABOU at 09/05/2015 16:59:03
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (05/05/2015)
Clés trouvées (Keys found) : 33
Valeurs trouvées (Values found) : 9
Dossiers trouvés (Folders found) : 27
Fichiers trouvés (Files found) : 37
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc] =>PUP.SearchProtect^
[HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService] =>PUP.Elex^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^
[HKLM\SYSTEM\CurrentControlSet\Services\winzipersvc] =>Adware.D365^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre] =>PUP.MyPCBackup^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab] =>PUP.RocketTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.SearchProtect^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Setup Support for SearchProtect] =>PUP.SearchProtect^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe] =>PUP.Elex^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader] =>PUP.YTDownloader^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall] =>Hijacker.WebsSearches^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\Softonic] =>PUP.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKLM\Software\Wow6432Node\delta-homesSoftware] =>Toolbar.DeltaSearch
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:WindApp =>PUP.Nosibay^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:YTDownloader =>PUP.YTDownloader^
C:\Program Files (x86)\Cyti Web =>PUP.CytiWeb^
C:\Program Files (x86)\Elex-tech =>PUP.Elex^
C:\Program Files (x86)\OLBPre =>PUP.MyPCBackup^
C:\Program Files (x86)\Search Extensions =>PUP.RocketTab^
C:\Program Files (x86)\YTDownloader =>PUP.YTDownloader^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\Users\DJENABOU\AppData\Roaming\Elex-tech =>PUP.Elex^
C:\Users\DJENABOU\AppData\Roaming\Store =>PUP.Nosibay^
C:\Users\DJENABOU\AppData\Roaming\VOPackage =>Adware.Downware^
C:\Users\DJENABOU\AppData\Roaming\webssearches =>Hijacker.WebsSearches^
C:\Users\DJENABOU\AppData\Roaming\WTools =>PUP.Nosibay^
C:\Users\DJENABOU\AppData\Local\avaavaevy =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avaavxvyex =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avaxvavya =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avaxvyyvyf =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avayvaxvaa =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avayvaxxvae =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avayvxvaxc =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\BoBrowser =>PUP.BoBrowser^
C:\Users\DJENABOU\AppData\Local\Boxore =>Adware.Boxore^
C:\Users\DJENABOU\AppData\Local\CrossBrowser =>PUP.CrossBrowser^
C:\Users\DJENABOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware^
C:\Users\DJENABOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader =>PUP.YTDownloader^
C:\Program Files (x86)\SearchProtect =>PUP.Conduit
C:\Program Files (x86)\Software =>Adware.Boxore
C:\Users\DJENABOU\AppData\Local\SearchProtect =>PUP.Conduit
C:\Users\DJENABOU\AppData\Local\Software =>Adware.Boxore
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe =>PUP.Elex^
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe =>PUP.SearchProtect^
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe =>PUP.SearchProtect^
C:\Program Files (x86)\Search Extensions\Client.exe =>PUP.RocketTab^
C:\Program Files (x86)\YTDownloader\YTDownloader.exe =>PUP.YTDownloader^
C:\Program Files (x86)\YTDownloader\DownloadHelper.exe =>PUP.YTDownloader^
C:\Users\DJENABOU\AppData\Local\avaxvyyvyf\avaxvyyvyf.exe =>Adware.Pirrit^
C:\Users\DJENABOU\AppData\Local\avaxvavya\avaxvavya.exe =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avaavaevy\avaavaevy.exe =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avaavxvyex\avaavxvyex.exe =>Adware.Pirrit^
C:\Users\DJENABOU\AppData\Local\avabvyxvdy\avabvyxvdy.exe =>Adware.Pirrit^
C:\Users\DJENABOU\AppData\Local\avayvaxvaa\avayvaxvaa.exe =>Adware.Pirrit^
C:\Users\DJENABOU\AppData\Local\avayvaxxvae\avayvaxxvae.exe =>Adware.Pirrit^
C:\Users\DJENABOU\AppData\Local\avayvxvaxc\avayvxvaxc.exe =>Adware.Pirrit^
C:\Program Files (x86)\OLBPre\OLBPre.exe =>PUP.MyPCBackup^
C:\Program Files (x86)\Search Extensions\uninstall.exe =>PUP.RocketTab^
C:\Program Files (x86)\YTDownloader\updater.exe =>PUP.YTDownloader^
C:\Users\DJENABOU\AppData\Roaming\webssearches\UninstallManager.exe =>Hijacker.WebsSearches^
[HKCU\Software\BoBrowser] =>PUP.BoBrowser^
[HKCU\Software\ProductSetup] =>Adware.InstallCore^
[HKCU\Software\RocketTabInstalled] =>PUP.RocketTab^
[HKCU\Software\Search Extensions] =>PUP.RocketTab^
[HKCU\Software\Store] =>PUP.Nosibay^
[HKCU\Software\WTools] =>PUP.Nosibay^
[HKCU\Software\WajIEnhance] =>PUP.Wajam^
[HKCU\Software\Wajam] =>PUP.Wajam^
[HKCU\Software\YTDownloader] =>PUP.YTDownloader^
[HKLM\Software\ShopperPro] =>PUP.ShopperPro^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\Elex-tech] =>PUP.Elex^
[HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\YTDownloader] =>PUP.YTDownloader^
C:\Users\DJENABOU\Desktop\SoftonicDownloader_pour_eclipse.exe =>Toolbar.Conduit^
~ Additionnel Scan: 325415 Items scanned in 00mn 58s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>Hijacker.Application
http://nicolascoolman.fr/pup-elex =>PUP.Elex
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://www.nicolascoolman.fr/blog/ =>PUP.RocketTab
http://nicolascoolman.fr/pup-ytdownloader =>PUP.YTDownloader
http://www.nicolascoolman.fr/blog/ =>Adware.Pirrit
http://nicolascoolman.fr/hijacker-trovicom =>Hijacker.TroviCom
http://www.nicolascoolman.fr/blog/ =>Hijacker.DeltaHomes
http://www.nicolascoolman.fr/blog/ =>PUP.Istart
http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://www.nicolascoolman.fr/blog/ =>Adware.StormFall
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://www.nicolascoolman.fr/blog/ =>PUP.Nosibay
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://www.nicolascoolman.fr/blog/ =>Adware.D365
http://www.nicolascoolman.fr/blog/ =>PUP.BoBrowser
http://nicolascoolman.fr/hijacker-webssearches =>Hijacker.WebsSearches
http://www.nicolascoolman.fr/blog/ =>PUP.CytiWeb
http://nicolascoolman.fr/pup-bubbledock =>PUP.BubbleDock
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolman.fr/adware-boxore =>Adware.Boxore
http://nicolascoolman.fr/pup-certifiedtoolbar =>PUP.CertifiedToolbar
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/pup-wajam =>PUP.Wajam
http://nicolascoolman.fr/pup-shopperpro =>PUP.ShopperPro
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/rogue-pcspeedup =>Rogue.PCSpeedUp
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/adware-downware =>Adware.Downware
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowser
http://nicolascoolman.fr/trojan-staser =>Trojan.Staser
http://nicolascoolman.fr/pup-re-markable =>PUP.Re-Markable
http://nicolascoolman.fr/pup-contentexplorer =>PUP.ContentExplorer
http://www.nicolascoolman.fr/blog/ =>PUP.DonutQuotes
http://www.nicolascoolman.fr/blog/ =>PUP.StormWatch
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
~ MSI: 44 link(s) detected in 00mn 00s
---\\ Alert Messages
WARNING : Hijacker Proxy found, Clean with ZHPCleaner Tool
~ 825 Legitimates filtered by white list
End of the scan (841 lines in 18mn 32s)(2.10)
~ Lancé par DJENABOU (09/05/2015 16:41:31)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17728
GCIE: Google Chrome v42.0.2311.135 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Server License Manager Script : OK
~ Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : KBRWQ
Windows License : OK
~ Windows Remaining Initializations Number : 997
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
Windows 8.1, 64-bit (Build 9600)
---\\ Logiciels de protection du système
Windows Defender W8 (Activate)
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Reader 9.2 Lite
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3992 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 203 GB (46%) free of 437 GB
---\\ Mode de connexion au système
~ Computer Name: PC-AW
~ User Name: DJENABOU
~ All Users Names: DJENABOU_2, DJENABOU, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\DJENABOU\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\DJENABOU\AppData\Roaming\
~ %Desktop% : C:\Users\DJENABOU\Desktop\
~ %Favorites% : C:\Users\DJENABOU\Favorites\
~ %LocalAppData% : C:\Users\DJENABOU\AppData\Local\
~ %StartMenu% : C:\Users\DJENABOU\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 203 Go of 437 Go)
D: Hard drive, Flash drive, Thumb drive (Free 11 Go of 11 Go)
E: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.C10A66189DC8C090E7C84873EDCEBC88] - (.Microsoft Corporation - Explorateur Windows.) (.28/01/2015 - 00:47:12.) -- C:\Windows\Explorer.exe [2501368]
[MD5.A570A64292214C43E0BA50E6A72A6380] - (.Microsoft Corporation - Application de démarrage de Windows.) (.29/10/2014 - 02:25:54.) -- C:\Windows\System32\Wininit.exe [145920]
[MD5.77B35D0FC22A2D2EAC8D07C3F9784DBF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/03/2015 - 03:45:57.) -- C:\Windows\System32\wininet.dll [2358784]
[MD5.EC498BAE1F0D3E0E401C963F8D76C437] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.29/10/2014 - 02:22:52.) -- C:\Windows\System32\Winlogon.exe [572416]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.18/03/2014 - 10:54:52.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.30/05/2014 - 04:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 10:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.D4B7ED39C7900384D9E5C1283F1E7926] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.24/07/2014 - 12:45:39.) -- C:\Windows\system32\Drivers\HDAudBus.sys [76800]
[MD5.49EE0AE9E5B64FFBBD06D55C4984B598] - (.Microsoft Corporation - Pilote de port i8042.) (.04/11/2014 - 07:54:54.) -- C:\Windows\system32\Drivers\i8042prt.sys [108544]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 10:54:55.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.31233271EDE50D1BBB220F78AFA60486] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.08/10/2014 - 08:32:10.) -- C:\Windows\system32\Drivers\MRxSmb.sys [405504]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.7F68063A5A0461E02BC860CE0E6BFDDC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.15/10/2014 - 09:32:37.) -- C:\Windows\system32\Drivers\ntfs.sys [2025792]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.1BD3022FD6E450B00DE560265638FD2A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.08/11/2014 - 04:58:31.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [112640]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.18/03/2014 - 10:37:57.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.64CA2B4A49A8EAF495E435623ECCE7DB] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/06/2014 - 03:13:36.) -- C:\Windows\system32\Drivers\volsnap.sys [310080]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/1548
~ Mon Bureau (My Desktop) : 5/61748
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 01mn 37s
---\\ Processus lancés
[MD5.AAADB99511FB994A44429FFAEB2E86CE] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe [368000] [PID.2792] =>PUP.Elex
[MD5.14E453FFBFD889F47CEA4EEA0BF00E24] - (.Client Connect LTD - Search Protect.) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe [6176016] [PID.3400] =>PUP.SearchProtect
[MD5.89A3DBB0B4B278A1F6193348B875C091] - (.Client Connect LTD - Search Protect.) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe [3722512] [PID.3712] =>PUP.SearchProtect
[MD5.189E2BF9EE10DE457959264E6F76096B] - (...) -- C:\Program Files (x86)\Search Extensions\Client.exe [2591232] [PID.1932] =>PUP.RocketTab
[MD5.85778366674083C3070834AE7A917214] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224] [PID.892]
[MD5.7EDA1D46618C2F5801E4A47D80AE89ED] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872] [PID.4776]
[MD5.A75AE3B84B6423CE6A088E80A2BC23C2] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256] [PID.5128]
[MD5.511E24EB9506E4740D71409F3FB13BC3] - (.YTDownloader - YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988456] [PID.5236] =>PUP.YTDownloader
[MD5.73FCAA8154F8FD71E71E7DC52A1BAF2A] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192] [PID.5576]
[MD5.E80335157A225AD734865ADF1F929FFB] - (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [111696] [PID.5592]
[MD5.F13DD392496A2EE4A868F14F437B8049] - (.YTDownloader - YTDownloader helper.) -- C:\Program Files (x86)\YTDownloader\DownloadHelper.exe [385896] [PID.2192] =>PUP.YTDownloader
[MD5.2727208EA26F6B6DA898AB6890417214] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8208384] [PID.5324]
[MD5.E0B386E7D36BC2459174EB251B9F7C2F] - (...) -- C:\Users\DJENABOU\AppData\Local\avaxvyyvyf\avaxvyyvyf.exe [2557952] [PID.0] =>Adware.Pirrit
[MD5.1E48B2E7173162BFD1202B4EF48A04DE] - (...) -- C:\Users\DJENABOU\AppData\Local\avaxvavya\avaxvavya.exe [2545664] [PID.0] =>PUP.SearchProtect
~ Processes Running: Scanned in 00mn 05s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\DJENABOU\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 07s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [DJENABOU - vdzFJpzy.default\abs@avira.com] [] Avira Browser Safety v1.4.0 (..)
M2 - MFEP: Extension [DJENABOU - vdzFJpzy.default] abs@avira.com
~ Firefox Browser: 8 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com =>Hijacker.TroviCom
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com =>Hijacker.DeltaHomes
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>PUP.Istart
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>PUP.Istart
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com =>Hijacker.DeltaHomes
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com =>PUP.Istart
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49270;https=127.0.0.1:49270 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\XTab\SupTab.dll =>PUP.SupTab
~ BHO: 9 Legitimates Filtered in 00mn 01s
---\\ Autres liens utilisateurs (O4)
O4 - GS\QuickLaunch [DJENABOU]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>PUP.Istart
O4 - GS\QuickLaunch [DJENABOU]: StormFall.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>Adware.StormFall
O4 - GS\TaskBar [DJENABOU]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>PUP.Istart
O4 - GS\Program [DJENABOU]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>PUP.Istart
O4 - GS\Desktop [DJENABOU]: StormFall.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>Adware.StormFall
O4 - GS\Desktop [DJENABOU]: YTDownloader.lnk . (.YTDownloader - YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe =>PUP.YTDownloader
~ Global Startup: 9 Legitimates Filtered in 00mn 56s
---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [DJENABOU]: MyPC Backup.lnk . (...) -- C:\Program Files (x86)\OLBPre\OLBPre.exe =>PUP.MyPCBackup
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\DJENABOU\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [WindApp] C:\Users\DJENABOU\AppData\Roaming\Store\WindApp\WindApp.exe (.not file.) =>PUP.Nosibay
O4 - HKCU\..\Run: [Selection Tools] C:\Users\DJENABOU\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe (.not file.) =>PUP.Nosibay
O4 - HKCU\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe =>PUP.YTDownloader
O4 - HKCU\..\RunOnce: [{90120000-006E-040C-0000-0000000FF1CE}] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKCU\..\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe =>PUP.YTDownloader
O4 - HKLM\..\Wow6432Node\Run: [OfferBoulevard] C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [HPMessageService] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [vmware-tray.exe] . (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe =>.VMware, Inc
O4 - HKUS\.DEFAULT\..\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-981081113-229050636-246977418-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-981081113-229050636-246977418-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\DJENABOU\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-981081113-229050636-246977418-1001\..\Run: [WindApp] C:\Users\DJENABOU\AppData\Roaming\Store\WindApp\WindApp.exe (.not file.) =>PUP.Nosibay
O4 - HKUS\S-1-5-21-981081113-229050636-246977418-1001\..\Run: [Selection Tools] C:\Users\DJENABOU\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe (.not file.) =>PUP.Nosibay
O4 - HKUS\S-1-5-21-981081113-229050636-246977418-1001\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe =>PUP.YTDownloader
O4 - HKUS\S-1-5-21-981081113-229050636-246977418-1001\..\RunOnce: [{90120000-006E-040C-0000-0000000FF1CE}] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-981081113-229050636-246977418-1001\..\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{078A88BB-6EE4-4C55-8142-66E1CBF1DB09}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{078A88BB-6EE4-4C55-8142-66E1CBF1DB09}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{078A88BB-6EE4-4C55-8142-66E1CBF1DB09}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{078A88BB-6EE4-4C55-8142-66E1CBF1DB09}: DhcpDomain = lan
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Client Connect LTD - Search Protect.) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll =>PUP.SearchProtect
~ AppInit DLL: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Search Protect Service (CltMngSvc) . (.Client Connect LTD - Search Protect.) - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe =>PUP.SearchProtect
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
O23 - Service: YAC Service (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>PUP.Elex
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.SysTool PasSame LIMITED - Windows SysTool Svr.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
O23 - Service: WinZiper service (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - dsk service.) - C:\Program Files (x86)\WinZipper\winzipersvc.exe =>Adware.D365
~ Services: 19 Legitimates Filtered in 00mn 08s
---\\ Tâches planifiées en automatique (O39)
[MD5.A2A78C3C6C9E03733B0668079710FFF4] [APT] [avaavaevy] (...) -- C:\Users\DJENABOU\AppData\Local\avaavaevy\avaavaevy.exe [2135552] =>PUP.SearchProtect
[MD5.CED18C00311FAB6557DAA7BFE9E3BA12] [APT] [avaavxvyex] (...) -- C:\Users\DJENABOU\AppData\Local\avaavxvyex\avaavxvyex.exe [2135552] =>Adware.Pirrit
[MD5.0516EC9A60AD9735C0FBA7702C0348C2] [APT] [avabvyxvdy] (...) -- C:\Users\DJENABOU\AppData\Local\avabvyxvdy\avabvyxvdy.exe [2135552] =>Adware.Pirrit
[MD5.1E48B2E7173162BFD1202B4EF48A04DE] [APT] [avaxvavya] (...) -- C:\Users\DJENABOU\AppData\Local\avaxvavya\avaxvavya.exe [2545664] =>PUP.SearchProtect
[MD5.E0B386E7D36BC2459174EB251B9F7C2F] [APT] [avaxvyyvyf] (...) -- C:\Users\DJENABOU\AppData\Local\avaxvyyvyf\avaxvyyvyf.exe [2557952] =>Adware.Pirrit
[MD5.A0BB20D973618C5A4D8F5B768114672F] [APT] [avayvaxvaa] (...) -- C:\Users\DJENABOU\AppData\Local\avayvaxvaa\avayvaxvaa.exe [2132992] =>Adware.Pirrit
[MD5.BB17BCF355B790BF81670C0CA87BA2EC] [APT] [avayvaxxvae] (...) -- C:\Users\DJENABOU\AppData\Local\avayvaxxvae\avayvaxxvae.exe [2136064] =>Adware.Pirrit
[MD5.0C933868B86589BCF344E115E25A23DF] [APT] [avayvxvaxc] (...) -- C:\Users\DJENABOU\AppData\Local\avayvxvaxc\avayvxvaxc.exe [2562048] =>Adware.Pirrit
[MD5.79780A03DECE16955A823E5A2D92B7FC] [APT] [LaunchPreSignup] (...) -- C:\Program Files (x86)\OLBPre\OLBPre.exe [1283584] =>PUP.MyPCBackup
[MD5.00000000000000000000000000000000] [APT] [PostPoneInstall] (...) -- C:\Users\DJENABOU\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe (.not file.) [0]
[MD5.189E2BF9EE10DE457959264E6F76096B] [APT] [RocketTab] (...) -- C:\Program Files (x86)\Search Extensions\Client.exe [2591232] =>PUP.RocketTab
[MD5.8C55A553B9DBEF325BA1667826A9521B] [APT] [RocketTab Update Task] (...) -- C:\Program Files (x86)\Search Extensions\uninstall.exe [6850560] =>PUP.RocketTab
[MD5.C387A73359542AAB558445AED3D951FB] [APT] [RunTool] (...) -- C:\Users\DJENABOU\AppData\Local\efe3728e-2035-4c56-8080-cb078d1d52e8\sysad.exe [701952]
[MD5.00000000000000000000000000000000] [APT] [Run_Bobby_Browser] (...) -- C:\Users\DJENABOU\AppData\Local\BoBrowser\Application\bobrowser.exe (.not file.) [0] =>PUP.BoBrowser
[MD5.511E24EB9506E4740D71409F3FB13BC3] [APT] [YTDownloader] (.YTDownloader.) -- C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988456] =>PUP.YTDownloader
[MD5.C018D3590861610C21DD67081426B42E] [APT] [YTDownloaderUpd] (.Goobzo.) -- C:\Program Files (x86)\YTDownloader\updater.exe [748392] =>PUP.YTDownloader
[MD5.1087BE1ED3E4CF8BAC3DFB8BCF76FACF] [APT] [{1BD87E01-D0DF-47CB-B732-0F9FF4724818}] (.Skytech Co., Ltd..) -- C:\Users\DJENABOU\AppData\Roaming\webssearches\UninstallManager.exe [1891840] =>Hijacker.WebsSearches
[MD5.00000000000000000000000000000000] [APT] [{C8E6D608-73EB-46C4-BBAD-E50138C765DF}] (...) -- C:\Program Files (x86)\Cyti Web\CytiWebUn.exe (.not file.) [0] =>PUP.CytiWeb
[MD5.00000000000000000000000000000000] [APT] [{ECE1F61D-2390-48C3-A7E1-52EDCF2B9E9B}] (...) -- C:\Users\DJENABOU\AppData\Roaming\Nosibay\Bubble Dock\Uninstall Bubble Dock.exe (.not file.) [0] =>PUP.BubbleDock
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-981081113-229050636-246977418-1001Core [930]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-981081113-229050636-246977418-1001UA [952]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1080]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForDJENABOU [356]
~ Scheduled Task: 40 Legitimates Filtered in 00mn 21s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (iSafeKrnl) . (.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys =>PUP.Elex
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys =>PUP.Elex
O41 - Driver: (iSafeKrnlMon) . (.Elex do Brasil Participações Ltda - YAC Monitor Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys =>PUP.Elex
O41 - Driver: (iSafeKrnlR3) . (.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys =>PUP.Elex
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys =>PUP.Elex
O41 - Driver: (MpKsl96390bff) . (. - .) - C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{29490CB2-28AD-4D7A-93C8-89EBEEAC5782}\MpKsl96390bff.sys (.not file.)
O41 - Driver: ({20915d52-1148-4fc2-8788-129eeb5e27dd}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{20915d52-1148-4fc2-8788-129eeb5e27dd}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({4622aef0-e33e-4e1f-9b62-ca3f18b46b25}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{4622aef0-e33e-4e1f-9b62-ca3f18b46b25}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({921265c3-88e5-40e1-8d74-df5314572900}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys =>PUP.LinkiDoo
~ Drivers: 56 Legitimates Filtered in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: MyPC Backup - (.MyPC Backup.) [HKLM][64Bits] -- OLBPre =>PUP.MyPCBackup
O42 - Logiciel: RocketTab - (.RocketTab.) [HKLM][64Bits] -- RocketTab =>PUP.RocketTab
O42 - Logiciel: Search Protect - (.Client Connect LTD.) [HKLM][64Bits] -- SearchProtect =>PUP.SearchProtect
O42 - Logiciel: Setup Support for SearchProtect - (.Sono Control Inc..) [HKLM][64Bits] -- Setup Support for SearchProtect =>PUP.SearchProtect
O42 - Logiciel: YAC(Yet Another Cleaner!) - (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM][64Bits] -- iSafe =>PUP.Elex
O42 - Logiciel: YTDownloader - (.YTDownloader.) [HKLM][64Bits] -- YTDownloader =>PUP.YTDownloader
O42 - Logiciel: webssearches uninstall - (.webssearches.) [HKLM][64Bits] -- webssearches uninstall =>Hijacker.WebsSearches
~ Logic: 45 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\BoBrowser] =>PUP.BoBrowser
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\Clubic]
[HKCU\Software\Coinis]
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKCU\Software\Kromtech]
[HKCU\Software\OB]
[HKCU\Software\ProductSetup] =>Adware.InstallCore
[HKCU\Software\RocketTabInstalled] =>PUP.RocketTab
[HKCU\Software\Search Extensions] =>PUP.RocketTab
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Store] =>PUP.Nosibay
[HKCU\Software\V9]
[HKCU\Software\WTools] =>PUP.Nosibay
[HKCU\Software\WajIEnhance] =>PUP.Wajam
[HKCU\Software\Wajam] =>PUP.Wajam
[HKCU\Software\YTDownloader] =>PUP.YTDownloader
[HKCU\Software\rttasks]
[HKLM\Software\ShopperPro] =>PUP.ShopperPro
[HKLM\Software\Wow6432Node\AIM Toolbar]
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.AskBar
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Clara]
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Elex-tech] =>PUP.Elex
[HKLM\Software\Wow6432Node\IVTCHECKUPDATE]
[HKLM\Software\Wow6432Node\IVTUPDATE]
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp
[HKLM\Software\Wow6432Node\SpeedBit]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\V9]
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\YTDownloader] =>PUP.YTDownloader
~ Key Software: 326 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/01/2015 - 22:11:08 - [] ----D C:\Program Files (x86)\Cyti Web =>PUP.CytiWeb
O43 - CFD: 05/05/2015 - 19:17:16 - [] ----D C:\Program Files (x86)\Elex-tech =>PUP.Elex
O43 - CFD: 08/05/2015 - 21:58:33 - [] ----D C:\Program Files (x86)\OLBPre =>PUP.MyPCBackup
O43 - CFD: 05/05/2015 - 20:56:33 - [] ----D C:\Program Files (x86)\Search Extensions =>PUP.RocketTab
O43 - CFD: 07/11/2014 - 17:39:00 - [] ----D C:\Program Files (x86)\swipl
O43 - CFD: 20/03/2015 - 11:45:13 - [] ----D C:\Program Files (x86)\XTab
O43 - CFD: 14/01/2015 - 23:30:03 - [] ----D C:\Program Files (x86)\YTDownloader =>PUP.YTDownloader
O43 - CFD: 23/04/2015 - 14:27:40 - [0] ----D C:\ProgramData\6f2b082e000070f7
O43 - CFD: 09/05/2015 - 16:10:47 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 05/05/2015 - 17:18:30 - [0] ----D C:\ProgramData\f130838300003823
O43 - CFD: 20/03/2015 - 11:44:33 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 29/04/2014 - 18:21:49 - [] ----D C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}
O43 - CFD: 23/01/2015 - 19:35:23 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
O43 - CFD: 23/01/2015 - 19:34:19 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
O43 - CFD: 23/01/2015 - 19:38:16 - [] R---D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
O43 - CFD: 18/03/2014 - 11:38:02 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 08/12/2014 - 10:40:15 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Paradigm
O43 - CFD: 21/04/2015 - 23:47:53 - [] ----D C:\Users\DJENABOU\AppData\Roaming\0C1F1L1G1L1B
O43 - CFD: 15/04/2015 - 11:13:44 - [] ----D C:\Users\DJENABOU\AppData\Roaming\0C1I2Y1S1L1R
O43 - CFD: 05/05/2015 - 19:17:15 - [] ----D C:\Users\DJENABOU\AppData\Roaming\Elex-tech =>PUP.Elex
O43 - CFD: 06/03/2015 - 15:48:51 - [] ----D C:\Users\DJENABOU\AppData\Roaming\imo.im
O43 - CFD: 25/01/2015 - 11:58:13 - [0] ----D C:\Users\DJENABOU\AppData\Roaming\Store =>PUP.Nosibay
O43 - CFD: 08/12/2014 - 10:56:31 - [] ----D C:\Users\DJENABOU\AppData\Roaming\VisualParadigm
O43 - CFD: 25/01/2015 - 11:55:16 - [] ----D C:\Users\DJENABOU\AppData\Roaming\VOPackage =>Adware.Downware
O43 - CFD: 23/01/2015 - 19:46:01 - [] ----D C:\Users\DJENABOU\AppData\Roaming\webssearches =>Hijacker.WebsSearches
O43 - CFD: 20/01/2015 - 22:08:46 - [0] ----D C:\Users\DJENABOU\AppData\Roaming\WTools =>PUP.Nosibay
O43 - CFD: 20/04/2015 - 09:22:30 - [] ----D C:\Users\DJENABOU\AppData\Local\avaavaevy =>PUP.SearchProtect
O43 - CFD: 25/03/2015 - 14:33:14 - [] ----D C:\Users\DJENABOU\AppData\Local\avaavxvyex =>PUP.SearchProtect
O43 - CFD: 09/05/2015 - 10:37:46 - [] ----D C:\Users\DJENABOU\AppData\Local\avabvyxvdy
O43 - CFD: 10/02/2015 - 17:29:19 - [] ----D C:\Users\DJENABOU\AppData\Local\avaxvavya =>PUP.SearchProtect
O43 - CFD: 11/02/2015 - 10:27:39 - [] ----D C:\Users\DJENABOU\AppData\Local\avaxvyyvyf =>PUP.SearchProtect
O43 - CFD: 27/02/2015 - 20:56:04 - [] ----D C:\Users\DJENABOU\AppData\Local\avayvaxvaa =>PUP.SearchProtect
O43 - CFD: 25/03/2015 - 14:33:12 - [] ----D C:\Users\DJENABOU\AppData\Local\avayvaxxvae =>PUP.SearchProtect
O43 - CFD: 20/02/2015 - 13:27:11 - [] ----D C:\Users\DJENABOU\AppData\Local\avayvxvaxc =>PUP.SearchProtect
O43 - CFD: 04/03/2015 - 23:05:47 - [] ----D C:\Users\DJENABOU\AppData\Local\BoBrowser =>PUP.BoBrowser
O43 - CFD: 16/01/2015 - 11:30:59 - [] ----D C:\Users\DJENABOU\AppData\Local\Boxore =>Adware.Boxore
O43 - CFD: 21/01/2015 - 18:18:20 - [] ----D C:\Users\DJENABOU\AppData\Local\CrossBrowser =>PUP.CrossBrowser
O43 - CFD: 21/01/2015 - 18:27:10 - [] ----D C:\Users\DJENABOU\AppData\Local\efe3728e-2035-4c56-8080-cb078d1d52e8
O43 - CFD: 12/12/2014 - 18:00:03 - [] -SH-D C:\Users\DJENABOU\AppData\Local\EmieBrowserModeList
O43 - CFD: 25/01/2015 - 11:55:20 - [] ----D C:\Users\DJENABOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware
O43 - CFD: 14/01/2015 - 23:30:04 - [] ----D C:\Users\DJENABOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader =>PUP.YTDownloader
~ Program Folder: 223 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0B947F36633EDE5821BD0EB45D931736] - 04/05/2015 - 10:21:09 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [53568] =>PUP.Elex
O44 - LFC:[MD5.9FB02FBA90F6AF59537A30C3DB9777C8] - 05/05/2015 - 18:17:22 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [52392] =>PUP.Elex
O44 - LFC:[MD5.B70EA6B00FD1D52C3CE78B82C53C3524] - 09/05/2015 - 15:21:38 ---A- . (...) -- C:\Windows\wininit.ini [72772]
~ Files: 13 Legitimates Filtered in 00mn 37s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.592E0CA9DC0F2FE55A390BAB7E85B94E] - 20/01/2015 - 19:56:50 ---A- - C:\Windows\Prefetch\BUBBLE DOCK.EXE-2DF77CBE.pf =>PUP.BubbleDock
O45 - LFCP:[MD5.0C7F113200CE4A73124BB2AD76EEB7A8] - 21/01/2015 - 17:18:02 ---A- - C:\Windows\Prefetch\CROSSBROWSER.EXE-ED93FD01.pf =>PUP.CrossBrowser
O45 - LFCP:[MD5.296E2E041117906631ECF59129EA1868] - 09/05/2015 - 15:15:00 ---A- - C:\Windows\Prefetch\ISAFETRAY.EXE-91550E03.pf =>Trojan.Staser
O45 - LFCP:[MD5.A2B5EF9AC41935B8E0AA9FC1FBE23BF1] - 09/05/2015 - 15:15:53 ---A- - C:\Windows\Prefetch\OLBPRE.EXE-5FD45ACB.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.58124E79DFDC8167676BD8F877CF34B7] - 23/01/2015 - 18:43:49 ---A- - C:\Windows\Prefetch\S6RE-MARKABLEZ42.EXE-2FCAF60E.pf =>PUP.Re-Markable
O45 - LFCP:[MD5.26B1BE577D6264B8BA5DD8F32A968F86] - 25/01/2015 - 10:55:32 ---A- - C:\Windows\Prefetch\SEARCHPROTECT_110514085255.EX-E15C46E3.pf =>PUP.SearchProtect
O45 - LFCP:[MD5.0A350E39310972299E2F059C07609AB5] - 20/01/2015 - 21:05:32 ---A- - C:\Windows\Prefetch\SELECTION TOOLS UNINSTALL.EXE-334A94C3.pf =>PUP.Nosibay
O45 - LFCP:[MD5.90944A5C4034D41C3958372554F8449D] - 09/05/2015 - 15:15:40 ---A- - C:\Windows\Prefetch\YTDOWNLOADER.EXE-DC808E8B.pf =>PUP.YTDownloader
~ Prefetcher: 8 Legitimates Filtered in 00mn 00s
---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bbqleads.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - bbqleadsapplication.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - bbqleadsservice.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - bbqquotes.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - ContentExplorer.exe - TaskList.exe =>PUP.ContentExplorer
O50 - IFEO:Image File Execution Options - donutleads.exe - TaskList.exe =>PUP.DonutQuotes
O50 - IFEO:Image File Execution Options - donutquotes.exe - TaskList.exe =>PUP.DonutQuotes
O50 - IFEO:Image File Execution Options - internetenhancer.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - internetenhancerservice.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - pastaleads.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - pastaquotes.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - theanswerfinder.exe - TaskList.exe
O50 - IFEO:Image File Execution Options - wajaminternetenhancer.exe - TaskList.exe =>PUP.Wajam
O50 - IFEO:Image File Execution Options - WajamInternetEnhancerApp.exe - TaskList.exe =>PUP.Wajam
O50 - IFEO:Image File Execution Options - WajamInternetEnhancerAppservice.exe - TaskList.exe =>PUP.Wajam
O50 - IFEO:Image File Execution Options - wajaminternetenhancerservice.exe - TaskList.exe =>PUP.Wajam
~ IFEO: Scanned in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{79dc8c74-a189-11e4-8296-3464a976279a}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "SafeModeBlockNonAdmins"=1
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:04/05/2015 - 10:21:09 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [53568] =>PUP.Elex
O58 - SDL:17/04/2015 - 03:43:55 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [52392] =>PUP.Elex
O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:20/01/2015 - 08:39:38 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{20915d52-1148-4fc2-8788-129eeb5e27dd}Gw64.sys [48784] =>PUP.LinkiDoo
O58 - SDL:22/01/2015 - 12:51:48 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{4622aef0-e33e-4e1f-9b62-ca3f18b46b25}Gw64.sys [48784] =>PUP.LinkiDoo
O58 - SDL:14/01/2015 - 09:36:40 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64.sys [48784] =>PUP.LinkiDoo
O58 - SDL:16/01/2015 - 13:37:02 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys [48784] =>PUP.LinkiDoo
~ Drivers: 68 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/05/2015 - 16:46:27 ---A- . (.tony do DLT..) -- C:\Users\DJENABOU\AppData\Local\Microsoft\Windows\INetCache\IE\DVREMM0M\wzpup_2015.5.05_4[1].exe [208326]
O61 - LFC: 05/05/2015 - 16:46:32 ---A- . (...) -- C:\Users\DJENABOU\AppData\Local\Microsoft\Windows\INetCache\IE\K7KEQPV2\zwz[1].exe [21823609]
O61 - LFC: 05/05/2015 - 16:46:40 ---A- . (...) -- C:\Users\DJENABOU\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin [269992]
O61 - LFC: 09/05/2015 - 16:46:01 ---A- . (...) -- C:\Users\DJENABOU\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]
~ 971 Fichiers temporaires (Temporary files)
~ Files: 21 Legitimates Filtered in 03mn 23s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Trovi search) - http://www.trovi.com =>Hijacker.TroviCom
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.delta-homes.com =>Hijacker.DeltaHomes
O69 - SBI: SearchScopes [HKCU] {18AB3065-5D68-4897-919F-357233A85F15} - (Propositions de recherche Amazon.fr) - http://www.delta-homes.com =>Hijacker.DeltaHomes
O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} - (e) - http://www.delta-homes.com =>Hijacker.DeltaHomes
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (delta-homes) - http://www.delta-homes.com =>Hijacker.DeltaHomes
O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - http://www.delta-homes.com =>Hijacker.DeltaHomes
~ Keys: Scanned in 00mn 00s
---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\DJENABOU\Desktop\AW\partager\AW_Licence3\semestre_6\DS 2011\Nouveau dossier\All\Internet.Download.Manager.v6.09.Beta.1.Keygen.and.Patch\idman609b.exe =>.Crack,Keygen
C:\Users\DJENABOU\Desktop\AW\partager\AW_Licence3\semestre_6\DS 2011\Nouveau dossier\All\Internet.Download.Manager.v6.09.Beta.1.Keygen.and.Patch\idman609b.exe =>.Crack,Keygen
~ Files: Scanned in 08mn 18s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.CBD73E9BF5EBA3167F369A57D528792B] [SPRF][22/01/2015] (.Pas de propriétaire - Ultra Setup Manager.) -- C:\Users\DJENABOU\Desktop\adblock-plus.exe [152504]
[MD5.10A5CD3FC0F672355F85A9B64934C908] [SPRF][04/11/2014] (...) -- C:\Users\DJENABOU\Desktop\avira_free_antivirus_fr.exe [151223664]
[MD5.CAB50FFB133D2362D1A4D76657A7993C] [SPRF][25/09/2011] (.The Code::Blocks Team - Code::Blocks cross-platform IDE.) -- C:\Users\DJENABOU\Desktop\codeblocks-10.05mingw-setup.exe [74027949]
[MD5.E98CDE742D584DAC869B28BFC19D1861] [SPRF][06/03/2015] (.Web Internet - Prog Generic Web Setup.) -- C:\Users\DJENABOU\Desktop\Malavida_Download_Manager.exe [725407]
[MD5.5961582A95615FF0ECF1C5EB2E70A756] [SPRF][13/10/2014] (.Pas de propriétaire - Application Installer.) -- C:\Users\DJENABOU\Desktop\SoftonicDownloader_pour_eclipse.exe [367464] =>Toolbar.Conduit
[MD5.6B11A6C9C63C24C9E66183CD37F4CCC6] [SPRF][07/11/2014] (.swi-prolog.org - Pas de description.) -- C:\Users\DJENABOU\Desktop\w32pl7126.exe [11699242]
~ Files: 6 Legitimates Filtered in 00mn 12s
---\\ Export de clés de registre aléatoires (O91)
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:060df2cd="alAl/YP/b/Af/X6/UxAp/X2/GxAk////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:0c230bcb="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:0dc3ee96="/P////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:0e93c3f3="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:1520c6f1="V/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:1c311243="alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:27ddcf6f="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:2d71d5ab="V/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:2e22d94e="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:340d3099="/P////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:37b7a6d8="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:38583bc3="Ml/2/CF/M//g/CZ////%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:3c09c42b="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:414bc593="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:48bd1aff="VP/l/C//N//l////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:51d2f2ea="IlAl/YP/HPAi/Xt/dxAu/YZ/J/Af/X6/Z/AM/X6/axAp/YP/alAf/Xt/axAr/B//VP/j/Cx/V//j/C
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:587b5709="V/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:6185d035="VP/h/CP/V//l////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:65114b36="VP/+////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:72758a5d="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:7367429f="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:7f69fa1f="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:8b9e4cbc="V/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:a0743acc="N/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:a1dcff5b="V/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:a2e3b941="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:bbf88800="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:c24899a6="VP/g/CV/Vl/1/CF////%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:c5705860="Vx////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:c6c5dd44="V/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:c99a5f5c="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:d1abcdb6="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:d94388d2="alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:e46c271e="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:e8f9dcc7="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:f0bf0bde="///%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:f1f24e29="Vl/l/C/////%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:f2c53c49="UlAr/XJ/c//k////"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:f6ad6fa6="VP/l/C//V/////%%"
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d\64757603312329620\eae10f9d]:fe94ce1e="V/////%%"
~ Export Key Software: Scanned in 00mn 00s
---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASAPI32 =>PUP.StormWatch
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASMANCS =>PUP.StormWatch
~ BTK: 126 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 11/01/2014 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 24/03/2015 107848 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/03/2015 107848 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Auto 18/02/2015 315488 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 22/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 28/12/2013 87384 | (ApHidMonitorService) . (.Alps Electric Co., Ltd..) - C:\Program Files\Apoint2K\HidMonitorSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 02/02/2015 3557136 | (CltMngSvc) . (.Client Connect LTD.) - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe =>PUP.SearchProtect
SR - | Auto 13/01/2014 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 09/10/2014 569608 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
SR - | Auto 08/11/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 20/03/2015 158816 | (IHProtect Service) . (.XTab system.) - C:\Program Files (x86)\XTab\ProtectService.exe =>Adware.AgentODR
SR - | Auto 04/05/2015 118048 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>PUP.Elex
SR - | Auto 08/01/2014 290520 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 27/08/2013 86096 | (VMAuthdService) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe =>.VMware, Inc
SR - | Auto 22/07/1658 0 | (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\system32\vmnetdhcp.exe
SR - | Auto 26/08/2013 904248 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
SR - | Auto 22/07/1658 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe
SR - | Auto 27/08/2013 14401104 | (VMwareHostd) . (...) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe =>.VMware, Inc
SR - | Demand 22/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 22/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 20/03/2015 499200 | (WindowsMangerProtect) . (.SysTool PasSame LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe =>PUP.Fuyu
SR - | Auto 04/05/2015 426160 | (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files (x86)\WinZipper\winzipersvc.exe =>Adware.D365
SR - | Demand 29/10/2014 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 19s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by DJENABOU at 09/05/2015 16:59:01
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by DJENABOU at 09/05/2015 16:59:03
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13008 - (05/05/2015)
Clés trouvées (Keys found) : 33
Valeurs trouvées (Values found) : 9
Dossiers trouvés (Folders found) : 27
Fichiers trouvés (Files found) : 37
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc] =>PUP.SearchProtect^
[HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service] =>Adware.AgentODR^
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService] =>PUP.Elex^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect] =>PUP.Fuyu^
[HKLM\SYSTEM\CurrentControlSet\Services\winzipersvc] =>Adware.D365^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre] =>PUP.MyPCBackup^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab] =>PUP.RocketTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.SearchProtect^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Setup Support for SearchProtect] =>PUP.SearchProtect^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe] =>PUP.Elex^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader] =>PUP.YTDownloader^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall] =>Hijacker.WebsSearches^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\Softonic] =>PUP.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>PUP.Conduit
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKCU\Software\HomeTab] =>PUP.CertifiedToolbar
[HKLM\Software\Wow6432Node\delta-homesSoftware] =>Toolbar.DeltaSearch
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:WindApp =>PUP.Nosibay^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:YTDownloader =>PUP.YTDownloader^
C:\Program Files (x86)\Cyti Web =>PUP.CytiWeb^
C:\Program Files (x86)\Elex-tech =>PUP.Elex^
C:\Program Files (x86)\OLBPre =>PUP.MyPCBackup^
C:\Program Files (x86)\Search Extensions =>PUP.RocketTab^
C:\Program Files (x86)\YTDownloader =>PUP.YTDownloader^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\Users\DJENABOU\AppData\Roaming\Elex-tech =>PUP.Elex^
C:\Users\DJENABOU\AppData\Roaming\Store =>PUP.Nosibay^
C:\Users\DJENABOU\AppData\Roaming\VOPackage =>Adware.Downware^
C:\Users\DJENABOU\AppData\Roaming\webssearches =>Hijacker.WebsSearches^
C:\Users\DJENABOU\AppData\Roaming\WTools =>PUP.Nosibay^
C:\Users\DJENABOU\AppData\Local\avaavaevy =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avaavxvyex =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avaxvavya =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avaxvyyvyf =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avayvaxvaa =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avayvaxxvae =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avayvxvaxc =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\BoBrowser =>PUP.BoBrowser^
C:\Users\DJENABOU\AppData\Local\Boxore =>Adware.Boxore^
C:\Users\DJENABOU\AppData\Local\CrossBrowser =>PUP.CrossBrowser^
C:\Users\DJENABOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware^
C:\Users\DJENABOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader =>PUP.YTDownloader^
C:\Program Files (x86)\SearchProtect =>PUP.Conduit
C:\Program Files (x86)\Software =>Adware.Boxore
C:\Users\DJENABOU\AppData\Local\SearchProtect =>PUP.Conduit
C:\Users\DJENABOU\AppData\Local\Software =>Adware.Boxore
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe =>PUP.Elex^
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe =>PUP.SearchProtect^
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe =>PUP.SearchProtect^
C:\Program Files (x86)\Search Extensions\Client.exe =>PUP.RocketTab^
C:\Program Files (x86)\YTDownloader\YTDownloader.exe =>PUP.YTDownloader^
C:\Program Files (x86)\YTDownloader\DownloadHelper.exe =>PUP.YTDownloader^
C:\Users\DJENABOU\AppData\Local\avaxvyyvyf\avaxvyyvyf.exe =>Adware.Pirrit^
C:\Users\DJENABOU\AppData\Local\avaxvavya\avaxvavya.exe =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avaavaevy\avaavaevy.exe =>PUP.SearchProtect^
C:\Users\DJENABOU\AppData\Local\avaavxvyex\avaavxvyex.exe =>Adware.Pirrit^
C:\Users\DJENABOU\AppData\Local\avabvyxvdy\avabvyxvdy.exe =>Adware.Pirrit^
C:\Users\DJENABOU\AppData\Local\avayvaxvaa\avayvaxvaa.exe =>Adware.Pirrit^
C:\Users\DJENABOU\AppData\Local\avayvaxxvae\avayvaxxvae.exe =>Adware.Pirrit^
C:\Users\DJENABOU\AppData\Local\avayvxvaxc\avayvxvaxc.exe =>Adware.Pirrit^
C:\Program Files (x86)\OLBPre\OLBPre.exe =>PUP.MyPCBackup^
C:\Program Files (x86)\Search Extensions\uninstall.exe =>PUP.RocketTab^
C:\Program Files (x86)\YTDownloader\updater.exe =>PUP.YTDownloader^
C:\Users\DJENABOU\AppData\Roaming\webssearches\UninstallManager.exe =>Hijacker.WebsSearches^
[HKCU\Software\BoBrowser] =>PUP.BoBrowser^
[HKCU\Software\ProductSetup] =>Adware.InstallCore^
[HKCU\Software\RocketTabInstalled] =>PUP.RocketTab^
[HKCU\Software\Search Extensions] =>PUP.RocketTab^
[HKCU\Software\Store] =>PUP.Nosibay^
[HKCU\Software\WTools] =>PUP.Nosibay^
[HKCU\Software\WajIEnhance] =>PUP.Wajam^
[HKCU\Software\Wajam] =>PUP.Wajam^
[HKCU\Software\YTDownloader] =>PUP.YTDownloader^
[HKLM\Software\ShopperPro] =>PUP.ShopperPro^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\Elex-tech] =>PUP.Elex^
[HKLM\Software\Wow6432Node\SPPDCOM] =>Rogue.PCSpeedUp^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\ba34eeed-d225-dcf1-879d-45f6afe2917d] =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\YTDownloader] =>PUP.YTDownloader^
C:\Users\DJENABOU\Desktop\SoftonicDownloader_pour_eclipse.exe =>Toolbar.Conduit^
~ Additionnel Scan: 325415 Items scanned in 00mn 58s
---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>Hijacker.Application
http://nicolascoolman.fr/pup-elex =>PUP.Elex
http://nicolascoolman.fr/pup-searchprotect =>PUP.SearchProtect
http://www.nicolascoolman.fr/blog/ =>PUP.RocketTab
http://nicolascoolman.fr/pup-ytdownloader =>PUP.YTDownloader
http://www.nicolascoolman.fr/blog/ =>Adware.Pirrit
http://nicolascoolman.fr/hijacker-trovicom =>Hijacker.TroviCom
http://www.nicolascoolman.fr/blog/ =>Hijacker.DeltaHomes
http://www.nicolascoolman.fr/blog/ =>PUP.Istart
http://nicolascoolman.fr/hijacker-proxy =>Hijacker.Proxy
http://nicolascoolman.fr/pup-suptab =>PUP.SupTab
http://www.nicolascoolman.fr/blog/ =>Adware.StormFall
http://nicolascoolman.fr/pup-mypcbackup =>PUP.MyPCBackup
http://www.nicolascoolman.fr/blog/ =>PUP.Nosibay
http://www.nicolascoolman.fr/blog/ =>Adware.AgentODR
http://www.nicolascoolman.fr/blog/ =>PUP.Fuyu
http://www.nicolascoolman.fr/blog/ =>Adware.D365
http://www.nicolascoolman.fr/blog/ =>PUP.BoBrowser
http://nicolascoolman.fr/hijacker-webssearches =>Hijacker.WebsSearches
http://www.nicolascoolman.fr/blog/ =>PUP.CytiWeb
http://nicolascoolman.fr/pup-bubbledock =>PUP.BubbleDock
http://nicolascoolman.fr/pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolman.fr/adware-boxore =>Adware.Boxore
http://nicolascoolman.fr/pup-certifiedtoolbar =>PUP.CertifiedToolbar
http://nicolascoolman.fr/adware-installcore =>Adware.InstallCore
http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.fr/pup-wajam =>PUP.Wajam
http://nicolascoolman.fr/pup-shopperpro =>PUP.ShopperPro
http://www.nicolascoolman.fr/blog/ =>Toolbar.AskBar
http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster
http://nicolascoolman.fr/rogue-pcspeedup =>Rogue.PCSpeedUp
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/adware-downware =>Adware.Downware
http://www.nicolascoolman.fr/blog/ =>PUP.CrossBrowser
http://nicolascoolman.fr/trojan-staser =>Trojan.Staser
http://nicolascoolman.fr/pup-re-markable =>PUP.Re-Markable
http://nicolascoolman.fr/pup-contentexplorer =>PUP.ContentExplorer
http://www.nicolascoolman.fr/blog/ =>PUP.DonutQuotes
http://www.nicolascoolman.fr/blog/ =>PUP.StormWatch
http://nicolascoolman.fr/pup-v9software =>PUP.V9Software
http://nicolascoolman.fr/toolbar-ask =>Toolbar.Ask
http://www.nicolascoolman.fr/blog/ =>PUP.Conduit
http://nicolascoolman.fr/toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerPro
~ MSI: 44 link(s) detected in 00mn 00s
---\\ Alert Messages
WARNING : Hijacker Proxy found, Clean with ZHPCleaner Tool
~ 825 Legitimates filtered by white list
End of the scan (841 lines in 18mn 32s)(2.10)